Mededeling

Collapse
No announcement yet.

Spyware infecties

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Spyware infecties

    Ik heb spyware infecties opgelopen
    In de snelle scan werden al 72 infecties gevonden, die zijn verwijderd,
    nu in een volledige scan ook al 40 infecties.
    Screenshot:


    Opgelet: DIT IS EEN ANDERE COMPUTER DAN HET ANDERE LOGJE.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:54:53, on 7-2-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SpamPal\spampal.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\FrostWire\FrostWire.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [LanzarP2006] "C:\Users\floris!\AppData\Local\Temp\{24967DEC-2BC0-4229-A8DC-CB9CDCFC1889}\{EEBA9416-3207-47E0-9022-116440599DBC}\P2006tmp\Install.exe" /SETUP:"/l0x0013"
    O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Shock4Way3D] C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: VMware Registration Service (vmserverdWin32) - Unknown owner - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8569 bytes

  • #2
    Opgelet: DIT IS EEN ANDERE COMPUTER DAN HET ANDERE LOGJE.
    Wat bedoel je hiermee? Dat dit logje niet van de PC afkomt die geinfecteerd is?
    Groet,
    Pimmerd

    Comment


    • #3
      Coree bedoelt het logje dat ik heb behandeld, lijkt mij.

      Comment


      • #4
        *zwaait: hoi buffy, weer terug
        Bedankt

        Klik met je rechter muisknop op Hijackthis en kies voor 'Uitvoeren als Administrator'.
        Kies vervolgens op 'Do a system scan only' en vink onderstaande regels aan:

        O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
        O4 - HKLM\..\Run: [LanzarP2006] "C:\Users\floris!\AppData\Local\Temp\{24967DEC-2BC0-4229-A8DC-CB9CDCFC1889}\{EEBA9416-3207-47E0-9022-116440599DBC}\P2006tmp\Install.exe" /SETUP:"/l0x0013"
        O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
        O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)

        Sluit vervolgens alle openstaande vensters en klik op 'Fix checked'.

        Herstart je PC en post een Hijackthis logje ter controle.
        Groet,
        Pimmerd

        Comment


        • #5
          Nee buffy dit gaat om mijn Vista PC
          De andere is een XP Laptop

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 10:14:57, on 9-2-2008
          Platform: Windows Vista (WinNT 6.00.1904)
          MSIE: Internet Explorer v7.00 (7.00.6000.16386)
          Boot mode: Normal

          Running processes:
          C:\Windows\system32\taskeng.exe
          C:\Windows\Explorer.EXE
          C:\Windows\System32\wpcumi.exe
          C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
          C:\Program Files\Grisoft\AVG7\avgcc.exe
          C:\Program Files\Spyware Doctor\SDTrayApp.exe
          C:\Program Files\Windows Sidebar\sidebar.exe
          C:\Windows\ehome\ehtray.exe
          C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          C:\Program Files\SpamPal\spampal.exe
          C:\Windows\ehome\ehmsas.exe
          C:\Program Files\MSN Messenger\msnmsgr.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=laptop
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          O1 - Hosts: ::1 localhost
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
          O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
          O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
          O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
          O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
          O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
          O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
          O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
          O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
          O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
          O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
          O13 - Gopher Prefix:
          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
          O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
          O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
          O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
          O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
          O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
          O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
          O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
          O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
          O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
          O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
          O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
          O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
          O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
          O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
          O23 - Service: VMware Registration Service (vmserverdWin32) - Unknown owner - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (file missing)
          O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

          --
          End of file - 7680 bytes

          Comment


          • #6
            Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
            - Start Spybot
            - Ga naar Mode > selecteer Advanced Mode
            - Ga naar Tools en klik op het Resident-icoon in de lijst
            - Haal het vinkje weg bij Resident TeaTimer en klik OK
            - Herstart de computer
            - Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
            Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.

            Ga naar start --> uitvoeren en typ daar: sc delete CLTNetCnService
            Bevestig met ok.

            Klik met je rechter muisknop op Hijackthis en kies voor 'Uitvoeren als Administrator'.
            Kies vervolgens op 'Do a system scan only' en vink onderstaande regels aan:

            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
            O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
            O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)

            Sluit vervolgens alle openstaande vensters en klik op 'Fix checked'.

            Download Combofix naar je bureaublad

            Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

            OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

            Dubbelklik op combofix.exe
            Kies voor "Continue" door 1 te typen gevolgd door ENTER.
            Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

            Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
            Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
            Groet,
            Pimmerd

            Comment


            • #7
              Combofix doet het niet
              En ResetTeaTimer.bat deed het ook niet, dus ik heb Spybot eventjes verwijderd.

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 10:56:53, on 10-2-2008
              Platform: Windows Vista (WinNT 6.00.1904)
              MSIE: Internet Explorer v7.00 (7.00.6000.16386)
              Boot mode: Normal

              Running processes:
              C:\Windows\Explorer.EXE
              C:\Program Files\Spyware Doctor\SDTrayApp.exe
              C:\Windows\system32\taskeng.exe
              C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
              C:\Program Files\Grisoft\AVG7\avgcc.exe
              C:\Program Files\Windows Sidebar\sidebar.exe
              C:\Windows\ehome\ehtray.exe
              C:\Program Files\MSN Messenger\msnmsgr.exe
              C:\Program Files\WhatPulse\WhatPulse.exe
              C:\Program Files\SpamPal\spampal.exe
              C:\Windows\ehome\ehmsas.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=laptop
              O1 - Hosts: ::1 localhost
              O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
              O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
              O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
              O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
              O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
              O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
              O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
              O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
              O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
              O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
              O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
              O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
              O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
              O13 - Gopher Prefix:
              O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
              O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
              O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
              O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
              O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
              O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
              O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
              O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
              O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
              O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
              O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
              O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
              O23 - Service: VMware Registration Service (vmserverdWin32) - Unknown owner - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (file missing)
              O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

              --
              End of file - 7025 bytes

              Ik verwijder die dingen in het logje de hele tijd, maar ze komen terug

              Comment


              • #8
                Doe je dit wel:

                Klik met je rechter muisknop op Hijackthis en kies voor 'Uitvoeren als Administrator'.
                ?
                Groet,
                Pimmerd

                Comment


                • #9
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 16:26:10, on 10-2-2008
                  Platform: Windows Vista (WinNT 6.00.1904)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16386)
                  Boot mode: Normal

                  Running processes:
                  C:\Windows\System32\smss.exe
                  C:\Windows\system32\csrss.exe
                  C:\Windows\system32\wininit.exe
                  C:\Windows\system32\csrss.exe
                  C:\Windows\system32\services.exe
                  C:\Windows\system32\lsass.exe
                  C:\Windows\system32\lsm.exe
                  C:\Windows\system32\winlogon.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\SLsvc.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\Windows\System32\spoolsv.exe
                  C:\Windows\system32\svchost.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\Windows\system32\PnkBstrA.exe
                  C:\Windows\system32\PnkBstrB.exe
                  C:\Windows\system32\svchost.exe
                  C:\Program Files\Spyware Doctor\svcntaux.exe
                  C:\Program Files\Spyware Doctor\swdsvc.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\system32\DRIVERS\xaudio.exe
                  C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Windows\Explorer.EXE
                  C:\Windows\System32\wpcumi.exe
                  C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
                  C:\Program Files\Grisoft\AVG7\avgcc.exe
                  C:\Program Files\Spyware Doctor\SDTrayApp.exe
                  C:\Program Files\Windows Sidebar\sidebar.exe
                  C:\Windows\ehome\ehtray.exe
                  C:\Program Files\MSN Messenger\msnmsgr.exe
                  C:\Program Files\WhatPulse\WhatPulse.exe
                  C:\Program Files\SpamPal\spampal.exe
                  C:\Windows\ehome\ehmsas.exe
                  C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\servicing\TrustedInstaller.exe
                  C:\Program Files\Mozilla Firefox\firefox.exe
                  C:\Windows\system32\wuauclt.exe
                  C:\Program Files\MSN Messenger\usnsvc.exe
                  C:\Windows\system32\SearchIndexer.exe
                  C:\HijackThis.exe
                  C:\Windows\system32\wbem\wmiprvse.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=laptop
                  O1 - Hosts: ::1 localhost
                  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                  O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
                  O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
                  O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                  O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
                  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                  O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
                  O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                  O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
                  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                  O13 - Gopher Prefix:
                  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                  O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
                  O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                  O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
                  O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
                  O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
                  O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
                  O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                  O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                  O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                  O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                  O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
                  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                  O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                  O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                  O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
                  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                  O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

                  --
                  End of file - 8884 bytes


                  Sorry heb het niet als administrator gedaan. Nu wel goed?
                  Waarom zie ik zoveel services?
                  Last edited by Coree; 10-02-08, 16:27.

                  Comment


                  • #10
                    Dat ziet er al een stuk beter uit

                    Het is normaal dat Vista zoveel services heeft.

                    Start Hijackthis, kies hier voor 'Open the misc tools section '.
                    Klik nu op Delete an NT service. Er opent een popup venster.
                    Kopieer/plak of typ dikgedrukt onderstaande tekst in de popup:

                    CLTNetCnService

                    Klik vervolgens op OK.

                    De Java software op je computer is verouderd.
                    Oudere versies hebben lekken die malware de kans geeft om zich te installeren.
                    Voer eerst onderstaane stappen uit om Java te deïnstalleren en de nieuwste versie te installeren:
                    Download Java Runtime Environment (JRE) 6u4.
                    • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
                    • Klik op de "Download" knop aan de rechterkant.
                    • In het uitklapmenu rechts naast Platform, selecteer Windows
                    • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
                    • De pagina zal herladen.
                    • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
                    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                    • Herhaal dit tot alle oudere versies verdwenen zijn.
                    • Na het verwijderen van alle oudere versies, herstart je pc.
                    • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                    Post een Hijackthis logfile ter controle.

                    Hoe is het met je problemen?
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      Ik heb het gedaan maar die service kon ik niet verwijderen

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 18:41:26, on 10-2-2008
                      Platform: Windows Vista (WinNT 6.00.1904)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16386)
                      Boot mode: Normal

                      Running processes:
                      C:\Windows\System32\smss.exe
                      C:\Windows\system32\csrss.exe
                      C:\Windows\system32\wininit.exe
                      C:\Windows\system32\csrss.exe
                      C:\Windows\system32\services.exe
                      C:\Windows\system32\lsass.exe
                      C:\Windows\system32\lsm.exe
                      C:\Windows\system32\winlogon.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\system32\SLsvc.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe
                      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      C:\Windows\System32\spoolsv.exe
                      C:\Windows\system32\svchost.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                      C:\Windows\system32\PnkBstrA.exe
                      C:\Windows\system32\PnkBstrB.exe
                      C:\Windows\system32\svchost.exe
                      C:\Program Files\Spyware Doctor\svcntaux.exe
                      C:\Program Files\Spyware Doctor\swdsvc.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\System32\svchost.exe
                      C:\Windows\system32\DRIVERS\xaudio.exe
                      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Windows\Explorer.EXE
                      C:\Windows\System32\wpcumi.exe
                      C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
                      C:\Program Files\Grisoft\AVG7\avgcc.exe
                      C:\Program Files\Spyware Doctor\SDTrayApp.exe
                      C:\Program Files\Windows Sidebar\sidebar.exe
                      C:\Windows\ehome\ehtray.exe
                      C:\Program Files\WhatPulse\WhatPulse.exe
                      C:\Program Files\SpamPal\spampal.exe
                      C:\Windows\ehome\ehmsas.exe
                      C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Windows\system32\svchost.exe
                      C:\Windows\servicing\TrustedInstaller.exe
                      C:\Program Files\Mozilla Firefox\firefox.exe
                      C:\Windows\system32\wuauclt.exe
                      C:\Program Files\MSN Messenger\usnsvc.exe
                      C:\Windows\system32\SearchIndexer.exe
                      C:\HijackThis.exe
                      C:\Windows\system32\wbem\wmiprvse.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=laptop
                      O1 - Hosts: ::1 localhost
                      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
                      O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
                      O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
                      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
                      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                      O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
                      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
                      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
                      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
                      O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
                      O13 - Gopher Prefix:
                      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
                      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                      O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
                      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
                      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
                      O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
                      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                      O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
                      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                      O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
                      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
                      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
                      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                      O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
                      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                      O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
                      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
                      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
                      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

                      --
                      End of file - 8941 bytes

                      Comment


                      • #12
                        Download de Norton verwijderingstool hier. Laat deze runnen en post een logje ter controle.

                        Nog problemen inmiddels?
                        Groet,
                        Pimmerd

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X