Mededeling

Collapse
No announcement yet.

Homepage op finderg.com

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Homepage op finderg.com

    Goedenavond,

    Mijn standaard homepage is ipv van google op finderg.com gezet.

    Voor de rest heb ik geen problemen zouden jullie voor de zekerheid eens kunnen kijken of er iets raars in mijn log zit?

    Alvast bedankt voor de moeite!

    Hierbij mn logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:35:23, on 24-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Symantec AntiVirus\VPC32.EXE
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.conquaestor.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [ShowLOMControl] 
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
    O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: *.conquaestor.eu
    O15 - Trusted Zone: *.conquaestor.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189015860953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189015848625
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Conquaestor.local
    O17 - HKLM\Software\..\Telephony: DomainName = Conquaestor.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Conquaestor.local
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 9537 bytes

  • #2
    finderg.com virus

    Hallo,

    Ik heb afgelopen donderdag een log op de site gezet maar heb tot dusver geen reactie ontvangen.

    Zouden jullie svp toch nog even kunnen kijken hiernaar?

    groeten
    Dick

    **************************************************

    Goedenavond,

    Mijn standaard homepage is ipv van google op finderg.com gezet.

    Voor de rest heb ik geen problemen zouden jullie voor de zekerheid eens kunnen kijken of er iets raars in mijn log zit?

    Alvast bedankt voor de moeite!

    Hierbij mn logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:35:23, on 24-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Symantec AntiVirus\VPC32.EXE
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/sami...bar.jhtml?p=DW
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.conquaestor.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [ShowLOMControl] 
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
    O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: *.conquaestor.eu
    O15 - Trusted Zone: *.conquaestor.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1189015860953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189015848625
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Conquaestor.local
    O17 - HKLM\Software\..\Telephony: DomainName = Conquaestor.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Conquaestor.local
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 9537 bytes

    Comment


    • #3
      Kun je even een vers Hijackthislogje plaatsen??

      Comment


      • #4
        Bij deze.

        Bedankt alvast.


        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 21:59:38, on 28-1-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16544)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Windows Defender\MsMpEng.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\WLTRYSVC.EXE
        C:\WINDOWS\System32\bcmwltry.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
        C:\Program Files\Symantec AntiVirus\SavRoam.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Apoint\Apoint.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\WINDOWS\stsystra.exe
        C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
        C:\Program Files\Dell\QuickSet\quickset.exe
        C:\WINDOWS\system32\igfxsrvc.exe
        C:\WINDOWS\system32\WLTRAY.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\VPTray.exe
        C:\Program Files\Apoint\Apntex.exe
        C:\Program Files\Apoint\HidFind.exe
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\NetWaiting\netWaiting.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Digital Line Detect\DLG.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\system32\SNDVOL32.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.conquaestor.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
        O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
        O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
        O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
        O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
        O4 - HKLM\..\Run: [ShowLOMControl] 
        O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
        O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
        O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
        O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
        O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
        O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
        O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
        O4 - Global Startup: Digital Line Detect.lnk = ?
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O15 - Trusted Zone: *.conquaestor.eu
        O15 - Trusted Zone: *.conquaestor.nl
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189015860953
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189015848625
        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Conquaestor.local
        O17 - HKLM\Software\..\Telephony: DomainName = Conquaestor.local
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Conquaestor.local
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

        --
        End of file - 9491 bytes

        Comment


        • #5
          Ga naar Start -> Configuratiescherm -> Software en verwijder daar:
          My Way Search Assistant

          2. Open Hijackthis en kies voor Do a system scan only.
          Vink nu de volgende regels aan:
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/sami...bar.jhtml?p=DW
          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


          Sluit alle open vensters en klik op Fix Checked.

          3. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix naar je Bureaublad.
          • Dubbelklik Combofix.exe
            Volg de instructies, aanvaard de disclaimer door "1" te typen en te bevestigen via "Enter".
            Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

          Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
          Plaats deze log in je volgende post samen met een nieuw HijackThis log.

          Note: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

          Succes

          Comment


          • #6
            ok. gedaan. ik heb alleen de R1 regel niet kunnen vinden in de HijackLog. misschien dat ie al verwijderd was door het verwijderen van de My Qay Search Assistant?

            ComboFix 08-02.05.3 - dick.de.vos 2008-02-09 10:00:04.1 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.103 [GMT 1:00]
            Gestart vanuit: C:\Documents and Settings\dick.de.vos\Bureaublad\ComboFix.exe
            * Nieuw herstelpunt werd aangemaakt

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
            C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

            ----- BITS: Mogelijk geïnfecteerde sites -----

            hxxp://www.download.windowsupdate.com
            hxxp://dc04:8530
            .
            (((((((((((((((((((( Bestanden Gemaakt van 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))
            .

            2008-02-09 10:00 . 2008-02-09 10:00 <DIR> d-------- C:\Temp\WPDNSE
            2008-02-09 09:51 . 2008-02-09 09:51 16,384 --a----t- C:\Temp\Perflib_Perfdata_c50.dat
            2008-01-30 12:06 . 2008-01-30 12:06 <DIR> d-------- C:\Temp\WZSE0.TMP
            2008-01-30 12:06 . 2008-01-30 12:06 <DIR> d-------- C:\Program Files\pdf995
            2008-01-30 12:06 . 2008-01-30 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pdf995
            2008-01-30 12:06 . 2008-01-30 12:06 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll
            2008-01-30 12:06 . 2008-01-30 12:06 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll
            2008-01-30 12:06 . 2008-01-30 12:06 25 --a------ C:\WINDOWS\wpd99.drv
            2008-01-29 11:52 . 2008-01-29 11:52 <DIR> d-------- C:\Temp\QM20
            2008-01-29 11:52 . 2008-01-29 11:52 <DIR> d-------- C:\Program Files\Common Files\InstallShield Shared
            2008-01-29 11:52 . 2008-01-29 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
            2008-01-29 11:51 . 2008-01-29 11:52 <DIR> d-------- C:\Temp\{5589AC41-D312-482C-B668-466F25B252D9}
            2008-01-29 11:51 . 2008-01-29 11:51 <DIR> d-------- C:\Program Files\Common Files\Articulate
            2008-01-29 11:51 . 2008-01-29 11:51 <DIR> d-------- C:\Program Files\Articulate
            2008-01-29 11:51 . 2008-01-29 11:51 <DIR> d-------- C:\Documents and Settings\dick.de.vos\Application Data\InstallShield
            2008-01-29 11:50 . 2008-01-29 11:52 <DIR> d-------- C:\Temp\{B18B2885-EB68-466B-AB01-C42EF3AA94E1}
            2008-01-28 22:30 . 2008-01-28 22:30 <DIR> d-------- C:\Program Files\Lavasoft
            2008-01-28 22:30 . 2008-01-28 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2008-01-28 22:29 . 2008-01-28 22:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2008-01-24 22:21 . 2008-01-24 22:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
            2008-01-24 22:21 . 2008-01-26 07:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2008-01-24 22:19 . 2008-01-24 22:20 <DIR> d-------- C:\Temp\is-HF0UE.tmp
            2008-01-24 22:19 . 2008-01-24 23:56 <DIR> d-------- C:\Temp\is-2QJAK.tmp
            2008-01-24 22:14 . 2008-01-24 22:14 <DIR> d-------- C:\Program Files\Trend Micro
            2008-01-24 21:41 . 2008-01-28 22:11 <DIR> d-------- C:\Program Files\eMule
            2008-01-20 12:46 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
            2008-01-20 12:46 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\dllcache\bthmodem.sys
            2008-01-20 12:35 . 2008-01-20 12:49 1,808,526 --a------ C:\Temp\_parFuu.Iloading.bin
            2008-01-20 12:34 . 2008-01-20 12:35 <DIR> d-------- C:\Program Files\Parrot Software Update Tool

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-02-09 08:42 --------- d-----w C:\Program Files\Symantec AntiVirus
            2008-01-29 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2008-01-28 21:10 --------- d-----w C:\Program Files\FreeMind
            2008-01-28 21:09 --------- d-----w C:\Program Files\SpywareBlaster
            2008-01-15 11:24 --------- d-----w C:\Program Files\MSN Messenger
            2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
            "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480]
            "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 19:13 176128]
            "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 23:44 98304]
            "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 23:41 77824]
            "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 23:45 118784]
            "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 397312 C:\WINDOWS\stsystra.exe]
            "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
            "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-02-20 12:39 839680]
            "ShowLOMControl"="1 (0x1)"
            "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08:08 1347584]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
            "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44 66680]
            "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18 124128]
            "imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 13:00 25440]
            "IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2007-04-02 20:42 17248]
            "CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2007-03-22 18:17 66400]
            "PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2007-03-22 18:17 98656]
            "IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2007-04-19 13:00 125792]
            "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 12:00 144384]
            "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
            "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
            "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 18:29 39264]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-05-31 09:06:29 1445904]
            Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-24 08:45:30 24576]

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
            "DisablePersonalDirChange"= 1 (0x1)

            S3 BCMTPM;BCMTPM;C:\WINDOWS\system32\DRIVERS\btpmw32.sys [2006-02-22 20:33]

            .
            Inhoud van de 'Gedeelde Taken' map
            "2008-02-09 08:44:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
            - C:\Program Files\Windows Defender\MpCmdRun.exe
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-02-09 10:01:59
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            Voltooingstijd: 2008-02-09 10:02:26
            ComboFix-quarantined-files.txt 2008-02-09 09:02:18





            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 10:12, on 2008-02-09
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16544)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Windows Defender\MsMpEng.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\WLTRYSVC.EXE
            C:\WINDOWS\System32\bcmwltry.exe
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
            C:\Program Files\Symantec AntiVirus\DefWatch.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
            C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
            C:\Program Files\Symantec AntiVirus\SavRoam.exe
            C:\Program Files\Symantec AntiVirus\Rtvscan.exe
            C:\Program Files\Apoint\Apoint.exe
            C:\WINDOWS\system32\hkcmd.exe
            C:\WINDOWS\system32\igfxpers.exe
            C:\WINDOWS\stsystra.exe
            C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
            C:\WINDOWS\system32\igfxsrvc.exe
            C:\Program Files\Dell\QuickSet\quickset.exe
            C:\Program Files\Apoint\Apntex.exe
            C:\Program Files\Apoint\HidFind.exe
            C:\WINDOWS\system32\WLTRAY.exe
            C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\PROGRA~1\SYMANT~1\VPTray.exe
            C:\Program Files\Windows Defender\MSASCui.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\NetWaiting\netWaiting.exe
            C:\Program Files\Digital Line Detect\DLG.exe
            C:\PROGRA~1\SYMANT~1\DWHWIZRD.EXE
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\WINDOWS\explorer.exe
            C:\WINDOWS\system32\notepad.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.conquaestor.com/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
            O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
            O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
            O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
            O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
            O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
            O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
            O4 - HKLM\..\Run: [ShowLOMControl] 
            O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
            O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
            O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
            O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
            O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
            O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
            O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
            O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
            O4 - Global Startup: Digital Line Detect.lnk = ?
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O15 - Trusted Zone: *.conquaestor.eu
            O15 - Trusted Zone: *.conquaestor.nl
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189015860953
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189015848625
            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
            O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Conquaestor.local
            O17 - HKLM\Software\..\Telephony: DomainName = Conquaestor.local
            O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Conquaestor.local
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
            O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
            O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
            O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
            O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
            O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

            --
            End of file - 9494 bytes

            Comment


            • #7
              Kun je even aangeven of je de startpagina inmiddels kunt veranderen??
              Ik zie trouwens Ad-Aware (Ad-watch) en Norton aanwezig. Deze hebben nog wel is de neiging om het veranderen van een startpagina tegen te gaan. Deze kunnen dus ook mogelijk tegenwerken. Kijk daarom ook daar even tussen de optie's.

              Comment


              • #8
                Ik kan de homepage gewoon wijzigen en heb verder ook geen problemen meer. Moet ik voor de rest nog wat doen?

                Comment


                • #9
                  Ga naar start uitvoeren en voer daar het volgende in:
                  combofix /u

                  2. Update je Java nog even:

                  Download [url=http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6u4.
                  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
                  • Klik op de "Download" knop aan de rechterkant.
                  • In het uitklapmenu rechts naast Platform, selecteer Windows
                  • Vink aan: "[b]I agree to the Java SE Runtime Environment 6 License Agreement[/i]", en klik op Continue.
                  • De pagina zal herladen.
                  • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
                  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                  • Herhaal dit tot alle oudere versies verdwenen zijn.
                  • Na het verwijderen van alle oudere versies, herstart je pc.
                  • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                  Verder ziet het er goed uit

                  Comment


                  • #10
                    ok. super bedankt voor je hulp!

                    Comment


                    • #11
                      Graag gedaan

                      Ik verplaats dit topic naar de sectie "Opgelost / inactieve HJT-logs".
                      Mocht je het topic heropend willen hebben kun je mij een pb sturen.

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X