Advertentie | |
|
20-04-2007, 11:03 | |
hey juisterr, ik heb het bestandj al gevonden, stond in _otmovit mapje...
[quote: Logfile of HijackThis v1.99.1 Scan saved at 11:48:56, on 20-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\windows\system32\rlvknlg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Save\Save.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe D:\Henk\pc tools\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BOOTSKIN.EXE" /StartupJobs O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ikkuh88hesselvandijk.spaces.l...d/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...lscbase969.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1163263355406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163240038890 O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...aseInstall.cab O16 - DPF: {EBD11638-B18C-4700-B11C-6CDF6F770B20} (FrameFree Web Player-0) - http://plugs.framefree.us/plugins/?ID=0&s=1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)]
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE] |
20-04-2007, 22:53 | |
kon sommige dingen niet vinden, maar hoop dat het goed is zo...
[quote: Logfile of HijackThis v1.99.1 Scan saved at 23:36:52, on 20-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe D:\Henk\pc tools\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BOOTSKIN.EXE" /StartupJobs O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ikkuh88hesselvandijk.spaces.l...d/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...lscbase969.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1163263355406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163240038890 O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...aseInstall.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {EBD11638-B18C-4700-B11C-6CDF6F770B20} (FrameFree Web Player-0) - http://plugs.framefree.us/plugins/?ID=0&s=1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)]
__________________
|| Heaven won't let me in, Hell's afraid that I take over ||
[QUOTE=Ellesdee;26151717]hahaha, je bent wel lief <3[/QUOTE] |
24-04-2007, 12:56 | |
Ok bij deze :
Logfile of HijackThis v1.99.1 Scan saved at 13:54:22, on 24-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\XpertVision\TBPanel.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\QuickTime\qttask.exe E:\Winamp\winampa.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe E:\DAEMON Tools\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE E:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://emmawahh.spaces.live.com//Pho...d/MsnPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe 9
__________________
.
|
25-04-2007, 16:10 | ||
Verwijderd
|
Citaat:
Logfile of HijackThis v1.99.1 Scan saved at 17:07:09, on 25-4-2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Running processes: C:\Program Files (x86)\MSN Messenger\msnmsgr.exe D:\Program Files\Adobe\Reader\reader_sl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe D:\Program Files\Asus DH Remote\AsRc.exe C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe D:\Program Files\Asus DH Remote\AsDhRemote.exe C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\SysWOW64\DllHost.exe D:\Program Files\Hijackthis\hijackthis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REGystem.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Ai Quicker Help] "D:\Program Files\Asus DH Remote\AsRc.exe" -r O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files (x86)\iPod\bin\iPodService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) De cursief gedrukte tekst heb ik inmiddels gefixt. Nog meer rare dingen? (Zoals O10 bv? ) |
25-04-2007, 18:11 | |
Hallo noir
Download Combofix naar je Bureaublad. Dubbelklik Combofix.exe Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Plaats dit log in je volgende post samen met een nieuw HijackThis log. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
__________________
Alles is betrekkelijk.
Proud member of ASAP |
25-04-2007, 18:17 | |
Ik had al gezien dat je vista had.
Wil je dit bestand eerst eens laten scannen bij Jotti: C:\Windows\SysWOW64\DllHost.exe <<<<<<<<<<<<<< Let op! Soms staan sommige mappen en/of bestanden verborgen, dus eerst even dit uitvoeren: Mijn documenten> extra > mapopties > tabblad Weergave > klik verborgen bestanden en mappen weergeven >OK: Jotti Virusscan http://virusscan.jotti.org/ Bovenin staat “file to upload”. Ga via “bladeren” naar onderstaand bestand, laat het scannen door eerst op “openen” en daarna op “submit” te klikken. Kopieer het antwoord dat je krijgt in je volgende post. Als de server te druk is kun je het bestand ook hier laten scannen: Kaspersky filescanner http://www.kaspersky.com/scanforvirus Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. start opnieuw op en plaats een nieuw logje sabje
__________________
Alles is betrekkelijk.
Proud member of ASAP |
25-04-2007, 20:57 | |
Verwijderd
|
Jotti:
Service load: 0% 100% File: dllhost.exe Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 be01e566d1f569aab32d0335613e1eea Packers detected: - Scan taken on 25 Apr 2007 19:46:50 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 21:56:21, on 25-4-2007 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Running processes: C:\Program Files (x86)\MSN Messenger\msnmsgr.exe D:\Program Files\Adobe\Reader\reader_sl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe D:\Program Files\Asus DH Remote\AsRc.exe C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe D:\Program Files\Asus DH Remote\AsDhRemote.exe C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\SysWOW64\DllHost.exe D:\Program Files\Hijackthis\hijackthis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REGystem.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Ai Quicker Help] "D:\Program Files\Asus DH Remote\AsRc.exe" -r O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files (x86)\iPod\bin\iPodService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) |
26-04-2007, 17:57 | ||
Verwijderd
|
Citaat:
Ja, goed eigenlijk. Alleen krijg ik als ik firefox opstart (via een link of favorieten) een schermpje met dat m'n toestemming nodig is om door te gaan. Ik kan dan klikken op doorgaan of annuleren. Er staat bij dat ik het bij gebruikersaccounts kan wijzigen, maar daar kan ik niets vinden waar ik dat kan aanpassen. Het ligt ook niet aan de rechten van mijn account, want ik ben gewoon beheerder. Dus ik dacht dat het misschien aan de Windows firewall lag, maar daar staat firefox gewoon bij toegestane programma's. Misschien weet je hier ook een oplossing voor? |
27-04-2007, 23:21 | |
Als ik naar een willekeurige site ga, dan word ik automatisch doorgelinked naar andere sites...
Logfile of HijackThis v1.99.1 Scan saved at 0:17:37, on 28-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\UPC\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\UPC\agentui\bcont.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Registration TMNT.LNK = C:\Program Files\Ubisoft\TMNT\Registration\RegistrationReminder.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2...lloInstall.CAB O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121558466984 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173464904625 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mijnalbum.nl/skin/system/...eUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.gamenext.nl/online/online.../goldfever.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe |
28-04-2007, 07:53 | |
Goede morgen stiff.
Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties... Controleer onder Weergave de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende directories: C:\Program Files\Common Files\BOONTY Shared\Service\ Download: RemoveVideoActiveXObject.exe Sla het bestand op je bureaublad op, daarna dubbelklikken. Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen. Daarna de PC herstarten en nogmaals RemoveVideoActiveXObject.exe dubbelklikken. Post daarna het logje C:\RVAXO-results.log in je volgende bericht tesamen met een nieuw logje van HijackThis. Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken. Als er een uninstaller actief wordt, deze zijn werk laten doen. PC herstarten en daarna nogmaals RemoveVideoActiveXObject.exe dubbelklikken. Daarna een logje van HijackThis plaatsen
__________________
Alles is betrekkelijk.
Proud member of ASAP |
28-04-2007, 13:25 | |
Logfile of HijackThis v1.99.1
Scan saved at 14:24:22, on 28-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\Dit.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\UPC\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Registration TMNT.LNK = C:\Program Files\Ubisoft\TMNT\Registration\RegistrationReminder.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2...lloInstall.CAB O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121558466984 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173464904625 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mijnalbum.nl/skin/system/...eUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.gamenext.nl/online/online.../goldfever.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe ----------------RemoveVideoActiveXObject.exe first run------------- Files found: Uninstallers Rogue scanners: Folders Found: --------------RemoveVideoActiveXObject.exe last run--------------- Files found: Uninstallers Rogue scanners: Folders Found: |
29-04-2007, 15:25 | |
Maar ik heb er nog steeds last van
http://img68.imageshack.us/img68/9851/googleeh0.jpg Daaronder in de statusbalk zie je wat er eerst gebeurt voordat ik word doorgelinked naar een andere site |
29-04-2007, 17:30 | |
Verwijderd
|
Hey.
Na het per ongeluk klikken op een dubieuze link, welke mij overspoelde met pop-ups en de boel liet vastlopen, is mijn internet brak aan het doen. Veel pagina's laden niet of laden gedeeltelijk, alhoewel herhaaldelijk op f5 rammen het wel wil verhelpen soms. Het maakt hierbij niet uit of je Firefox of IE gebruikt. (Gewoonlijk werk ik uiteraard met Firefox.) Als je ergens heen wil via een link dan vindt 'ie 'm niet, je moet echt iets invoeren in de adresbalk en op enter drukken. Azureus gaat traag en geeft de volgende waarschuwing - "There appears to be another program process already listening on socket [bla]. Loading of torrents via command line paramater wil fail until this is fixed." Ik heb AntiVir er overheen gegooid, maar die loopt bij 99,8% vast, wat nog nooit eerder is gebeurd. In de gescande 99,8% vindt 'ie verder niks verdachts. In de lopende processen vindt 'ie ook niks, idem voor de systeemmap van Windows. (Die scans had ik maar gedaan toen 'ie vastliep, deze kon 'ie wel voltooien.) Hitman Pro heeft wel van alles d'r gevonden en gewist, maar het internet is nog steeds even traag en ik kan nog steeds veel pagina's niet of slechts gedeeltelijk bereiken. Op gebied van Azureus is ook alles hetzelfde. Alhoewel de pc zelf niet meer vastloopt, zoals enkele uren terug. Ik heb geen programma's kunnen vinden uit deze lijst. CCleaner wil niet installeren, het installatievenster vedwijnt zodra je invoert waar je 'm wil hebben en dan gebeurt er gewoon niks. Hier is het HiJackThis logje: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:19:58, on 29-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\UltraEdit\uedit32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Masj\Desktop\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=051407 serial=PE02CBX-0000003-NMD lang=EN O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Papa\Desktop\MyDownloads\muBlinder\muBlinder.exe -startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunServices: [winrapid] winrapid.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunServices: [winrapid] winrapid.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunServices: [winrapid] winrapid.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?db79a9311ffa47588ddd32891b1369e9 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?db79a9311ffa47588ddd32891b1369e9 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/Impor...v=13,0,0831,02 O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.6.0.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ypikulin.spaces.live.com//Pho...d/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121929017239 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144193158609 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {EA297219-593E-408D-BFD4-2D43E203550D} (strprint.trprints) - https://mcp.microsoft.com/MCP/tools/...criptPrint.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 13275 bytes Weet iemand misschien wat ik nog meer kan doen? Zelf heb ik het idee dat het wellicht door een of ander prutspyprogje komt dat heeft zitten klooien met m'n poortinstellingen, maar dit is slechts een gevoel en ik weet er ook te weinig van af om het zelf te fixen. Oja, dit was de boosdoener cq link waardoor alles fucked is geraakt: http://encyclopedia_dramatica.on.nimp. org - NIET KLIKKEN, mensen die net als ik ondoordacht op alles rammen wat er bekend of curieus uitziet Wat een stupiditeit, ik had het makkelijk kunnen voorkomen. "Oh, encyclopedia dramatica, even zien *klik* - OH SHI- HET WAS EEN NIMP.ORG AGGGHHH ABORT MISSION .. te laat " [edit] Het is gelukt met CCleaner, maar dat heeft geen effect. HJT-log hierboven is aangepast, ik heb 'm nog een keer gedraaid na CCleaner, omdat dat misschien effect kan hebben. [edit2] Even de link opgebroken zodat het niet voorkomt dat mensen er per ongeluk op klikken. Laatst gewijzigd op 29-04-2007 om 19:41. |
29-04-2007, 20:00 | |
Stiffler, wil je deze even laten runnen aub.
Download Combofix naar je Bureaublad. Dubbelklik Combofix.exe Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Plaats dit log in je volgende post samen met een nieuw HijackThis log. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
__________________
Alles is betrekkelijk.
Proud member of ASAP |
29-04-2007, 20:20 | |
Gelijk heb je Freyk, dat is de boosdoener
Hier kan je lezen wat het is. http://www.bleepingcomputer.com/star...exe-12207.html Paranoide Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about :blank O4 - HKCU\..\RunServices: [winrapid] winrapid.exe O4 - HKUS\S-1-5-18\..\RunServices: [winrapid] winrapid.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunServices: [winrapid] winrapid.exe (User 'Default user') O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing) Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties... Controleer onder Weergave de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Verwijder de volgende bestanden: indien nog aanwezig. winrapid.exe C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe Download Dr.Web CureIt naar je bureaublad: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten. Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse" Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen. Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. Klik daarna de groene pijl rechts om de scan te starten. Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding: Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben) Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad. Sluit daarna Dr.Web Cureit. Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post. Run HijackThis opnieuw en post een nieuwe log succes Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP |
29-04-2007, 22:26 | |
Verwijderd
|
Ja, dat had ik ook geprobeerd, maar windows search vond 'm ook niet.
Hoe dan ook, de log van Dr.Web: A0125286.exe C:\System Volume Information\_restore{11980EC3-E457-4DBF-B161-B91BB04EC352}\RP680 Adware.SaveNow Incurable.Moved. HijackThis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23:26:19, on 29-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office10\EXCEL.EXE C:\Documents and Settings\Masj\Desktop\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=051407 serial=PE02CBX-0000003-NMD lang=EN O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Papa\Desktop\MyDownloads\muBlinder\muBlinder.exe -startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?db79a9311ffa47588ddd32891b1369e9 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?db79a9311ffa47588ddd32891b1369e9 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/Impor...v=13,0,0831,02 O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.6.0.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ypikulin.spaces.live.com//Pho...d/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121929017239 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144193158609 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {EA297219-593E-408D-BFD4-2D43E203550D} (strprint.trprints) - https://mcp.microsoft.com/MCP/tools/...criptPrint.CAB O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 12742 bytes Volgens mij werkt het internet nu een stuk beter, maar het gaat nog steeds een beetje moeizaam. Is het wijs om ergens de komende dagen maar de boel te formatteren? Dat heb ik inmiddels al een jaar of anderhalf niet gedaan geloof ik. Laatst gewijzigd op 29-04-2007 om 22:32. |
29-04-2007, 22:55 | ||
Citaat:
Scan saved at 23:51:46, on 29-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\svchost.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\Dit.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\UPC\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\MSMSGS.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Registration TMNT.LNK = C:\Program Files\Ubisoft\TMNT\Registration\RegistrationReminder.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2...lloInstall.CAB O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121558466984 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173464904625 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mijnalbum.nl/skin/system/...eUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.gamenext.nl/online/online.../goldfever.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe Code:
04-08-04 10:03 66085 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kdkii.exe.vir 05-01-08 05:22 767 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\AAA~1\BUREAU~1\Internet Explorer.lnk.vir 05-02-09 02:01 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\sysdk.exe.vir 05-12-28 19:51 1853447 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\CCC~1\APPLIC~1\Install.dat.vir 06-01-26 20:31 229376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cemetrix.dll.vir 06-05-01 19:38 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-432.0000 06-05-01 19:38 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-432.0001 06-05-16 13:00 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0000 06-05-16 13:01 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0001 06-05-16 13:01 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0002 06-05-16 13:01 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0003 06-05-16 13:01 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0004 06-05-16 13:01 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0005 06-05-16 13:01 50000 --a------ C:\Qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0006 06-08-09 23:55 5939807 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\temp1.exe.vir 06-11-05 07:52 1119 --a------ C:\Qoobox\Quarantine\C\INSTALL.LOG.vir 07-04-29 23:38 1068 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.cf 07-04-29 23:38 1222 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf 07-04-29 23:38 284 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf 07-04-29 23:38 29804 --a------ C:\Qoobox\Quarantine\Registry_backups\winlogon.reg.cf 07-04-29 23:38 3636 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.cf 07-04-29 23:38 9646 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf Map PATH-lijst Het volumenummer is 24C7-C42E C:\QOOBOX +---purity | \---C | +---Program Files | | +---Common Files | | | +---DOBE~1 | | | +---PPPATC~1 | | | +---SCURIT~1 | | | +---SSTEM~1 | | | +---WNSXS~1 | | | \---YSTEM~1 | | \---FNTS~2 | \---WINDOWS | +---ASEMBL~1 | +---ICROSO~1 | | \---ICROSO~1 | | ctxad-432.0000 | | ctxad-432.0001 | | ctxad-438.0000 | | ctxad-438.0001 | | ctxad-438.0002 | | ctxad-438.0003 | | ctxad-438.0004 | | ctxad-438.0005 | | ctxad-438.0006 | | | +---PPATCH~1 | +---SEMBLY~1 | +---system32 | | +---ASEMBL~1 | | +---CROSOF~1.NET | | +---MANTEC~1 | | +---SMANTE~1 | | \---SMBOLS~1 | \---YMANTE~1 \---Quarantine +---C | | INSTALL.LOG.vir | | | +---DOCUME~1 | | +---AAA~1 | | | \---BUREAU~1 | | | Internet Explorer.lnk.vir | | | | | \---CCC~1 | | \---APPLIC~1 | | Install.dat.vir | | | \---WINDOWS | | sysdk.exe.vir | | | \---system32 | cemetrix.dll.vir | kdkii.exe.vir | temp1.exe.vir | \---Registry_backups LEGACY_NM.reg.cf LEGACY_NPF.reg.cf LEGACY_NWSAPAGENT.reg.cf services_nm.reg.cf services_NwSapAgent.reg.cf winlogon.reg.cf |
29-04-2007, 23:01 | |
Ow wacht...volgens mij bedoel je deze:
"AAA" - 07-04-29 23:28:25 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\AAA\Bureaublad\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\temp1.exe C:\DOCUME~1\CCC~1\APPLIC~1\Install.dat C:\DOCUME~1\AAA~1\BUREAU~1.\internet explorer.lnk C:\WINDOWS\system32\cemetrix.dll C:\install.log C:\WINDOWS\sysdk.exe C:\WINDOWS\system32\kdkii.exe ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\Program Files\FNTS~2 C:\qoobox\purity\C\Program Files\Common Files\DOBE~1 C:\qoobox\purity\C\Program Files\Common Files\PPPATC~1 C:\qoobox\purity\C\Program Files\Common Files\SCURIT~1 C:\qoobox\purity\C\Program Files\Common Files\SSTEM~1 C:\qoobox\purity\C\Program Files\Common Files\WNSXS~1 C:\qoobox\purity\C\Program Files\Common Files\YSTEM~1 C:\qoobox\purity\C\WINDOWS\ASEMBL~1 C:\qoobox\purity\C\WINDOWS\ICROSO~1 C:\qoobox\purity\C\WINDOWS\PPATCH~1 C:\qoobox\purity\C\WINDOWS\SEMBLY~1 C:\qoobox\purity\C\WINDOWS\YMANTE~1 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-432.0000 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-432.0001 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0000 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0001 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0002 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0003 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0004 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0005 C:\qoobox\purity\C\WINDOWS\ICROSO~1\ICROSO~1\ctxad-438.0006 C:\qoobox\purity\C\WINDOWS\system32\ASEMBL~1 C:\qoobox\purity\C\WINDOWS\system32\CROSOF~1.NET C:\qoobox\purity\C\WINDOWS\system32\MANTEC~1 C:\qoobox\purity\C\WINDOWS\system32\SMANTE~1 C:\qoobox\purity\C\WINDOWS\system32\SMBOLS~1 ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm -------\NwSapAgent -------\LEGACY_NM -------\LEGACY_NPF -------\LEGACY_NWSAPAGENT ((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-29 )))))))))))))))))))))))))))))))))) 2007-04-28 14:22 25,451 --a------ C:\WINDOWS\system32\RemoveVideoActiveXObject.reg 2007-04-28 14:18 69,632 --a------ C:\WINDOWS\system32\remove.exe 2007-04-22 19:37 <DIR> d-------- C:\Program Files\Oberon Media 2007-04-20 17:52 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2007-04-20 17:52 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2007-04-20 16:36 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared 2007-04-20 16:34 <DIR> d-------- C:\Program Files\BoontyGames 2007-04-18 14:54 <DIR> dr-h----- C:\DOCUME~1\CCC~1\APPLIC~1\SecuROM 2007-04-18 14:50 <DIR> d-------- C:\DOCUME~1\CCC~1\APPLIC~1\TMNT 2007-04-18 14:38 <DIR> d-------- C:\DOCUME~1\CCC~1\APPLIC~1\InstallShield 2007-04-17 17:46 <DIR> d-------- C:\DOCUME~1\Gast\WINDOWS 2007-04-16 14:58 <DIR> dr-h----- C:\DOCUME~1\AAA~1\APPLIC~1\SecuROM 2007-04-16 14:55 <DIR> d-------- C:\DOCUME~1\AAA~1\APPLIC~1\TMNT 2007-04-16 14:49 <DIR> d-------- C:\Program Files\Ubisoft 2007-04-16 14:49 <DIR> d-------- C:\DOCUME~1\AAA~1\APPLIC~1\InstallShield 2007-04-11 13:52 <DIR> d-------- C:\DOCUME~1\CCC~1\Shared 2007-04-11 13:52 <DIR> d-------- C:\DOCUME~1\CCC~1\Incomplete 2007-04-11 13:50 <DIR> d-------- C:\DOCUME~1\CCC~1\.limewire 2007-03-31 03:35 <DIR> d-------- C:\Program Files\UPC 2007-03-31 03:35 <DIR> d-------- C:\Program Files\SupportSoft 2007-03-31 03:35 <DIR> d-------- C:\Program Files\Common Files\Supportsoft 2007-03-31 03:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft 2007-03-31 03:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-29 23:45 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-04-28 06:26 -------- d-------- C:\Program Files\google 2007-04-27 18:57 -------- d-------- C:\DOCUME~1\AAA~1\APPLIC~1\utorrent 2007-04-20 19:59 336 --a------ C:\WINDOWS\system32\lsprst7.dll 2007-04-20 19:59 -------- d-------- C:\Program Files\spss evaluation 2007-04-18 14:39 -------- d--h----- C:\Program Files\installshield installation information 2007-04-16 14:58 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-04-15 13:58 -------- d-------- C:\Program Files\limewire 2007-04-02 20:25 59036 --a------ C:\DOCUME~1\AAA~1\APPLIC~1\wklnhst.dat 2007-03-31 13:08 -------- d-------- C:\Program Files\yahoo! 2007-03-28 21:49 0 --a------ C:\WINDOWS\system32\ssprs.dll 2007-03-26 00:32 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-25 13:36 82190 --a------ C:\WINDOWS\system32\perfc013.dat 2007-03-25 13:36 466442 --a------ C:\WINDOWS\system32\perfh013.dat 2007-03-23 19:25 -------- d-------- C:\Program Files\kazaa 2007-03-23 19:22 10 --a------ C:\WINDOWS\smdat32m.sys 2007-03-23 13:23 0 --a------ C:\WINDOWS\smdat32a.sys 2007-03-23 13:21 -------- d-------- C:\Program Files\need2find 2007-03-17 21:19 360 --a------ C:\DOCUME~1\AAA~1\APPLIC~1\dm.ini 2007-03-16 21:23 -------- d--h----- C:\Program Files\windowsupdate 2007-03-13 01:56 -------- d-------- C:\Program Files\msn messenger 2007-03-12 20:38 -------- d-------- C:\Program Files\windows live toolbar 2007-03-12 02:03 -------- d-------- C:\Program Files\messenger 2007-03-11 11:04 -------- d-------- C:\Program Files\filefactory turbo 2007-03-09 18:09 -------- d-------- C:\DOCUME~1\AAA~1\APPLIC~1\msn6 2007-03-02 00:16 -------- d-------- C:\Program Files\solar system 3d screensaver 2007-03-01 18:30 -------- d-------- C:\Program Files\astro gemini software 2007-02-14 23:56 1024 --a------ C:\WINDOWS\system32\clauth2.dll 2007-02-14 23:56 1024 --a------ C:\WINDOWS\system32\clauth1.dll 2007-02-14 23:56 0 --a------ C:\WINDOWS\system32\serauth2.dll 2007-02-14 23:56 0 --a------ C:\WINDOWS\system32\serauth1.dll 2007-02-14 23:56 0 --a------ C:\WINDOWS\system32\nsprs.dll 2007-02-14 23:50 1025 --a------ C:\WINDOWS\system32\sysprs7.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIModeChange"="Ati2mdxx.exe" "ATIPTA"="C:\\ATI-CPanel\\atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "Dit"="Dit.exe" "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE" "LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe" "LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "UPC"="\"C:\\Program Files\\UPC\\bin\\sprtcmd.exe\" /P UPC" "RemoteAssist"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\ shellexecutehooks] "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F] Shell\AutoRun\command F:\autorun.exe Shell\directx\command DirectX9\dxsetup.exe Shell\setup\command setup.exe ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070428-141539-810 O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe backup-20070420-193355-311 O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) backup-20070420-193355-614 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) backup-20070315-234502-133 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) backup-20070312-013433-833 O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com backup-20070312-013433-336 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) backup-20070312-013433-514 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20070312-013433-425 O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL (file missing) backup-20070312-013433-328 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll backup-20070312-013433-631 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com backup-20070312-013433-548 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! backup-20070217-193639-270 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20070217-193638-359 O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing) backup-20070217-193606-879 O2 - BHO: (no name) - ø$49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) backup-20070217-193606-138 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20070217-193546-678 O2 - BHO: (no name) - `@497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) backup-20070217-193546-449 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) backup-20061108-011459-840 O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll (file missing) backup-20061108-011459-690 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) backup-20061108-011459-619 O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN backup-20060713-132440-678 O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU) backup-20060713-132440-991 O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU) backup-20060713-132440-720 O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe backup-20060713-132440-940 O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q backup-20060713-132241-236 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk762YYNL backup-20060713-132241-916 O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe backup-20060713-132241-345 O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE backup-20060713-132241-608 O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe backup-20060713-132241-868 O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML backup-20060713-132241-787 O4 - HKCU\..\Run: [Wofknqwd] C:\WINDOWS\System32\??plorer.exe backup-20060713-132241-253 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe backup-20060713-132241-965 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) backup-20060713-132241-922 O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe" backup-20060713-132241-818 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html backup-20060713-132241-213 R3 - URLSearchHook: (no name) - {C35567CB-A70C-D8AE-0302-FB3AF15227C5} - (no file) backup-20060713-132241-121 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-29 23:46:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-29 23:49:44 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-29 23:49 |
30-04-2007, 13:05 | |
Stiffler, wil je onderstaande doen aub.
De AAA gebruiker heeft administrator eigenschappen ? Verwijder via verkenner eerst even C:\Qoobox alleen het dikgedrukte deel natuurlijk. Download: RemoveVideoActiveXObject.exe Sla het bestand op je bureaublad op, daarna dubbelklikken. Mogelijk start de uninstaller van een rogue scanner op, sluit deze niet af maar laat deze zijn werk doen. Daarna de PC herstarten en nogmaals RemoveVideoActiveXObject.exe dubbelklikken. Post daarna het logje C:\RVAXO-results.log in je volgende bericht tesamen met een nieuw logje van HijackThis. Bestand downloaden en op je bureaublad opslaan, daarna dubbelklikken. Als er een uninstaller actief wordt, deze zijn werk laten doen. PC herstarten en daarna nogmaals RemoveVideoActiveXObject.exe dubbelklikken. Daarna een logje van HijackThis plaatsen succes
__________________
Alles is betrekkelijk.
Proud member of ASAP |
30-04-2007, 13:37 | ||
Citaat:
Scan saved at 14:35:40, on 30-4-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\Dit.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\UPC\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UPC] "C:\Program Files\UPC\bin\sprtcmd.exe" /P UPC O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Registration TMNT.LNK = C:\Program Files\Ubisoft\TMNT\Registration\RegistrationReminder.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2...lloInstall.CAB O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121558466984 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173464904625 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mijnalbum.nl/skin/system/...eUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.gamenext.nl/online/online.../goldfever.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe ----------------RemoveVideoActiveXObject.exe first run------------- Files found: Uninstallers Rogue scanners: Folders Found: --------------RemoveVideoActiveXObject.exe last run--------------- Files found: Uninstallers Rogue scanners: Folders Found: |
30-04-2007, 16:59 | ||
Citaat:
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
Laatst gewijzigd op 30-04-2007 om 17:04. |
01-05-2007, 23:34 | |
Ik krijg tegenwoordig achterlijk veel virussen, spyware, malware,... binnen. Daarnaast heb ik ook veel pop-ups, van zodra ik Firefox open, opent er zich meestal al een venster van IE. Dit is vrij irritant allemaal. Spyware die ik niet wegkrijg is bv: SmitFraud-C.Toolbar888. Virussen die ik binnenkrijg zijn vaak Trojans, een voorbeeld is: Trojan.Vundo. Ik heb al op google gezocht, maar ik raak er maar niet aan uit wat ik precies moet doen om het weg te krijgen.
Ik scan elke dag met Adaware en Spybot S&D en ik doe een wekelijkse scan met mijn antivirus (Symantec). Ik heb nu ook Windows Defender gedownload omdat die real-time bescherming heeft. Maar nog steeds is het niet weg. De meeste virussen die ik binnenkrijg zijn trouwens wel te verwijderen, maar komen dus ook terug. Maar zelfs dan nog, ik vind dat er zelfs zoveel virussen niet mogen binnenraken op mijn pc, het zijn er elke dag wel een stuk of 3. Om de een of andere reden kan ik trouwens sinds vandaag niets meer downloaden via Firefox. Ik moet steeds via IE gaan, en die zegt dan dat om veiligheidsredenen niet kan gedownload worden. Ik kan dat dan wel uitzetten en het toch downloaden, maar het is gewoon verschrikkelijk irritant omdat ik alles op internet via Firefox doe... Alles is trouwens begonnen toen ik op een site zocht naar een registration key voor Winzip. Toen zijn er ineens heel veel virussen binnengekomen, en sindsdien heb ik er dus last van. Heeft iemand een idee om dit teveel aan spyware en virussen die steeds terugkomen op te lossen? Logje: Logfile of HijackThis v1.99.1 Scan saved at 0:31:02, on 2/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\kbxujwyt.dll",realset O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://femmytje.spaces.live.com//Pho...d/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextnl.oberon-media.com/o...h.1.0.0.80.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Ik hoop echt dat iemand kan helpen
__________________
Soija.nl
|
02-05-2007, 08:58 | |
Misty, zo te zien een vundo infectie,
Download Combofix naar je Bureaublad. Dubbelklik Combofix.exe Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Plaats dit log in je volgende post samen met een nieuw HijackThis log. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\kbxujwyt.dll",realset Klik op 'Fix checked' om de items te verwijderen. Herstart de computer en verwijder het volgende bestand: C:\WINDOWS\system32\kbxujwyt.dll start opnieuw op en plaats de combo text en een nieuw HJT logje. Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP Laatst gewijzigd op 02-05-2007 om 09:06. |
02-05-2007, 08:58 | ||
Haal ff kbxujwyt.dll dat (misschien verborgen) in je windows\system32 map staat weg.
(om verborgen bestanden weer te geven, klik op mijn computer -> extra mapopties) -edit- Citaat:
Een gratis beter alternatief voor winzip is 7-zip
__________________
"Typefouten zijn gratis" | "Daar is vast wel een knopje voor" | "Ik weet, want ik zoek" | Powered by Firefox, Chromium, Mac OS X, OpenSuse, and Google.
Laatst gewijzigd op 02-05-2007 om 09:05. |
02-05-2007, 10:43 | ||
Citaat:
Ik heb nu trouwens wel een gratis winzip, blijkbaar hadden we daar een campuslicentie voor Maar ik ga al jullie tips zeker proberen van zodra ik weer thuis ben! Ik laat dan wel even weten hoe het is verlopen Bedankt!
__________________
Soija.nl
|
02-05-2007, 18:43 | |
Ok, ik heb precies gedaan wat juisterr gezegd heeft en dit is het resultaat:
Combofix-log: "Femke" - 07-05-02 19:14:46 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Femke\Bureaublad\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\srutv.bak1 C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\vturs.dll C:\WINDOWS\system32\khfgecb.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\dinerdash.exe C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\playfirst_logo.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\strings.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\cup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\customer_cu p.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\heart.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\menu_down.p ng C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\menu_up.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\plates.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\ticket.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\tray.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\music\mainmenumus ic.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_che ck_1_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_f ood_1_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_o rder_1_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_drop off_1_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_read y_1_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_hear t_1.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drink s_1_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arr ive_1_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_wr ite_2.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_fo od_1_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_ 1.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_peop le_snd.ogg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\choosediffi culty.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\highscores. jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelintro. jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelintro_ mask.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelover.j pg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelover_m ask.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jp g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\popup_mask. png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid .png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upgradetitl e.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue. png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowleft_yello w.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowright_blue .png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowright_yell ow.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backchalk.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backchalkup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue .png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backtomenu_yell ow.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\back_blue.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\back_yellow.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\cancel.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\cancelup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\career.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\career_over.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\close.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\closeup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\continue.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\continueover.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\credits_blue.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\credits_yellow. png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\download_blue.p ng C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\download_yellow .png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\easy.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\easy_over.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\endlessshift.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\endlessshift_ov er.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\hard.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\hard_over.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\help.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\help_over.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\highscores.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\highscores_over .png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\instructions_bl ue.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\instructions_ye llow.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\letsplay.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\letsplayover.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\medium.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\medium_over.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\moreinfo.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\off.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\off_on.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\on.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\on_on.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\pause.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\pauseover.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quit.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitgame.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitgameover.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitover.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\resumegame.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\resumegameover. png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\submit.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\submitup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\tryagain.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\tryagainover.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\upgrade_over.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewglobal.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewglobalup.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewhighscore.p ng C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon .png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewlocal.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\comics\webcomic.jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\career.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\customer.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\endless.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\global.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\powerups.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\cook.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\cook.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\stove.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\arrow.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\click.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\click2.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\grab.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\open.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\anim .xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue \anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue \anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue \sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\gree n\anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\gree n\anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\gree n\sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purp le\anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purp le\anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purp le\sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\ anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\ anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\ sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yell ow\anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yell ow\anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yell ow\sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ blue\anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ blue\anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ blue\sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ green\anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ green\anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ green\sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ purple\anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ purple\anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ purple\sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ red\anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ red\anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ red\sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ yellow\anim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ yellow\anim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\ yellow\sit_legs.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\idle.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\idle.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\lower.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\lower.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\upper.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\upper.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\fonts\arial.mvec C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\chair.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\chair.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dirt2top.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dirt4top.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dishcart.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dishcart.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_ off.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_ on1.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_ on2.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\ticketstation .png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\ticketstation .xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowright.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\p1icon.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\textedit.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\title.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.t xt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\fifth_level_din er.txt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\first_level_din er.txt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\fourth_level_di ner.txt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\second_level_di ner.txt C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\tableshadow .png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\backg round.jpg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\upgra des.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\ food1.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\ food1.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\ food2.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\ food2.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\ food3.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\ food3.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\frame s\upgrade_0001.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\table s\2top.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\table s\2top.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\table s\4top.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\table s\4top.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\choosedifficult y.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lu a C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\chooserestauran t.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\credits.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\game.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\gothighscore.lu a C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\help.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\help2.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscore.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.l ua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\levelintro.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\levelover.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\loading.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\mainloop.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\ok.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\pause.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\style.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\tutorialintro.l ua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\upgrade.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\upsell.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\webcomic.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\yesno.lua C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\aol_logo.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jp g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\playfirst_logo.j pg C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\angersmoke.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\angersmoke.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\chairflags.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\chairflags.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\check.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\checkmark.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\clock.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\closed.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\closingtime.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\coinflip.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\coinflip.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\dollar.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\expert.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\expertscore.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\foodpoof.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\foodpoof.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\fork_timer.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\goalcompleted.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\heartgrow.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\heartgrow.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\jar.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\jar.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\level.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\level_career.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\score.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\sound.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\staroff.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\staron.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tablenumber.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tablenumberup.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\traynumber.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorialbox.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorial_character.p ng C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgradeanim.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\tables.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.pn g C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\select.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\table.png C:\install.log C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80 ((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 )))))))))))))))))))))))))))))))))) 2007-05-01 23:28 <DIR> d-------- C:\Program Files\Windows Defender 2007-05-01 22:50 <DIR> d-------- C:\Program Files\Lavasoft 2007-05-01 22:20 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-05-01 22:00 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2007-05-01 22:00 <DIR> d-------- C:\Program Files\Hitman Pro 2007-04-30 19:42 <DIR> d-------- C:\DOCUME~1\Femke\APPLIC~1\PlayFirst 2007-04-30 19:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst 2007-04-30 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom 2007-04-19 19:49 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-04-19 19:49 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-04-19 19:48 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-04-19 19:28 493,380 ---hs---- C:\WINDOWS\system32\srtwa.ini2 2007-04-17 09:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-17 09:12 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-04-17 09:10 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-04-10 11:02 518,132 ---hs---- C:\WINDOWS\system32\srtwa.bak2 2007-04-09 22:31 <DIR> d-------- C:\Program Files\Incomplete 2007-04-09 16:08 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-04-09 14:28 <DIR> d-------- C:\DOCUME~1\Femke\APPLIC~1\SAS 2007-04-09 14:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SAS 2007-04-09 14:08 638,464 --------- C:\WINDOWS\system32\oc30.dll 2007-04-09 14:08 133,904 --------- C:\WINDOWS\system32\mfcans32.dll 2007-04-09 14:08 13,600 --------- C:\WINDOWS\system32\sasperf.dll 2007-04-09 13:06 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-04-09 13:06 964,608 --a------ C:\WINDOWS\system32\mfc70u.dll 2007-04-09 13:06 84,992 --a------ C:\WINDOWS\system32\atl70.dll 2007-04-09 13:06 54,784 --a------ C:\WINDOWS\system32\msvci70.dll 2007-04-09 13:06 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-04-09 13:06 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-04-09 13:06 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-04-09 12:59 <DIR> d-------- C:\Program Files\SAS 2007-04-09 11:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-04-09 11:02 494,762 ---hs---- C:\WINDOWS\system32\srtwa.bak1 2007-04-03 08:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! 2007-04-02 21:10 <DIR> d-------- C:\DOCUME~1\Femke\APPLIC~1\Screenshot Sender (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-02 19:26 -------- d-------- C:\Program Files\symantec antivirus 2007-04-29 00:30 -------- d-------- C:\Program Files\winamp 2007-04-26 00:38 -------- d-------- C:\DOCUME~1\Femke\APPLIC~1\skype 2007-04-23 20:14 2828 --ahs---- C:\WINDOWS\system32\kgygaavl.sys 2007-04-22 20:35 -------- d-------- C:\Program Files\msn messenger 2007-04-10 10:11 -------- d--h----- C:\Program Files\installshield installation information 2007-04-10 10:02 69782 --a------ C:\WINDOWS\system32\perfc013.dat 2007-04-10 10:02 442572 --a------ C:\WINDOWS\system32\perfh013.dat 2007-04-09 22:31 -------- d-------- C:\Program Files\limewire 2007-04-02 21:09 -------- d-------- C:\Program Files\messenger plus! live 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:39 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:39 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:39 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-04 21:14 -------- d-------- C:\Program Files\infogrames 2007-02-27 19:06 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-02-18 23:04 2560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-02-05 22:20 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {649FE175-B572-43C7-9B4A-A2DF105F60C9} C:\WINDOWS\system32\awtrs.dll [x] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe" "HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe" "CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe" "LMgrOSD"="C:\\Program Files\\Launch Manager\\OSD.exe" "Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\"" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\kbxujwyt.dll\",realset" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNoti fier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserv iceobjectdelayload] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrs HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162844689.job C:\WINDOWS\tasks\MP Scheduled Scan.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-02 19:26:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-02 19:27:00 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-05-02 19:27 --------------------- Hijackthis-log: Logfile of HijackThis v1.99.1 Scan saved at 19:40:38, on 2/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {649FE175-B572-43C7-9B4A-A2DF105F60C9} - C:\WINDOWS\system32\awtrs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://femmytje.spaces.live.com//Pho...d/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextnl.oberon-media.com/o...h.1.0.0.80.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: awtrs - C:\WINDOWS\system32\awtrs.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe De laatste stap heb ik echter niet kunnen doen, dat .dll bestand kon ik niet meer vinden in die system32-map. Ook niet wanneer ik verborgen bestanden weergaf en ik heb de hele map doorzocht via zoeken. Is het dan weg? Bedankt!
__________________
Soija.nl
|
03-05-2007, 12:15 | |
Jaa Misty, op die machine van jou was heel wat aan het handje zoals je ziet.
Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: O2 - BHO: (no name) - {649FE175-B572-43C7-9B4A-A2DF105F60C9} - C:\WINDOWS\system32\awtrs.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O20 - Winlogon Notify: awtrs - C:\WINDOWS\system32\awtrs.dll (file missing) Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download Dr.Web CureIt naar je bureaublad: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten. Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan. Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse" Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen. Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. Klik daarna de groene pijl rechts om de scan te starten. Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren. Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding: Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben) Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad. Sluit daarna Dr.Web Cureit. Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart. Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post. run eerst nogmaals de combofix en plaats weer de text ervan plaats ook weer een nieuw HJT logje aub. Juisterr
__________________
Alles is betrekkelijk.
Proud member of ASAP |
03-05-2007, 14:29 | |
Hallo! Ik heb alles gedaan precies zoals je gezegd hebt, en dit is het resultaat:
Cureit-log: VBAOL11.CHM\html/olobjAddressEntries.htm C:\Program Files\Microsoft Office\OFFICE11\1043\VBAOL11.CHM Modification of VBS.Petik VBAOL11.CHM C:\Program Files\Microsoft Office\OFFICE11\1043 Archive contains infected objects Moved. khfgecb.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted. vturs.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32 Trojan.Virtumod Deleted. A0027401.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP100 Trojan.Virtumod Deleted. A0027402.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP100 Trojan.Virtumod Deleted. A0027407.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP100 Trojan.Virtumod Deleted. A0027408.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP100 Trojan.Virtumod Deleted. A0027409.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP100 Trojan.Virtumod Deleted. A0027423.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP100 Trojan.Juan Deleted. A0027492.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP100 Trojan.Virtumod Deleted. A0028618.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP101 Trojan.Virtumod Deleted. A0028619.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP101 Trojan.Virtumod Deleted. A0028620.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP101 Trojan.Virtumod Deleted. A0028621.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP101 Trojan.Virtumod Deleted. A0028703.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP101 Trojan.Virtumod Deleted. A0028722.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP103 Trojan.Virtumod Deleted. A0028875.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP103 Trojan.Virtumod Deleted. A0028876.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP103 Trojan.Virtumod Deleted. A0020545.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP89 Trojan.Virtumod Deleted. A0020546.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP89 Trojan.Virtumod Deleted. A0025527.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP95 Trojan.Virtumod Deleted. A0025557.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP95 Trojan.Virtumod Deleted. A0025689.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025698.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025759.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025795.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025797.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025798.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025799.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025800.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025802.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025803.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025804.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025805.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0025970.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP97 Trojan.Virtumod Deleted. A0026774.dll C:\System Volume Information\_restore{36FA5F99-54CC-47A2-AF0E-806FA204EC8D}\RP98 Trojan.Virtumod Deleted. ------------------------------------------------ Combofix-log: "Femke" - 07-05-03 15:19:32 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Femke\Bureaublad\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 )))))))))))))))))))))))))))))))))) 2007-05-03 14:08 <DIR> d-------- C:\DOCUME~1\Femke\DoctorWeb 2007-05-02 19:27 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-01 23:28 <DIR> d-------- C:\Program Files\Windows Defender 2007-05-01 22:50 <DIR> d-------- C:\Program Files\Lavasoft 2007-05-01 22:20 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-05-01 22:00 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2007-05-01 22:00 <DIR> d-------- C:\Program Files\Hitman Pro 2007-04-30 19:42 <DIR> d-------- C:\DOCUME~1\Femke\APPLIC~1\PlayFirst 2007-04-30 19:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst 2007-04-30 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom 2007-04-19 19:49 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-04-19 19:49 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-04-19 19:48 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-04-19 19:28 493,380 ---hs---- C:\WINDOWS\system32\srtwa.ini2 2007-04-17 09:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-17 09:12 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-04-17 09:10 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-04-10 11:02 518,132 ---hs---- C:\WINDOWS\system32\srtwa.bak2 2007-04-09 22:31 <DIR> d-------- C:\Program Files\Incomplete 2007-04-09 16:08 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-04-09 14:28 <DIR> d-------- C:\DOCUME~1\Femke\APPLIC~1\SAS 2007-04-09 14:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SAS 2007-04-09 14:08 638,464 --------- C:\WINDOWS\system32\oc30.dll 2007-04-09 14:08 133,904 --------- C:\WINDOWS\system32\mfcans32.dll 2007-04-09 14:08 13,600 --------- C:\WINDOWS\system32\sasperf.dll 2007-04-09 13:06 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-04-09 13:06 964,608 --a------ C:\WINDOWS\system32\mfc70u.dll 2007-04-09 13:06 84,992 --a------ C:\WINDOWS\system32\atl70.dll 2007-04-09 13:06 54,784 --a------ C:\WINDOWS\system32\msvci70.dll 2007-04-09 13:06 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-04-09 13:06 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-04-09 13:06 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-04-09 12:59 <DIR> d-------- C:\Program Files\SAS 2007-04-09 11:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-04-09 11:02 494,762 ---hs---- C:\WINDOWS\system32\srtwa.bak1 2007-04-03 08:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-03 15:18 -------- d-------- C:\Program Files\symantec antivirus 2007-04-30 13:12 -------- d-------- C:\DOCUME~1\Femke\APPLIC~1\screenshot sender 2007-04-29 00:30 -------- d-------- C:\Program Files\winamp 2007-04-26 00:38 -------- d-------- C:\DOCUME~1\Femke\APPLIC~1\skype 2007-04-23 20:14 2828 --ahs---- C:\WINDOWS\system32\kgygaavl.sys 2007-04-22 20:35 -------- d-------- C:\Program Files\msn messenger 2007-04-10 10:11 -------- d--h----- C:\Program Files\installshield installation information 2007-04-10 10:02 69782 --a------ C:\WINDOWS\system32\perfc013.dat 2007-04-10 10:02 442572 --a------ C:\WINDOWS\system32\perfh013.dat 2007-04-09 22:31 -------- d-------- C:\Program Files\limewire 2007-04-02 21:09 -------- d-------- C:\Program Files\messenger plus! live 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:39 579072 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:39 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:39 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:37 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-04 21:14 -------- d-------- C:\Program Files\infogrames 2007-02-27 19:06 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-02-18 23:04 2560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-02-05 22:20 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "LaunchAp"="C:\\Program Files\\Launch Manager\\LaunchAp.exe" "HotkeyApp"="C:\\Program Files\\Launch Manager\\HotkeyApp.exe" "CtrlVol"="C:\\Program Files\\Launch Manager\\CtrlVol.exe" "LMgrOSD"="C:\\Program Files\\Launch Manager\\OSD.exe" "Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\"" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNoti fier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserv iceobjectdelayload] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1162844689.job C:\WINDOWS\tasks\MP Scheduled Scan.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-03 15:22:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-03 15:22:41 C:\ComboFix-quarantined-files.txt ... 07-05-03 15:22 C:\ComboFix2.txt ... 07-05-02 19:27 --------------------------------------------------- Hijackthis-log: Logfile of HijackThis v1.99.1 Scan saved at 15:24:05, on 3/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://femmytje.spaces.live.com//Pho...d/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextnl.oberon-media.com/o...h.1.0.0.80.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe En?
__________________
Soija.nl
|
03-05-2007, 14:58 | |
en nog niet helemaal weg, vundo is lastig hoor.
Download VundoFix.exe en plaats dat op je bureaublad.
Note: Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden. In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo." succes
__________________
Alles is betrekkelijk.
Proud member of ASAP |
03-05-2007, 15:16 | |
Ok, hier is het logje van die Vundofix. Hij heeft geen geïnfecteerde bestanden gevonden dus ik kon ook niets verwijderen...
VundoFix V6.3.21 Checking Java version... Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 16:08:54 3/05/2007 Listing files found while scanning.... No infected files were found. Beginning removal... Hijackthis-log: Logfile of HijackThis v1.99.1 Scan saved at 16:16:10, on 3/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://femmytje.spaces.live.com//Pho...d/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextnl.oberon-media.com/o...h.1.0.0.80.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
__________________
Soija.nl
|
Advertentie |
|
|
|
Soortgelijke topics | ||||
Forum | Topic | Reacties | Laatste bericht | |
Software & Hardware |
[Centraal] Spy-, adware & virussen [4] M@rco | 500 | 01-12-2006 11:27 |