Mededeling

Collapse
No announcement yet.

viruss?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • viruss?

    ik heb last van veel pop ups en trage pc wie o wie kan mij helpen dit is mijn logjee..



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:58:52, on 2-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\DOWNLO~1\AVGANT~1.5(R\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\downloads\ad-aware\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - D:\DOWNLO~1\AVGANT~1.5(R\avgamsvr.exe (file missing)
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - D:\DOWNLO~1\AVGANT~1.5(R\avgupsvc.exe (file missing)
    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - D:\DOWNLO~1\AVGANT~1.5(R\avgemc.exe (file missing)
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5298 bytes

  • #2
    Volg deze instructies om ComboFix te downloaden:
    • Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console
      Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

      OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
      schakel dan deze scanner uit en download Combofix opnieuw.
      Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
      • Dubbelklik op Combofix.exe
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
        Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.


      Plaats deze log in je volgende post, samen met een vers HijackThis logje.
    Groet,
    Pimmerd

    Comment


    • #3
      combo fix logje ::



      ComboFix 08-04-09.9 - Stan 2008-04-10 18:43:31.8 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.625 [GMT 2:00]
      Gestart vanuit: C:\Documents and Settings\Stan\Local Settings\Temporary Internet Files\Content.IE5\40U3EJ7M\ComboFix[1].exe
      * Nieuw herstelpunt werd aangemaakt
      * Resident AV is active


      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\pskill.exe

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))
      .

      2008-04-10 18:23 . 2008-04-10 18:25 1,374 --a------ C:\WINDOWS\imsins.BAK
      2008-04-09 20:44 . 2008-04-09 20:44 <DIR> dr-h----- C:\Documents and Settings\Stan\Onlangs geopend
      2008-04-08 21:54 . 2008-04-08 21:55 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
      2008-04-07 18:52 . 2008-04-07 18:52 <DIR> d-------- C:\Documents and Settings\Stan\Application Data\ESET
      2008-04-07 18:51 . 2008-04-07 18:51 <DIR> d-------- C:\Program Files\ESET
      2008-04-07 18:51 . 2008-04-07 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
      2008-04-05 14:27 . 2008-04-05 14:28 <DIR> d-------- C:\Documents and Settings\Stan\Application Data\ViStart
      2008-04-05 14:26 . 2008-04-05 14:40 <DIR> d-------- C:\WINDOWS\system32\VIRepair
      2008-04-05 14:26 . 2008-04-05 14:26 <DIR> d-------- C:\Program Files\WinFlip
      2008-04-05 14:26 . 2008-04-05 14:26 <DIR> d-------- C:\Program Files\VisualTooltip
      2008-04-05 14:26 . 2008-04-10 18:31 <DIR> d-------- C:\Program Files\ViStart
      2008-04-05 14:26 . 2008-04-05 14:27 <DIR> d-------- C:\Program Files\Vista Sidebar
      2008-04-05 14:26 . 2008-04-05 14:26 <DIR> d-------- C:\Program Files\TrueTransparency
      2008-04-05 14:26 . 2008-04-05 14:26 <DIR> d-------- C:\Program Files\Styler
      2008-04-05 14:26 . 2008-04-05 14:26 <DIR> d-------- C:\Program Files\LClock
      2008-04-05 14:26 . 2008-04-05 14:26 <DIR> d-------- C:\Documents and Settings\Stan\Application Data\Styler
      2008-04-05 14:26 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
      2008-04-05 14:26 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
      2008-04-05 14:26 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
      2008-04-05 14:26 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
      2008-04-05 14:23 . 2008-04-05 14:27 <DIR> d-------- C:\VTPFiles
      2008-04-05 14:23 . 2008-04-05 14:23 76,214 --a------ C:\WINDOWS\Icon_3.ico
      2008-03-31 16:45 . 2008-03-31 19:20 1,594,788 ---hs---- C:\WINDOWS\system32\quecmihd.ini
      2008-03-30 18:51 . 2008-03-30 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
      2008-03-16 23:31 . 2008-03-16 23:31 76,214 --a------ C:\WINDOWS\Icon_2.ico
      2008-03-16 23:13 . 2004-09-03 23:43 199 --a------ C:\WINDOWS\system32\paypal.url
      2008-03-16 23:13 . 2005-01-28 01:49 111 --a------ C:\WINDOWS\system32\winx.url
      2008-03-16 19:30 . 2008-04-03 18:20 <DIR> d-------- C:\VAIO
      2008-03-16 19:21 . 2008-03-16 19:22 <DIR> d-------- C:\Documents and Settings\Stan\Application Data\Desktop Sidebar
      2008-03-16 18:10 . 2008-04-05 14:26 <DIR> d-------- C:\WINDOWS\system32\VITrans
      2008-03-16 18:10 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
      2008-03-16 18:10 . 2008-03-16 18:10 78,942 --a------ C:\WINDOWS\Icon_1.ico
      2008-03-16 18:10 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
      2008-03-16 18:10 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
      2008-03-16 18:10 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
      2008-03-16 15:37 . 2006-09-12 03:58 16,264,192 -ra------ C:\WINDOWS\Rthdcpl.exe.xpize
      2008-03-16 15:37 . 2005-09-20 02:00 299,008 -ra------ C:\WINDOWS\system32\Alsndmgr.cpl.xpize
      2008-03-16 15:37 . 2006-08-17 17:58 282,624 -ra------ C:\WINDOWS\system32\Rtsndmgr.cpl.xpize
      2008-03-16 15:37 . 2006-07-21 03:14 86,016 -ra------ C:\WINDOWS\Soundman.exe.xpize
      2008-03-16 15:35 . 2004-08-04 14:00 219,136 --a------ C:\WINDOWS\system32\uxtheme.backup

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-09 18:27 --------- d-----w C:\Program Files\MSN Messenger
      2008-04-09 17:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-04 16:48 --------- d-----w C:\Documents and Settings\Stan\Application Data\LimeWire
      2008-03-30 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
      2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-12 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
      2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-03-01 02:56 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
      2008-03-01 02:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
      2008-03-01 02:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
      2008-03-01 02:53 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
      2008-03-01 02:52 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
      2008-02-27 18:27 --------- d-----w C:\Documents and Settings\Stan\Application Data\wsInspector
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-10 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      2008-02-10 12:03 --------- d-----w C:\Documents and Settings\Stan\Application Data\AVG7
      2008-02-10 11:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
      2008-02-10 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-01-19 17:24 299,008 ----a-w C:\WINDOWS\system32\miccyhook.dll
      .

      ------- Sigcheck -------

      2005-03-02 20:14 2061312 c26d84b802567e629d42861a11c7ec04 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
      2007-02-28 18:09 2063744 f51b8d8b0703518349096604e788b83e C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
      2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
      2007-02-28 18:05 2030592 011c8307b302919953e69fca04bddcad C:\WINDOWS\system32\ntkrnlpa.exe
      2007-02-28 18:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      2007-02-28 18:05 2030592 011c8307b302919953e69fca04bddcad C:\WINDOWS\system32\VIRepair\ntkrnlpa.exe
      2007-02-28 18:05 2020352 6f3de0df5031560a92f4498a23062641 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

      2005-03-02 20:15 2183936 5db3e8dec987b5d350e4a105dceaee6a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
      2007-02-28 18:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
      2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
      2007-02-28 18:05 2150912 e38acf533403ab0f34bf806f9eec90a3 C:\WINDOWS\system32\ntoskrnl.exe
      2007-02-28 18:05 2184704 caaa8fd3c034a227691a43b60873f097 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      2007-02-28 18:05 2150912 e38acf533403ab0f34bf806f9eec90a3 C:\WINDOWS\system32\VIRepair\ntoskrnl.exe
      2007-02-28 18:05 2140672 5836c9b396de1efda60c07ed5ae09aa9 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

      2007-06-13 15:24 1427456 dacf27df89da23c8bac1d4cd09f946e6 C:\WINDOWS\explorer.exe
      2007-06-13 15:12 1036800 1d6245afbd3faabc16a885116be1874d C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2007-06-13 15:24 1036800 147e95a42a58ce99e403f7f57656bbeb C:\WINDOWS\system32\dllcache\explorer.exe
      2007-06-13 15:24 1427456 dacf27df89da23c8bac1d4cd09f946e6 C:\WINDOWS\system32\VIRepair\explorer.exe
      2007-06-13 15:24 1187840 04f498ab87c686c971a962fc9f1b06b3 C:\WINDOWS\system32\VITrans\explorer.exe
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]
      "ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
      backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
      path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
      backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Stan^Menu Start^Programma's^Opstarten^shstat.lnk]
      path=C:\Documents and Settings\Stan\Menu Start\Programma's\Opstarten\shstat.lnk
      backup=C:\WINDOWS\pss\shstat.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Stan^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]
      path=C:\Documents and Settings\Stan\Menu Start\Programma's\Opstarten\Ubisoft register.lnk
      backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54013634]
      C:\WINDOWS\system32\kswkdoqf.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
      -ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
      D:\downloads\panda\APVXDWIN.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      --a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
      --a------ 2008-03-01 04:54 1443072 C:\Program Files\ESET\ESET Smart Security\egui.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
      --a------ 2007-07-25 17:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
      --a------ 2007-07-25 17:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      --a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
      C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
      C:\Program Files\ViOrb\ViOrb.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
      --a------ 2007-06-21 13:26 7390512 C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
      --a------ 2004-03-18 17:27 192512 C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "D:\\games\\Pro.Evolution.Soccer.2008[PCDVD][Spanish-EN-FR-GE-IT-POR] + CRACK + KEYGEN (Gusnor)\\PES2008.exe"=
      "D:\\downloads\\BitLord\\BitLord.exe"=
      "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
      "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=

      R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 10:11]
      S3 cpuz128;cpuz128;D:\downloads\PC Wizard 2008\pcwiz32.sys
      S3 hitmanpro2;Hitman Pro 2 Driver;D:\downloads\Hitman Pro\hitmanpro2.sys [2006-11-03 13:02]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-10 18:44:59
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-04-10 18:45:51
      ComboFix-quarantined-files.txt 2008-04-10 16:45:38
      Pre-Run: 91,784,519,680 bytes beschikbaar
      Post-Run: 91,752,353,792 bytes beschikbaar
      .
      2008-04-10 16:25:15 --- E O F ---





      _______________________________________________________________



      hijack this logje:::



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:48:08, on 10-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Program Files\Vista Sidebar\sidebar.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      D:\downloads\hjack\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
      O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\downloads\ad-aware\aawservice.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - D:\DOWNLO~1\AVGANT~1.5(R\avgamsvr.exe (file missing)
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - D:\DOWNLO~1\AVGANT~1.5(R\avgupsvc.exe (file missing)
      O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - D:\DOWNLO~1\AVGANT~1.5(R\avgemc.exe (file missing)
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 3146 bytes

      Comment


      • #4
        Ik zie geen actieve virusscanner in je logfile staan, alleen maar restjes van AVG.
        Download een virusscanner naar keuze, installeer deze en update deze volledig.
        Laat een volledige harde schijf scan doen.

        Kijk hier voor een virusscanner:
        Jawwi.nl is een startpagina. Wij bieden een overzicht van alle handige links, en dat op 1 startpagina.


        Post daarna een nieuw Hijackthis logje.
        Groet,
        Pimmerd

        Comment

        Sorry, you are not authorized to view this page
        Working...
        X