Mededeling

**Steggel** · 02-03-08, 12:11

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden

Volg de instructies die daar gegeven worden.
Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**greenhornet** · 02-03-08, 12:56

ComboFix 08-03-01.3 - MAS 2008-03-02 12:49:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1209 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\MAS\Bureaublad\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))
.

2008-03-02 03:01 . 2008-03-02 03:01 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-02 00:11 . 2008-03-02 00:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-02 00:11 . 2008-03-02 00:11 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\SUPERAntiSpyware.com
2008-03-02 00:11 . 2008-03-02 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-02 00:01 . 2008-03-02 00:01 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-01 21:45 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-01 21:45 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-01 21:45 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-01 21:45 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-01 16:20 . 2008-03-01 17:21 <DIR> d-------- C:\Program Files\Common Files\DAZ
2008-03-01 12:27 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-03-01 12:27 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-03-01 12:27 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-03-01 12:27 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-03-01 12:26 . 2008-03-01 12:26 <DIR> d-------- C:\Program Files\Webroot
2008-03-01 12:26 . 2008-03-01 12:26 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\Webroot
2008-03-01 12:26 . 2008-03-01 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-01 12:26 . 2008-03-01 12:26 164 --a------ C:\install.dat
2008-03-01 12:04 . 2008-03-01 12:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-01 11:56 . 2008-03-01 16:30 <DIR> d-------- C:\Program Files\Hitman Pro
2008-02-28 17:44 . 2008-02-28 17:44 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-02-28 17:15 . 2008-02-28 17:15 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\JAM Software
2008-02-28 16:00 . 2008-02-28 15:59 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-28 15:59 . 2008-02-28 16:00 <DIR> d-------- C:\Documents and Settings\MAS\.housecall6.6
2008-02-27 13:38 . 2004-08-04 13:00 1,042 --a------ C:\WINDOWS\system32\gpupdateo.exe
2008-02-27 13:33 . 2004-08-04 13:00 88,064 --a------ C:\WINDOWS\system32\avmeterj.dll
2008-02-23 19:57 . 2008-02-23 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
2008-02-23 11:35 . 2008-02-23 11:35 <DIR> d-------- C:\Program Files\Alien Skin
2008-02-23 04:16 . 2008-02-23 04:16 3,584 --a------ C:\Documents and Settings\MAS\netcache.dat
2008-02-23 03:42 . 2008-02-23 03:42 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\Micrografx
2008-02-21 17:46 . 2004-03-29 17:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-02-21 11:34 . 2008-02-28 16:57 <DIR> d-------- C:\Program Files\Replay AV 8
2008-02-19 23:06 . 2008-02-19 23:06 438 --a------ C:\WINDOWS\u3dedit3.INI
2008-02-18 16:39 . 2008-02-18 16:40 78 --ah----- C:\WINDOWS\Wfstgr.ns
2008-02-18 16:33 . 2008-02-18 16:33 <DIR> d-------- C:\WINDOWS\Profiles
2008-02-18 16:33 . 2008-02-18 16:35 78 --ah----- C:\WINDOWS\Xwdupv.ns
2008-02-18 15:52 . 1995-10-21 10:37 35,328 --------- C:\WINDOWS\INETWH32.DLL
2008-02-18 15:52 . 1995-07-20 00:00 26,832 --------- C:\WINDOWS\CTL3DV2.DLL
2008-02-18 15:52 . 1995-10-16 16:55 9,136 --------- C:\WINDOWS\INETWH16.DLL
2008-02-18 15:52 . 1995-10-13 16:28 4,528 --------- C:\WINDOWS\SETBROWS.EXE
2008-02-18 15:52 . 2008-02-18 16:41 78 --ah----- C:\WINDOWS\Au1tgr.ns
2008-02-18 01:59 . 2008-02-18 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VertusTech
2008-02-18 01:59 . 2008-02-18 01:59 1,024 --a------ C:\WINDOWS\system32\xofuz8s.tgz
2008-02-16 15:59 . 2008-02-16 15:59 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-02-16 15:59 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-02-15 10:33 . 2008-02-15 10:33 <DIR> d-------- C:\Program Files\AKVIS
2008-02-15 10:16 . 2008-02-15 10:16 <DIR> d-------- C:\Documents and Settings\MAS\.assistant
2008-02-15 08:43 . 2008-02-21 13:09 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\Alien Skin
2008-02-15 06:46 . 2008-02-15 06:46 <DIR> d-------- C:\WINDOWS\MetaCreations
2008-02-15 06:46 . 2008-02-23 19:21 329 --a------ C:\WINDOWS\PowerReg.dat
2008-02-15 06:14 . 2008-02-18 16:35 <DIR> d-------- C:\WINDOWS\ulead.dat
2008-02-15 06:00 . 2008-02-15 06:00 <DIR> d-------- C:\WINDOWS\PreviewSoft
2008-02-15 06:00 . 2008-02-18 16:39 16 --a------ C:\WINDOWS\Wininit.ini
2008-02-15 04:57 . 2008-02-16 15:58 <DIR> d-------- C:\Documents and Settings\MAS\Application Data\Ulead Systems
2008-02-15 04:57 . 2008-02-15 04:57 24 --a------ C:\WINDOWS\system32\DKRNL.JAX
2008-02-15 04:56 . 2008-02-16 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 00:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 23:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 16:34 --------- d-----w C:\Documents and Settings\MAS\Application Data\Lavasoft
2008-03-01 11:47 --------- d-----w C:\Program Files\Eset
2008-02-28 15:57 --------- d-----w C:\Program Files\Replay Converter
2008-02-28 11:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 04:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-26 21:50 --------- d-----w C:\Documents and Settings\MAS\Application Data\GetRightToGo
2008-02-23 19:29 25,655 ----a-w C:\Documents and Settings\MAS\Application Data\mdb.bin
2008-02-22 20:43 --------- d-----w C:\Program Files\BitTorrent
2008-02-16 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 15:11 --------- d-----w C:\Documents and Settings\MAS\Application Data\dvdcss
2008-01-15 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-10 22:17 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-10 22:17 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-07 01:08 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\OLEAUT32.DLL
2005-12-31 14:34 54 ----a-w C:\Program Files\inc1.bat
2005-12-31 14:34 54 ----a-w C:\Program Files\bit3.bat
2005-12-31 14:34 54 ----a-w C:\Program Files\bit2.bat
2005-12-31 14:34 54 ----a-w C:\Program Files\bit.bat
2005-12-31 14:34 41 ----a-w C:\Program Files\sleep.bat
2005-12-31 14:34 0 ----a-w C:\Program Files\temp3.exe.txt
2005-12-31 14:34 0 ----a-w C:\Program Files\temp2.exe.txt
2005-12-31 14:34 0 ----a-w C:\Program Files\temp1.exe.txt
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4A5163-8D00-4D3A-8544-61B0844D26AF}]
2004-08-04 13:00 88064 --a------ C:\WINDOWS\system32\avmeterj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AA31362-6F01-43EB-9282-11DA2F138BDA}]
2004-08-04 13:00 88064 --a------ C:\WINDOWS\system32\avmeterj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F8696D0-E87C-4B37-ADA9-880A1D7C89F3}]
2004-08-04 13:00 88064 --a------ C:\WINDOWS\system32\avmeterj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"SMSystemAnalyzer"="d:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 17:47 557056]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 11:36 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10 339968]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 12:31 29696 C:\WINDOWS\KHALMNPR.Exe]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"DAEMON Tools"="d:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-06-05 13:33 921600]
"ioloDelayModule"="D:\Program Files\iolo\System Mechanic Professional 6\delay.exe" [2005-06-08 13:31 96256]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 19:55:44 569405]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-25 06:49:11 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-25 01:13:27 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= D:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2001-04-12 18:05 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\DAP\\DAP.exe"=
"D:\\Incoming\\MSN Messenger 7 - Animoticons - Winks - 44 Moods and 255 Emoticons (Includes Self Installer)\\installer\\mcoinstall.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"D:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\mIRC\\mirc.exe"=
"D:\\BorgIRC 2\\mirc.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:UDP"= 6881:UDP:LuckyTorrents.nl

R2 pdfFactory Pro Dispatcher v3;pdfFactory Pro Dispatcher v3;"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /service

S1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
*Newly Created Service* - SDAUXSERVICE
*Newly Created Service* - SDCORESERVICE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 12:50:54
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
-> d:\Program Files\WS_FTP Pro\nsftpch.dll
.
Voltooingstijd: 2008-03-02 12:51:48
ComboFix-quarantined-files.txt 2008-03-02 11:51:37
ComboFix2.txt 2008-02-28 09:20:09
.
2008-03-02 02:01:37 --- E O F ---

----------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:53:18, on 2-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\MAS\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E4A5163-8D00-4D3A-8544-61B0844D26AF} - C:\WINDOWS\system32\avmeterj.dll
O2 - BHO: (no name) - {6AA31362-6F01-43EB-9282-11DA2F138BDA} - C:\WINDOWS\system32\avmeterj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9F8696D0-E87C-4B37-ADA9-880A1D7C89F3} - C:\WINDOWS\system32\avmeterj.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ioloDelayModule] D:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "d:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Verzenden naar &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: pdfFactory Pro Dispatcher v3 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

**Steggel** · 02-03-08, 15:21

Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en...HJTInstall.exe
Installeer het programma in de standaard locatie.

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {3E4A5163-8D00-4D3A-8544-61B0844D26AF} - C:\WINDOWS\system32\avmeterj.dll
O2 - BHO: (no name) - {6AA31362-6F01-43EB-9282-11DA2F138BDA} - C:\WINDOWS\system32\avmeterj.dll
O2 - BHO: (no name) - {9F8696D0-E87C-4B37-ADA9-880A1D7C89F3} - C:\WINDOWS\system32\avmeterj.dll
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Herstart de computer en post een nieuw log van hijackthis.
Meld ook of hiermee het probleem is opgelost.

Scan het volgende bestand bij Jotti
C:\WINDOWS\system32\gpupdateo.exe

Post het resultaat.

**greenhornet** · 02-03-08, 16:07

ik heb even een beetje in het rond zitten klikken
nog niks raars weer gehad.
of het is nu weg, of het is al een stuk beter geworden

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:20, on 2-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ioloDelayModule] D:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "d:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Verzenden naar &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: pdfFactory Pro Dispatcher v3 - FinePrint Software, LLC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9858 bytes

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: gpupdateo.exe
Status: INFECTED/MALWARE
MD5: 46d598a8612c145705017134772fd4e9
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 02 Mar 2008 14:52:19 (GMT)
A-Squared Found Trojan.Win32.Zapchast.ca
AntiVir Found TR/Zapchast.EC
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found Troj.W32.Zapchast.ec
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Zapchast.ec
Fortinet Found W32/Zapchast.EC!tr
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.Zapchast.ec
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found Trj/Zapchast.DS
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Trojan.Win32.Zapchast.ec

**Steggel** · 02-03-08, 16:53

Dat bestand gpupdateo.exe mag je dus verwijderen.

Download Java Runtime Environment (JRE) 6u4.

Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
Klik op de "Download" knop aan de rechterkant.
In het uitklapmenu rechts naast Platform, selecteer Windows
Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
De pagina zal herladen.
Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Lees hier hoe je nieuwe infecties kan voorkomen!

Als jou probleem nu weg is, markeer dit onderwerp dan als opgelost, zoniet dan zie ik nog wel een reactie.

**greenhornet** · 02-03-08, 18:50

volgens mij ben ik van alle problemen af

in ieder geval bedankt voor de snelle hulp

mvg
marc

Mededeling

search daily.com

search daily.com

Comment

Comment

Comment

Comment

Comment

Comment