Mededeling

Collapse
No announcement yet.

Hier ook Search-Daily.com

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Hier ook Search-Daily.com

    Sinds enkele dagen wordt ik in Google vaak naar een site van Search-daily.com geleidt. Heeft iemand een oplossing voor mij?
    Hieronder volgen de logs van ComboFix en HiJackThis.
    Alvast bedankt voor de hulp!
    ================================================
    ComboFix log:

    ComboFix 08-01-09.2 - bw 2008-01-12 21:44:37.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.101 [GMT 1:00]
    Gestart vanuit: E:\Documents and Settings\bw.BEREND.000\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))
    .

    2008-01-12 21:44 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
    2008-01-12 21:32 . 2007-09-24 23:31 69,632 --a------ E:\WINDOWS\system32\javacpl.cpl
    2008-01-12 21:15 . 2008-01-12 21:15 <DIR> dr-h----- E:\Documents and Settings\bw.BEREND.000\Onlangs geopend
    2008-01-12 20:21 . 2008-01-12 20:53 <DIR> d-a------ E:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-01-12 19:30 . 2008-01-12 19:30 <DIR> d-------- E:\WINDOWS\system32\Kaspersky Lab
    2008-01-12 19:30 . 2008-01-12 19:30 <DIR> d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
    2008-01-12 19:28 . 2008-01-12 19:28 <DIR> d-------- E:\Program Files\Trend Micro
    2008-01-10 20:29 . 2002-07-19 09:54 84,480 --a------ E:\WINDOWS\system32\CTASI.dll
    2007-12-28 17:55 . 2008-01-12 21:32 54,156 --ah----- E:\WINDOWS\QTFont.qfn
    2007-12-28 17:55 . 2008-01-12 21:32 1,409 --a------ E:\WINDOWS\QTFont.for

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-12 20:32 --------- d-----w E:\Program Files\Java
    2008-01-12 20:10 --------- d-----w E:\Program Files\Hitman Pro
    2008-01-12 20:07 --------- d-----w E:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-01-12 19:54 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard
    2008-01-12 19:53 --------- d--h--w E:\Program Files\InstallShield Installation Information
    2008-01-12 15:30 --------- d-----w E:\Documents and Settings\bw.BEREND.000\Application Data\AVG7
    2008-01-09 22:20 --------- d-----w E:\Documents and Settings\bw.BEREND.000\Application Data\CoreFTP
    2007-12-22 09:19 --------- d-----w E:\Program Files\DC++0674
    2007-12-21 21:31 --------- d-----w E:\Program Files\SolidWorks
    2007-11-26 10:05 --------- d---a-w E:\Program Files\MSN Messenger
    2007-06-12 20:26 65,461 ----a-w E:\Program Files\SolidWorksswxJRNL.BAK
    2005-03-15 22:14 271 --sh--w E:\Program Files\desktop.ini
    2005-03-15 22:14 22,085 ---ha-w E:\Program Files\folder.htt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013874C0-85A5-492A-8AD4-63828357C7FD}]
    2002-07-19 09:54 84480 --a------ E:\WINDOWS\System32\CTASI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{225CB90A-A52C-4B25-A952-59994383255D}]
    2002-07-19 09:54 84480 --a------ E:\WINDOWS\System32\CTASI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DE453D4-6F43-472A-9D8B-EF14566F3826}]
    2002-07-19 09:54 84480 --a------ E:\WINDOWS\System32\CTASI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b}]
    E:\Program Files\VideoCompressionCodec\isaddon.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{966CCD4C-841C-423E-B33E-7E6A042ADC53}]
    2002-07-19 09:54 84480 --a------ E:\WINDOWS\System32\CTASI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5FC11B0-A071-4CF7-B73D-EBEFA84A5BFB}]
    2002-07-19 09:54 84480 --a------ E:\WINDOWS\System32\CTASI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD3FE1F3-262E-4246-BD23-C62A880CC2BB}]
    2002-07-19 09:54 84480 --a------ E:\WINDOWS\System32\CTASI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8F4376E-E644-4291-B5AA-A3BDAEDEB1CF}]
    2002-07-19 09:54 84480 --a------ E:\WINDOWS\System32\CTASI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FED7D90E-FB91-4740-AB83-984E91C559E7}]
    2002-07-19 09:54 84480 --a------ E:\WINDOWS\System32\CTASI.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
    {8AED5DF3-6E0B-4930-B1A5-F8AA8D757497}

    [HKEY_CLASSES_ROOT\clsid\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SSBkgdUpdate"="E:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
    "PaperPort PTD"="E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 16:02 57393]
    "IndexSearch"="E:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-09 16:24 40960]
    "ControlCenter2.0"="E:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 08:34 851968]
    "ATICCC"="E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112]
    "QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2005-06-02 21:45 77824]
    "AVG7_CC"="E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-20 20:59 579072]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2001-09-07 11:00 13312]
    "AVG7_Run"="E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 18:16 219136]

    [HKLM\~\startupfolder\E:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=E:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\E:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Status Monitor.lnk]
    path=E:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Status Monitor.lnk
    backup=E:\WINDOWS\pss\Status Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2001-09-07 11:00 13312 E:\WINDOWS\System32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DevconDefaultDB]
    E:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Game Util]
    --a------ 2006-09-09 14:24 24064 E:\Program Files\Rage3D\GameUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
    --a------ 2001-11-29 00:00 28672 E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    E:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2001-08-02 07:14 1077277 E:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 09:50 155648 E:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
    --a------ 2006-05-31 10:22 135168 E:\Norman\bin\ZLH.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
    --a------ 2006-05-01 14:51 652800 e:\program files\powerstrip\pstrip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProgramChecker]
    E:\Program Files\Zenturi\ProgramChecker\pcheckp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
    --a------ 2002-11-12 11:02 860672 E:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-11-10 13:03 36975 E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
    --a------ 2000-06-18 13:03 106544 E:\WINDOWS\system32\TWEAKUI.CPL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    --------- 2000-05-11 00:00 90112 E:\WINDOWS\UpdReg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    E:\WINDOWS\system32\dumprep 0 -u

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
    --a------ 2002-07-02 16:56 24576 E:\WINDOWS\system32\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Messenger"=2 (0x2)
    "mnmsrvc"=3 (0x3)

    R0 IFP300;iRiver Internet Audio Player IFP-300;E:\WINDOWS\System32\DRIVERS\ifp300.sys [2003-11-12 22:43]
    R2 Ndiskio;Ndiskio;E:\Norman\Nse\bin\NDISKIO.SYS [2003-05-13 10:38]
    R2 OkiPar;OkiPar;E:\WINDOWS\System32\DRIVERS\OKIPAR.SYS [2001-10-02 10:54]
    R2 PStrip;PSTRIP;E:\WINDOWS\System32\DRIVERS\PSTRIP.SYS [2004-11-09 22:32]
    R3 BrScnUsb;Brother USB Still Image driver;E:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
    S3 nvcfsr;nvcfsr;E:\Norman\Nvc\bin\nvcfsr.sys [2004-11-05 08:47]
    S3 nvcoafl51;nvcoafl51;E:\Norman\Nvc\bin\nvcoafl51.sys [2005-05-13 14:20]
    S3 nvcoaft51;nvcoaft51;E:\Norman\Nvc\bin\nvcoaft51.sys [2006-06-14 13:39]
    S3 nvcoarc51;nvcoarc51;E:\Norman\Nvc\bin\nvcoarc51.sys [2005-05-13 14:10]
    S3 probe;probe;E:\WINDOWS\System32\drivers\probe.sys [2006-09-09 14:24]
    S4 nvcoas;Norman Virus Control on-access component;E:\Norman\Nvc\bin\nvcoas.exe [2006-06-15 11:42]
    S4 NVCScheduler;Norman Virus Control Scheduler;E:\Norman\Nvc\BIN\NVCSCHED.EXE [2005-01-12 09:22]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-12 21:46:26
    Windows 5.1.2600 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-12 21:47:38

    =================================================
    HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:12:39, on 12-1-2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\System32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\System32\brss01a.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    E:\WINDOWS\system32\Brmfrmps.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    E:\Program Files\Brother\ControlCenter2\brctrcen.exe
    E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    E:\Program Files\QuickTime\qttask.exe
    E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    E:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\WINDOWS\explorer.exe
    E:\WINDOWS\system32\NOTEPAD.EXE
    E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {013874C0-85A5-492A-8AD4-63828357C7FD} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {225CB90A-A52C-4B25-A952-59994383255D} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {4DE453D4-6F43-472A-9D8B-EF14566F3826} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - E:\Program Files\VideoCompressionCodec\isaddon.dll (file missing)
    O2 - BHO: (no name) - {966CCD4C-841C-423E-B33E-7E6A042ADC53} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {A5FC11B0-A071-4CF7-B73D-EBEFA84A5BFB} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {B1B8507C-FF12-402D-B39D-56A68EF567EF} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {BD3FE1F3-262E-4246-BD23-C62A880CC2BB} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {D8F4376E-E644-4291-B5AA-A3BDAEDEB1CF} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {FED7D90E-FB91-4740-AB83-984E91C559E7} - E:\WINDOWS\System32\CTASI.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - E:\Program Files\VideoCompressionCodec\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] E:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - E:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 5959 bytes

  • #2
    Is er enige reden waarom je Norman niet actief hebt en AVG wel?
    Twee scanners niet actief is goed, maar als je voor Norman betaalt is het wel een beetje zonde.

    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {013874C0-85A5-492A-8AD4-63828357C7FD} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {225CB90A-A52C-4B25-A952-59994383255D} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {4DE453D4-6F43-472A-9D8B-EF14566F3826} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - E:\Program Files\VideoCompressionCodec\isaddon.dll (file missing)
    O2 - BHO: (no name) - {966CCD4C-841C-423E-B33E-7E6A042ADC53} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {A5FC11B0-A071-4CF7-B73D-EBEFA84A5BFB} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {B1B8507C-FF12-402D-B39D-56A68EF567EF} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {BD3FE1F3-262E-4246-BD23-C62A880CC2BB} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {D8F4376E-E644-4291-B5AA-A3BDAEDEB1CF} - E:\WINDOWS\System32\CTASI.dll
    O2 - BHO: (no name) - {FED7D90E-FB91-4740-AB83-984E91C559E7} - E:\WINDOWS\System32\CTASI.dll
    O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - E:\Program Files\VideoCompressionCodec\iesplugin.dll (file missing)

    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

    Herstart je PC en plaats een Hijackthis logfile ter controle
    Groet,
    Pimmerd

    Comment


    • #3
      Bedankt voor de reactie Pimmerd!
      Ik heb je advies opgevolgd en het probleem lijkt opgelost!

      Over Norman: die gebruikte ik eerder, maar ben overgestapt op AVG. (ik betaal(de) niet voor Norman overigens).

      Nogmaals bedankt en hierbij nog de nieuwe Hijackthis log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:58:56, on 17-1-2008
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)
      Boot mode: Normal

      Running processes:
      E:\WINDOWS\System32\smss.exe
      E:\WINDOWS\system32\winlogon.exe
      E:\WINDOWS\system32\services.exe
      E:\WINDOWS\system32\lsass.exe
      E:\WINDOWS\System32\Ati2evxx.exe
      E:\WINDOWS\system32\svchost.exe
      E:\WINDOWS\System32\svchost.exe
      E:\WINDOWS\system32\Ati2evxx.exe
      E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      E:\WINDOWS\system32\spoolsv.exe
      E:\WINDOWS\System32\brss01a.exe
      E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      E:\WINDOWS\system32\Brmfrmps.exe
      E:\WINDOWS\System32\svchost.exe
      E:\WINDOWS\Explorer.EXE
      E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      E:\Program Files\Brother\ControlCenter2\brctrcen.exe
      E:\Program Files\QuickTime\qttask.exe
      E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      E:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      E:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
      E:\Program Files\Mozilla Firefox\firefox.exe
      E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: (no name) - {7B0B4BAE-65E6-4B2E-92FB-A9F0F4C5930F} - E:\WINDOWS\System32\CTASI.dll (file missing)
      O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
      O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      O4 - HKLM\..\Run: [ControlCenter2.0] E:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - E:\WINDOWS\system32\Brmfrmps.exe
      O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

      --
      End of file - 5064 bytes

      Comment


      • #4
        Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        O2 - BHO: (no name) - {7B0B4BAE-65E6-4B2E-92FB-A9F0F4C5930F} - E:\WINDOWS\System32\CTASI.dll (file missing)

        Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

        De Java software op je computer is verouderd.
        Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
        Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
        Download Java Runtime Environment (JRE) 6u4.
        • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
        • Klik op de "Download" knop aan de rechterkant.
        • In het uitklapmenu rechts naast Platform, selecteer Windows
        • Vink aan: "[b]I agree to the Java SE Runtime Environment 6 License Agreement[/i]", en klik op Continue.
        • De pagina zal herladen.
        • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
        • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
        • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
        • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
        • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
        • Herhaal dit tot alle oudere versies verdwenen zijn.
        • Na het verwijderen van alle oudere versies, herstart je pc.
        • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


        Plaats vervolgens een Hijackthis logfile ter controle.
        Hoe is het met je problemen?
        Groet,
        Pimmerd

        Comment

        Sorry, you are not authorized to view this page
        Working...
        X