Het is nu vr mei 24, 2013 8:43 pm

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles

Alle tijden zijn GMT + 1 uur [ Zomertijd ]



Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  Pagina 1 van 1
  [ 8 berichten ] 
  Afdrukweergave Vorig onderwerp | Volgend onderwerp 
Auteur Bericht
esarvie
 Berichttitel: Vervelende pop ups
BerichtGeplaatst: zo dec 10, 2006 6:09 pm 
Offline
Lid

Geregistreerd: zo dec 10, 2006 5:58 pm
Berichten: 5
Ik krijg telkens vervelende pop ups als ik aan het browsen ben met IE 7 Het is begonnen na een istallatie van messenger plus live . Heb al gescanned met ewido, panda online. ook al een atf clean gedaan.
Ik gebruik de firewall commodo. Hij vraag me nu regelmatig of ik het programma "JUGSSTART.EXE" en "TRANSCAMP.EXE" wil blokkeren. Heeft iemand een idee ? hier is het logje

Dank bij voorbaat
Ronnie

Logfile of HijackThis v1.99.1
Scan saved at 17:04:46, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Hijack This\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.di.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CLOCK WARN DEAD CASH] C:\Documents and Settings\All Users\Application Data\Bleh axis clock warn\TRANSCAMP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bowsoption] C:\DOCUME~1\RONNIE~1\APPLIC~1\INTRAL~1\JUGSSTART.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?912429a476ad46bd9ab0de766d1769c2
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?912429a476ad46bd9ab0de766d1769c2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {2FDEACE3-43F7-4E3C-B4A6-094DAAA343DC} (CFreeDigital) - https://secured.payvisionservices.com/f ... igital.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74 ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Omhoog
 Profiel  
 
Thor
 Berichttitel:
BerichtGeplaatst: zo dec 10, 2006 6:33 pm 
Offline
VIP
Avatar gebruiker

Geregistreerd: do dec 15, 2005 12:35 pm
Berichten: 11477
Woonplaats: West-Vlaanderen, België
Besturingssysteem: XP Pro SP3
Bescherming: Avira AntiVir
Hallo esarvie,

1. Download: deljob.bat
    Sla het bestandje op je Bureaublad op en dubbelklik er op.
    Een schermpje zal even openen en snel weer sluiten, er opent ook een tekstbestandje: logit.txt
    Post de inhoud van dit tekstbestandje (dat je ook op je Bureaublad terugvindt) in je volgende bericht.
2. Run HijackThis nog een keer en plaats een vinkje bij de volgende items, indien nog aanwezig:
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
    O4 - HKLM\..\Run: [CLOCK WARN DEAD CASH] C:\Documents and Settings\All Users\Application Data\Bleh axis clock warn\TRANSCAMP.exe
    O4 - HKCU\..\Run: [bowsoption] C:\DOCUME~1\RONNIE~1\APPLIC~1\INTRAL~1\JUGSSTART.exe
Sluit alle open vensters zodat je nog enkel HijackThis hebt open staan. Klik daarna op Fix checked en sluit HijackThis af.

3. Verwijder via Windows Verkenner volgende mappen :
    C:\Documents and Settings\All Users\Application Data\Bleh axis clock warn
    C:\Documents and Settings\RONNIE~1\Application Data\INTRAL~1 (naam userprofile en map zijn hier afgekort voorgesteld)
4. Download Combofix naar je Bureaublad.
      Dubbelklik Combofix.exe
      Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post samen met een nieuw HijackThis log.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
5. * Clean de Cache and Cookies in IE:
  • Sluit Internet Explorer.
  • Ga naar Configuratiescherm > Internet Opties > tab Algemeen
  • Klik de Cookies verwijderen knop
  • Klik op de Bestanden verwijderen knop ernaast
  • Vink aan: Ook alle off line items verwijderen, klik OK
* Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):
  • Go to Extra > Opties.
  • Klik Privacy in het menu.
  • Klik op de knop wissen (Geschiedenis, Cookies, Cache).
  • Klik OK om het venster opnieuw te sluiten.
* Clean andere Temporary files + Prullenbak
  • Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
  • Laat het je systeem scannen op bestanden die moeten verwijderd worden
  • Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
  • Klik daarna op OK.
6. Download Dr.Web CureIt naar je Bureaublad:
  • Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
  • Indien een popup verschijnt met het voorstel tot kopen/50% korting,
    mag je deze sluiten met het kruisje.
  • Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  • Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
  • Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  • Klik daarna de groene pijl rechts om de scan te starten.
  • Klik Yes to all wanneer er gevraagd wordt om cure of move uit te voeren.
  • Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: Afbeelding
  • Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer Move incurable zoals je hier ziet:
    Afbeelding
    Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
  • Nadat de scan gedaan is, in het menu bovenaan, klik File en kies Save report List. Bewaar het op je Bureaublad.
  • Sluit daarna Dr.Web Cureit.
  • Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
  • Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Post ook het Combofix log, het tekstbestandje van deljob.bat ([b]logit.txt), alsook een vers HijackThis logje[/b].

Groeten,
Thor

_________________
Vragen en antwoorden horen in uw topic, PM wordt niet beantwoord.
AfbeeldingAfbeelding
Omhoog
 Profiel  
 
esarvie
 Berichttitel:
BerichtGeplaatst: zo dec 10, 2006 7:24 pm 
Offline
Lid

Geregistreerd: zo dec 10, 2006 5:58 pm
Berichten: 5
Hier het bestandje

FILES IN TASKS DIR

20061012_111600_Backup van Mijn Afbeeldingen.job
A9DDB46D93F62A11.job
AppleSoftwareUpdate.job
Controleren op updates voor Windows Live Toolbar.job
MP Scheduled Scan.job
XoftSpySE.job
--------------------------------------------------------
LOP-FILES FOUND

A9DDB46D93F62A11.job
--------------------------------------------------------
FILES AFTER DELETION

20061012_111600_Backup van Mijn Afbeeldingen.job
AppleSoftwareUpdate.job
Controleren op updates voor Windows Live Toolbar.job
MP Scheduled Scan.job
XoftSpySE.job
--------------------------------------------------------
EXPORT APP DATA FOLDERS
--------------------------------------------------------
De volumenaam van station C is Number One
Het volumenummer is C816-AA15

Map van C:\Documents and Settings\Ronnie Driessens\Application Data

07/10/2006 19:37 <DIR> Adobe
07/10/2006 19:22 <DIR> AdobeUM
20/09/2006 17:53 <DIR> Ahead
14/07/2006 15:23 <DIR> APPLEC~1 Apple Computer
20/05/2006 19:54 <DIR> ArcSoft
28/05/2006 16:02 <DIR> Atari
02/12/2006 22:03 <DIR> ATI
09/10/2006 09:35 <DIR> AVG7
13/10/2006 11:59 <DIR> CEZEOS~1 CEZEO software
17/10/2006 09:35 <DIR> Comodo
20/05/2006 18:12 <DIR> CYBERL~1 CyberLink
09/10/2006 09:18 <DIR> CYBERP~1 CyberPatrol Client
09/10/2006 14:55 <DIR> DivX
02/10/2006 15:21 26.604 DOORLI~1.ADR Door lijstscheidingstekens gescheiden waarden (Windows).ADR
02/10/2006 15:21 10.760 DOORLI~1.EML Door lijstscheidingstekens gescheiden waarden (Windows).EML
23/08/2006 22:19 <DIR> Google
20/05/2006 23:08 <DIR> Help
30/11/2006 19:12 <DIR> ICAClient
06/10/2006 18:05 <DIR> IDENTI~1 Identities
09/12/2006 21:34 <DIR> INTRAL~1 IntraLessFilm
01/12/2006 21:00 <DIR> Itsth
20/06/2006 19:16 <DIR> JASCSO~1 Jasc Software Inc
26/06/2006 16:34 <DIR> Lavasoft
28/05/2006 10:42 <DIR> LEADER~1 Leadertech
01/12/2006 09:29 <DIR> LIT
03/12/2006 15:46 <DIR> MACROM~1 Macromedia
20/05/2006 23:23 <DIR> MAGIX
28/11/2006 22:19 1.835 mainhst.zgh
06/10/2006 17:41 <DIR> Mozilla
01/12/2006 15:23 <DIR> OfficeUpdate12
24/11/2006 09:43 <DIR> Opera
01/12/2006 10:08 <DIR> PKWARE
06/09/2006 19:23 <DIR> Skype
20/11/2006 19:53 <DIR> SONYER~1 Sony Ericsson
20/05/2006 19:25 <DIR> Sun
07/10/2006 20:19 <DIR> Symantec
06/10/2006 17:41 <DIR> Talkback
20/11/2006 19:53 <DIR> Teleca
08/12/2006 22:19 <DIR> Tenebril
01/12/2006 21:10 <DIR> Tonbrand
17/11/2006 16:43 <DIR> Toshiba
08/07/2006 18:08 <DIR> TUNEUP~1 TuneUp Software
29/11/2006 22:09 <DIR> Windows Desktop Search
24/09/2006 15:39 <DIR> Zylom
3 bestand(en) 39.199 bytes
41 map(pen) 33.062.096.896 bytes beschikbaar
De volumenaam van station C is Number One
Het volumenummer is C816-AA15

Map van C:\Documents and Settings\All Users\Application Data

07/10/2006 19:50 <DIR> Adobe
06/06/2006 16:12 <DIR> Ahead
18/10/2006 14:39 <DIR> APPLEC~1 Apple Computer
10/12/2006 08:00 <DIR> avg7
10/12/2006 15:57 <DIR> BLEHAX~1 Bleh axis clock warn
17/10/2006 09:35 <DIR> Comodo
20/05/2006 18:11 <DIR> CYBERL~1 CyberLink
20/05/2006 15:53 <DIR> eConsole
23/08/2006 20:57 <DIR> Google
09/10/2006 07:22 <DIR> Grisoft
06/09/2006 19:31 1.901 HPZINS~1.LOG hpzinstall.log
20/06/2006 19:17 <DIR> INSTAL~1 InstallShield
03/12/2006 15:45 <DIR> MACROV~1 Macrovision
20/05/2006 22:03 <DIR> MAGIX
04/12/2006 18:29 <DIR> MICROS~2 Microsoft Corporation
09/12/2006 22:19 <DIR> Microsoft Help
05/12/2006 15:47 <DIR> MSSCAN~1 MSScanAppDataDir
20/05/2006 20:36 <DIR> NTIDVD~1 NtiDvdCopy
01/12/2006 10:07 <DIR> PKWARE
24/11/2006 16:58 1.759 QTSBAN~1 QTSBandwidthCache
06/09/2006 19:33 <DIR> SNAPST~1 SnapStream
20/11/2006 19:51 <DIR> SONYER~1 Sony Ericsson
03/12/2006 10:25 <DIR> SPYBOT~1 Spybot - Search & Destroy
07/10/2006 20:19 <DIR> Symantec
20/11/2006 19:51 <DIR> Teleca
09/12/2006 21:53 <DIR> Tenebril
08/07/2006 18:08 <DIR> TUNEUP~1 TuneUp Software
11/06/2006 17:45 <DIR> WINDOW~1 Windows Genuine Advantage
29/08/2006 09:56 <DIR> WINDOW~2 Windows Live Toolbar
24/06/2006 17:14 <DIR> Zylom
2 bestand(en) 3.660 bytes
28 map(pen) 33.062.092.800 bytes beschikbaar
--------------------------------------------------------
Omhoog
 Profiel  
 
esarvie
 Berichttitel:
BerichtGeplaatst: zo dec 10, 2006 8:31 pm 
Offline
Lid

Geregistreerd: zo dec 10, 2006 5:58 pm
Berichten: 5
Ronnie Driessens - 06-12-10 19:30:09,12 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Ronnie Driessens\Bureaublad"

((((((((((((((((((((((((((((((( Files Created from 2006-11-10 to 2006-12-10 ))))))))))))))))))))))))))))))))))


2006-12-10 17:04 <DIR> d-------- C:\Program Files\Hijack This
2006-12-10 15:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-10 13:15 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-09 21:23 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-09 21:23 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-08 22:19 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Tenebril
2006-12-08 22:04 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2006-12-08 22:04 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2006-12-08 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2006-12-07 20:08 <DIR> d-------- C:\Program Files\IntraLessFilm
2006-12-07 08:49 <DIR> d-------- C:\Program Files\Windows Defender
2006-12-06 06:52 <DIR> d-------- C:\Program Files\Windows Defender(2)
2006-12-05 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2006-12-05 15:05 <DIR> d-------- C:\Program Files\Visicom Media
2006-12-05 08:08 <DIR> d-------- C:\Program Files\PopTray
2006-12-04 18:29 <DIR> d-------- C:\WINDOWS\Performance
2006-12-04 18:29 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2006-12-04 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2006-12-04 16:26 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-04 16:26 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-04 16:26 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2006-12-04 16:24 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-03 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2006-12-03 15:23 <DIR> d-------- C:\Program Files\Common Files\Vbox
2006-12-03 15:22 777,728 --a------ C:\WINDOWS\system32\SSLSVC.DLL
2006-12-03 15:22 72,192 --a------ C:\WINDOWS\unlite3.exe
2006-12-03 15:22 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2006-12-03 15:22 69,632 --a------ C:\WINDOWS\system32\CFSDebug.dll
2006-12-03 15:22 69,632 --a------ C:\WINDOWS\system32\CFRegExp.dll
2006-12-03 15:22 69,632 --a------ C:\WINDOWS\system32\CFFtp.dll
2006-12-03 15:22 506,368 --a------ C:\WINDOWS\system32\ftppro32.dll
2006-12-03 15:22 487,424 --a------ C:\WINDOWS\system32\cfvalidator.dll
2006-12-03 15:22 446,464 --a------ C:\WINDOWS\system32\cfssvradmin.dll
2006-12-03 15:22 40,960 --a------ C:\WINDOWS\system32\cfmsg.dll
2006-12-03 15:22 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2006-12-03 15:22 28,672 --a------ C:\WINDOWS\system32\xml_datagrove.dll
2006-12-03 15:22 270,336 --a------ C:\WINDOWS\system32\CfShellFtpRds.dll
2006-12-03 15:22 143,360 --a------ C:\WINDOWS\system32\CFFileProxy.dll
2006-12-03 15:22 114,688 --a------ C:\WINDOWS\system32\lang_cfml.dll
2006-12-03 15:22 110,592 --a------ C:\WINDOWS\system32\CfRds.dll
2006-12-03 15:22 1,507,328 --a------ C:\WINDOWS\system32\cfmlvalidator.dll
2006-12-03 15:22 <DIR> d-------- C:\Program Files\Bradbury
2006-12-03 15:20 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2006-12-03 15:20 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2006-12-03 15:19 <DIR> d-------- C:\Program Files\Macromedia
2006-12-03 15:17 <DIR> d-------- C:\Dreamweaver
2006-12-02 22:03 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\ATI
2006-12-02 22:00 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-12-02 21:59 <DIR> d-------- C:\Program Files\ATI Technologies
2006-12-02 21:59 <DIR> d-------- C:\ATI
2006-12-02 21:25 <DIR> dr-h----- C:\Documents and Settings\Ronnie Driessens\Onlangs geopend
2006-12-01 21:22 <DIR> d-------- C:\Program Files\FavoriteSync
2006-12-01 21:10 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Tonbrand
2006-12-01 21:00 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Itsth
2006-12-01 14:39 <DIR> d-------- C:\Program Files\Blaze Composer
2006-12-01 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PKWARE
2006-12-01 10:06 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\PKWARE
2006-12-01 10:02 <DIR> d-------- C:\Program Files\PKWARE
2006-12-01 10:02 <DIR> d-------- C:\Program Files\Common Files\PKWARE
2006-12-01 09:29 <DIR> d-------- C:\Program Files\Carrefour Offline Software
2006-12-01 09:29 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\LIT
2006-11-30 19:15 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\OfficeUpdate12
2006-11-30 19:12 <DIR> d-------- C:\Program Files\Citrix
2006-11-30 19:12 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\ICAClient
2006-11-30 16:31 <DIR> d-------- C:\Program Files\FTP Commander
2006-11-29 22:09 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Windows Desktop Search
2006-11-29 22:08 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-29 22:08 <DIR> d-------- C:\Program Files\Windows Desktop Search
2006-11-29 22:07 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-29 21:34 <DIR> d-------- C:\Program Files\MSBuild
2006-11-29 21:34 <DIR> d-------- C:\Program Files\Microsoft Visual Studio
2006-11-29 21:34 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-29 21:33 <DIR> d-------- C:\Program Files\Microsoft.NET
2006-11-29 21:33 <DIR> d-------- C:\Program Files\Microsoft Works
2006-11-29 21:28 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2006-11-29 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2006-11-29 20:18 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2006-11-29 11:56 <DIR> d-------- C:\Program Files\Toshiba
2006-11-28 22:27 724,992 --a------ C:\WINDOWS\iun6002.exe
2006-11-28 22:27 <DIR> d-------- C:\zipitpro
2006-11-28 10:29 <DIR> d-------- C:\Program Files\X-Setup Pro
2006-11-28 08:36 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\.jenny
2006-11-27 21:20 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-11-27 21:20 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-11-27 21:20 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-11-27 21:20 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-11-27 21:20 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-11-27 21:20 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-11-27 21:20 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-11-24 16:57 <DIR> d-------- C:\Program Files\iTunes
2006-11-24 16:57 <DIR> d-------- C:\Program Files\iPod
2006-11-24 16:56 <DIR> d-------- C:\Program Files\QuickTime
2006-11-24 13:28 5,218 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-24 13:00 14,848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-11-24 12:53 <DIR> d-------- C:\Program Files\XoftSpySE
2006-11-24 09:43 <DIR> d-------- C:\Program Files\Opera
2006-11-24 09:43 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Opera
2006-11-22 14:21 <DIR> d-------- C:\Program Files\MixMeister BPM Analyzer
2006-11-22 14:04 <DIR> d-------- C:\TonioWare
2006-11-20 19:53 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Teleca
2006-11-20 19:53 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Sony Ericsson
2006-11-20 19:51 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2006-11-20 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2006-11-20 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2006-11-20 19:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2006-11-20 19:44 <DIR> d-------- C:\Program Files\Sony Ericsson
2006-11-20 19:36 <DIR> d-------- C:\Program Files\Photocopier
2006-11-19 09:39 <DIR> d-------- C:\Program Files\Common Files\MagicDVDCopier
2006-11-17 16:43 <DIR> d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Toshiba
2006-11-14 16:01 <DIR> d-------- C:\WINDOWS\temp
2006-11-14 15:43 <DIR> d-------- C:\Program Files\Ashampoo


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-10 16:24 -------- d-------- C:\Program Files\Windows Media Player
2006-12-10 16:24 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-12-10 16:24 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-10 16:24 -------- d-------- C:\Program Files\SPAMfighter
2006-12-10 16:22 -------- d-------- C:\Program Files\Picasa2
2006-12-10 16:22 -------- d-------- C:\Program Files\MSN Messenger
2006-12-10 16:15 -------- d-------- C:\Program Files\Internet Explorer
2006-12-10 16:14 -------- d-------- C:\Program Files\Google
2006-12-09 22:19 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-09 21:10 -------- d-------- C:\Program Files\Mozilla Firefox 2 Beta 2
2006-12-08 16:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-08 16:31 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-08 16:12 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-08 16:12 -------- d-------- C:\Program Files\Messenger
2006-12-08 16:12 -------- d-------- C:\Program Files\LimeWire
2006-12-08 16:12 -------- d-------- C:\Program Files\DivX
2006-12-08 16:12 -------- d-------- C:\Program Files\Acoustica Mixcraft
2006-12-05 13:56 -------- d---s---- C:\Documents and Settings\Ronnie Driessens\Application Data\Microsoft
2006-12-03 15:46 -------- d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Macromedia
2006-12-03 15:23 -------- d-------- C:\Program Files\Common Files
2006-11-29 21:34 -------- d-------- C:\Program Files\Microsoft Office
2006-11-29 12:28 -------- d-------- C:\Program Files\MagicDVDCopier
2006-11-29 11:21 -------- d-------- C:\Program Files\Grisoft
2006-11-28 22:19 1835 --a------ C:\Documents and Settings\Ronnie Driessens\Application Data\mainhst.zgh
2006-11-14 15:33 -------- d-------- C:\Program Files\Free Audio Pack
2006-11-14 15:31 -------- d-------- C:\Program Files\Canon
2006-11-12 14:48 -------- d-------- C:\Program Files\Java
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 13:47 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-04 13:47 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-04 13:47 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-04 13:47 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-04 13:47 18240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-02 23:35 8271872 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-02 22:53 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-02 22:52 257536 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-02 22:50 7680 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 11:52 42496 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-11-01 09:57 1138688 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-30 18:29 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-26 16:45 -------- d-------- C:\Program Files\Ant Movie Catalog
2006-10-23 17:45 -------- d-------- C:\Program Files\Copernic Desktop Search
2006-10-20 09:55 -------- d-------- C:\Program Files\Collectorz.com
2006-10-19 17:25 -------- d-------- C:\Program Files\Apple Software Update
2006-10-19 14:55 258048 --------- C:\WINDOWS\system32\oeph.dll
2006-10-19 14:46 11264 --------- C:\WINDOWS\system32\oephRes.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 14:46 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-18 14:46 -------- d-------- C:\Program Files\Adobe
2006-10-17 22:53 98304 --------- C:\WINDOWS\system32\mssitlb.dll
2006-10-17 22:53 76288 --------- C:\WINDOWS\system32\searchfilterhost.exe
2006-10-17 22:53 735232 --------- C:\WINDOWS\system32\propsys.dll
2006-10-17 22:53 65536 --------- C:\WINDOWS\system32\propdefs.dll
2006-10-17 22:53 52224 --------- C:\WINDOWS\system32\msstrc.dll
2006-10-17 22:53 51200 --------- C:\WINDOWS\system32\msscntrs.dll
2006-10-17 22:53 331264 --------- C:\WINDOWS\system32\mssph.dll
2006-10-17 22:53 32256 --------- C:\WINDOWS\system32\mssprxy.dll
2006-10-17 22:53 287744 --------- C:\WINDOWS\system32\searchindexer.exe
2006-10-17 22:53 26624 --------- C:\WINDOWS\system32\rtffilt.dll
2006-10-17 22:53 247296 --------- C:\WINDOWS\system32\srchadmin.dll
2006-10-17 22:53 23552 --------- C:\WINDOWS\system32\msscb.dll
2006-10-17 22:53 215552 --------- C:\WINDOWS\system32\msshsq.dll
2006-10-17 22:53 204288 --------- C:\WINDOWS\system32\searchprotocolhost.exe
2006-10-17 22:53 158720 --------- C:\WINDOWS\system32\mssphtb.dll
2006-10-17 22:53 1497600 --------- C:\WINDOWS\system32\tquery.dll
2006-10-17 22:53 1394688 --------- C:\WINDOWS\system32\mssrch.dll
2006-10-17 22:53 110592 --------- C:\WINDOWS\system32\xmlfilter.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 09:43 -------- d-------- C:\Program Files\Trustix
2006-10-17 09:35 -------- d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\Comodo
2006-10-17 09:33 69120 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2006-10-17 09:33 61056 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2006-10-17 09:33 -------- d-------- C:\Program Files\Comodo
2006-10-16 11:40 30 --a------ C:\Program Files\Exiferupdate.ini
2006-10-14 10:59 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 14:41 -------- d-------- C:\Program Files\Kerio
2006-10-13 14:15 -------- d-------- C:\Program Files\Alchemy Eye
2006-10-13 13:41 144384 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:59 -------- d-------- C:\Program Files\CEZEO software
2006-10-13 11:59 -------- d-------- C:\Documents and Settings\Ronnie Driessens\Application Data\CEZEO software
2006-10-12 02:47 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-10-12 02:44 260608 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-10-12 02:43 1777152 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-12 02:38 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-10-12 02:38 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-10-12 02:38 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-10-12 02:38 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-10-12 02:38 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-10-12 02:37 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-10-12 02:36 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-10-12 02:31 2518336 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-10-12 02:26 1092960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-10-12 02:22 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-10-12 02:22 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-10-12 02:20 5148672 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-10-12 02:15 221184 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-10-12 02:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-10-12 02:10 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-10-11 07:20 -------- d-------- C:\Program Files\Common Files\Application
2006-10-11 07:20 -------- d-------- C:\Program Files\Common Files\Ankiro
2006-10-09 07:12 1343488 --a------ C:\WINDOWS\system32\FreeImage.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-10-02 15:21 26604 --a------ C:\Documents and Settings\Ronnie Driessens\Application Data\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
2006-10-02 15:21 10760 --a------ C:\Documents and Settings\Ronnie Driessens\Application Data\Door lijstscheidingstekens gescheiden waarden (Windows).EML
2006-09-30 09:18 524288 --a------ C:\WINDOWS\opuc.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-15 13:36 98304 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-09-15 13:36 29696 --a------ C:\WINDOWS\system32\mimefilt.dll
2006-09-15 13:36 192000 --a------ C:\WINDOWS\system32\offfilt.dll
2006-09-13 13:44 643072 --a------ C:\WINDOWS\system32\mgxoschk.dll
2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"U.S. Robotics Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"Telemeter 3.0"="\"C:\\Program Files\\Telemeter 3.0\\telemeter3.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"RTHDCPL"="RTHDCPL.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
"Comodo Firewall"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LanTalk.NET"="C:\\Program Files\\CEZEO software\\LanTalk NET\\LanTalk.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000000
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"CDRAutoRun"=dword:00000001
"NoDriveTypeAutoRun"=dword:00000095
"NoLowDiskSpaceChecks"=dword:00000000
"MemCheckBoxInRunDlg"=dword:00000000
"NoClose"=dword:00000000
"NoAutoTrayNotify"=dword:00000000
"NoResolveTrack"=dword:00000000
"NoResolveSearch"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoStartBanner"=hex:00,00,00,00
"NoWelcomeScreen"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000
"NoDesktopCleanupWizard"=dword:00000000
"NoSharedDocuments"=dword:00000000
"ForceClassicControlPanel"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"RunStartupScriptSync"=dword:00000001
"SynchronousMachineGroupPolicy"=dword:00000001
"SynchronousUserGroupPolicy"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000000
"NoStrCmpLogical"=dword:00000000
"NoClose"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\20061012_111600_Backup van Mijn Afbeeldingen.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 06-12-10 19:31:27.71
C:\ComboFix.txt ... 06-12-10 19:31
Omhoog
 Profiel  
 
esarvie
 Berichttitel:
BerichtGeplaatst: zo dec 10, 2006 8:32 pm 
Offline
Lid

Geregistreerd: zo dec 10, 2006 5:58 pm
Berichten: 5
Logfile of HijackThis v1.99.1
Scan saved at 19:41:32, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Hijack This\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.di.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration977.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\9.00.0010\PKTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/229?912429a476ad46bd9ab0de766d1769c2
O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-be\msntabres.dll.mui/230?912429a476ad46bd9ab0de766d1769c2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {2FDEACE3-43F7-4E3C-B4A6-094DAAA343DC} (CFreeDigital) - https://secured.payvisionservices.com/f ... igital.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/74 ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Omhoog
 Profiel  
 
Thor
 Berichttitel:
BerichtGeplaatst: di dec 12, 2006 1:31 am 
Offline
VIP
Avatar gebruiker

Geregistreerd: do dec 15, 2005 12:35 pm
Berichten: 11477
Woonplaats: West-Vlaanderen, België
Besturingssysteem: XP Pro SP3
Bescherming: Avira AntiVir
Hallo esarvie,

Je logjes zien er goed uit. :wink:

Verwijder, indien nog aanwezig, via Configuratiescherm > Software het programma XoftSpy

Ondervind je nog problemen ?

Groeten,
Thor

_________________
Vragen en antwoorden horen in uw topic, PM wordt niet beantwoord.
AfbeeldingAfbeelding
Omhoog
 Profiel  
 
esarvie
 Berichttitel:
BerichtGeplaatst: wo dec 13, 2006 6:36 pm 
Offline
Lid

Geregistreerd: zo dec 10, 2006 5:58 pm
Berichten: 5
neen geen problemen meer met pop ups. Ik wilde comodo firewall er af zwieren maar kreeg dit niet gedaan. telkens ik een uninstall deed kon ik niet meer op het net. Als ik hem weer installeerde ging het wel . Ik had een nieuwe internet security gekocht en die haaft een firewall op zak dus heb ik heel het zaakje geformatteerd en , hup , hier ben ik weer zo clean als een nieuwe ;)

Dank je wel voor de duidelijke en zeer hulpzame hulp

Esarvie
Omhoog
 Profiel  
 
Thor
 Berichttitel:
BerichtGeplaatst: wo dec 13, 2006 9:44 pm 
Offline
VIP
Avatar gebruiker

Geregistreerd: do dec 15, 2005 12:35 pm
Berichten: 11477
Woonplaats: West-Vlaanderen, België
Besturingssysteem: XP Pro SP3
Bescherming: Avira AntiVir
Graag gedaan hoor, Esarvie :wink:

Da's natuurlijk ook een manier. :D

Lees om herhaling te voorkomen deze beveiligingstips nog eens door.

Aangezien je probleem is opgelost,
zet ik er een slotje op en verplaats het over een paar dagen naar de opgeloste logs-sectie.
Mocht je het heropend willen hebben, kan je mij een pbtje sturen, of aan 1 van de mods/admins met het verzoek hiertoe.

Groeten,
Thor :)

_________________
Vragen en antwoorden horen in uw topic, PM wordt niet beantwoord.
AfbeeldingAfbeelding
Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  Pagina 1 van 1
  [ 8 berichten ] 

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles

Alle tijden zijn GMT + 1 uur [ Zomertijd ]

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 0 gasten

Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling