Mededeling

Collapse
No announcement yet.

ANIO service virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • ANIO service virus

    Hallo,

    Ik heb al een tijdje last van bluescreens tijdens het booten en ook in windows zelf.
    Toen ik bij software keek viel mij direct ANIO service en ANIWZCS2 service op. Deze 2 'programma's kon ik niet verwijderen. Na wat opzoekwerk kwam ik tot de conclusie dat dit een virus is, dat al eerder op dit forum is besproken. Ik weet nu niet of de blue screens hiermee te maken hebben (ik heb ook nog een geheugenprobleem, maar dit wordt binnenkort opgelost). Aangezien ik schrik heb iets verkeerd te doen tijdens de verwijderprocedure vraag ik vriendelijk of iemand mij kan helpen?


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:02:12, on 24/05/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Telemeter 3.0\Telemeter3.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
    C:\Windows\System32\CTHELPER.EXE
    C:\Windows\System32\CTXFIHLP.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\CyberLink\Shared Files\brs.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Logitech\SetPoint II\SetpointII.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
    O4 - Global Startup: SetPointII.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 9559 bytes

  • #2
    Het viel mij op dat ik de 'ANI' map in program files kon verwijderen. Nu moet ik nog enkel 'ANIO service' zien te verwijderen in de lijst van software. Enig idee?

    Comment


    • #3
      Logje is schoon.

      Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
      Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
      Als het tooltje klaar is, opent er een logfile (combofix.txt).
      Post dat logje in je volgende bericht.

      Comment


      • #4
        ComboFix 08-06-08.2 - Bert 2008-06-09 1:00:43.1 - NTFSx86
        Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1043.18.988 [GMT 2:00]
        Gestart vanuit: D:\Programs\ComboFix.exe
        * Nieuw herstelpunt werd aangemaakt

        .
        (((((((((((((((((((( Bestanden Gemaakt van 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))
        .

        2008-06-08 02:32 . 2008-06-08 02:32 <DIR> d-------- C:\Program Files\CoreCodec
        2008-05-31 11:02 . 2008-05-31 11:02 <DIR> d-------- C:\Program Files\Monochrome
        2008-05-31 10:32 . 2008-05-31 10:33 <DIR> d-------- C:\ProgramData\Team MediaPortal
        2008-05-31 10:31 . 2008-05-31 10:33 <DIR> d-------- C:\Program Files\Team MediaPortal
        2008-05-31 01:44 . 2008-05-31 01:44 <DIR> d-------- C:\ProgramData\Tarma Installer
        2008-05-31 01:44 . 2008-05-31 01:44 <DIR> d-------- C:\Program Files\Bulk Rename Utility
        2008-05-29 15:28 . 2008-05-29 15:28 <DIR> d-------- C:\Program Files\Google
        2008-05-28 17:55 . 2008-05-28 17:55 <DIR> d-------- C:\Program Files\Lavalys
        2008-05-28 12:58 . 2008-05-28 12:58 <DIR> d-------- C:\Program Files\Alwil Software
        2008-05-28 12:58 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
        2008-05-28 06:36 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
        2008-05-28 06:36 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
        2008-05-26 19:30 . 2008-05-26 19:30 <DIR> d-------- C:\Program Files\AgataSoft
        2008-05-25 11:24 . 2008-05-28 03:15 <DIR> d-------- C:\Users\Bert\AppData\Roaming\Apple Computer
        2008-05-25 11:24 . 2008-05-25 11:24 <DIR> d-------- C:\Program Files\iTunes
        2008-05-25 11:24 . 2008-05-25 11:24 <DIR> d-------- C:\Program Files\iPod
        2008-05-25 11:23 . 2008-05-25 11:23 <DIR> d-------- C:\Program Files\QuickTime
        2008-05-25 11:23 . 2008-05-25 11:23 <DIR> d-------- C:\Program Files\Apple Software Update
        2008-05-25 11:22 . 2008-05-25 11:22 <DIR> d-------- C:\ProgramData\Apple
        2008-05-25 11:22 . 2008-05-25 11:22 <DIR> d-------- C:\Program Files\Common Files\Apple
        2008-05-24 18:10 . 2008-05-24 18:10 <DIR> d-------- C:\Program Files\GameSpy
        2008-05-24 17:57 . 2008-05-24 17:57 <DIR> d-------- C:\ProgramData\Media Center Programs
        2008-05-24 17:47 . 2008-05-24 17:47 <DIR> d-------- C:\Program Files\Electronic Arts
        2008-05-22 20:48 . 2008-05-22 20:48 <DIR> d-------- C:\ProgramData\Futuremark
        2008-05-22 20:38 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
        2008-05-22 20:38 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
        2008-05-22 20:38 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
        2008-05-22 20:38 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
        2008-05-22 20:38 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
        2008-05-22 20:38 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
        2008-05-22 01:18 . 2008-05-22 01:18 <DIR> d-------- C:\Program Files\Canon
        2008-05-22 00:42 . 2008-05-22 00:42 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
        2008-05-22 00:41 . 2008-05-22 00:41 <DIR> d--h----- C:\Program Files\CanonBJ
        2008-05-21 00:05 . 2008-05-21 00:05 31,696 --a------ C:\TurokGame.dmp
        2008-05-19 12:07 . 2008-05-19 12:07 <DIR> d-------- C:\Program Files\Bulent's Screen Recorder 4
        2008-05-19 12:07 . 2008-05-19 12:07 585,728 --a------ C:\Windows\System32\bsratswf.dll
        2008-05-19 12:07 . 2008-05-19 12:07 147,456 --a------ C:\Windows\System32\bsratwmv.dll
        2008-05-19 10:24 . 2008-06-07 17:01 <DIR> d-------- C:\Users\Bert\AppData\Roaming\MiniLyrics
        2008-05-19 10:24 . 2008-05-19 10:24 <DIR> d-------- C:\Program Files\Minilyrics
        2008-05-19 02:43 . 2008-06-07 17:01 <DIR> d-------- C:\Lyrics
        2008-05-18 17:56 . 2008-05-18 17:56 <DIR> d-------- C:\Users\Public\CyberLink
        2008-05-18 17:45 . 2008-05-18 17:45 <DIR> d-------- C:\Program Files\Haali
        2008-05-18 17:45 . 2008-05-18 17:45 <DIR> d-------- C:\Program Files\ffdshow
        2008-05-18 17:45 . 2008-05-04 12:28 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
        2008-05-18 17:45 . 2008-05-04 12:28 7,680 --a------ C:\Windows\System32\ff_vfw.dll
        2008-05-18 17:45 . 2008-05-04 12:28 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
        2008-05-18 17:34 . 2008-05-18 17:34 <DIR> d-------- C:\Users\Bert\AppData\Roaming\CyberLink
        2008-05-18 17:30 . 2008-05-18 17:34 <DIR> d-------- C:\ProgramData\CyberLink
        2008-05-18 17:29 . 2008-05-18 17:30 <DIR> d-------- C:\Program Files\CyberLink
        2008-05-18 17:29 . 2008-05-18 17:29 <DIR> d-------- C:\Program Files\Common Files\CyberLink
        2008-05-18 17:28 . 2008-05-18 17:27 29,480 --a------ C:\Windows\System32\msxml3a.dll
        2008-05-17 21:37 . 2008-05-17 21:37 69 --a------ C:\Windows\NeroDigital.ini
        2008-05-15 13:41 . 2008-05-21 00:08 5,120 --a------ C:\Windows\System32\BReWErS.dll
        2008-05-08 21:51 . 2008-05-08 21:51 <DIR> d-------- C:\Program Files\GPLGS
        2008-05-08 21:51 . 2008-05-08 21:51 <DIR> d-------- C:\Program Files\Acro Software
        2008-05-08 21:51 . 2007-07-12 22:33 87,552 --a------ C:\Windows\System32\cpwmon2k.dll

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-06-08 22:58 --------- d-----w C:\Users\Bert\AppData\Roaming\Azureus
        2008-06-08 15:55 --------- d-----w C:\Users\Bert\AppData\Roaming\foobar2000
        2008-05-27 16:48 --------- d-----w C:\ProgramData\Symantec
        2008-05-27 16:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
        2008-05-24 22:40 --------- d-----w C:\ProgramData\Apple Computer
        2008-05-24 15:59 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
        2008-05-24 15:59 22,328 ----a-w C:\Users\Bert\AppData\Roaming\PnkBstrK.sys
        2008-05-24 15:58 669,184 ----a-w C:\Windows\System32\pbsvc.exe
        2008-05-24 15:58 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
        2008-05-24 15:05 --------- d-----w C:\ProgramData\NVIDIA
        2008-05-23 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-05-19 22:05 --------- d-----w C:\Program Files\The KMPlayer
        2008-05-19 09:28 --------- d---a-w C:\ProgramData\TEMP
        2008-05-19 08:24 --------- d-----w C:\Program Files\foobar2000
        2008-05-18 15:38 --------- d-----w C:\Program Files\Avant Browser
        2008-05-17 07:55 --------- d-----w C:\ProgramData\Microsoft Help
        2008-05-17 07:55 --------- d-----w C:\Program Files\Windows Mail
        2008-05-16 18:08 --------- d-----w C:\ProgramData\THQ
        2008-05-12 13:05 --------- d-----w C:\Users\Bert\AppData\Roaming\SolidWorks
        2008-05-04 08:59 --------- d-----w C:\Program Files\Windows Live
        2008-05-02 21:21 --------- d-----w C:\ProgramData\Autodesk
        2008-05-02 21:21 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
        2008-04-30 15:27 442,368 ----a-w C:\Windows\System32\NVUNINST.EXE
        2008-04-29 21:24 --------- d--h--w C:\ProgramData\CanonBJ
        2008-04-27 17:38 --------- d-----w C:\Users\Bert\AppData\Roaming\Touchstone
        2008-04-27 15:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
        2008-04-27 15:46 --------- d-----w C:\Program Files\AGEIA Technologies
        2008-04-27 15:44 --------- d-----w C:\Program Files\Touchstone
        2008-04-27 14:50 --------- d-----w C:\Program Files\MKVtoolnix
        2008-04-22 15:08 --------- d-----w C:\Program Files\Common Files\Bluebeam Software
        2008-04-22 15:07 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
        2008-04-22 14:54 --------- d-----w C:\Program Files\SolidWorks
        2008-04-22 06:53 27,672 ----a-r C:\Windows\system32\drivers\Entech.sys
        2008-04-20 20:00 --------- d-----w C:\Users\Bert\AppData\Roaming\LimeWire
        2008-04-20 09:59 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
        2008-04-19 22:45 --------- d-----w C:\Program Files\Trend Micro
        2008-04-19 22:28 --------- d-----w C:\Program Files\NVIDIA Corporation
        2008-04-19 22:26 --------- d-----w C:\Program Files\Java
        2008-04-19 22:15 --------- d-----w C:\Program Files\RivaTuner v2.08
        2008-04-19 09:08 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
        2008-04-17 00:43 174 --sha-w C:\Program Files\desktop.ini
        2008-04-17 00:37 --------- d-----w C:\Program Files\Windows Sidebar
        2008-04-17 00:37 --------- d-----w C:\Program Files\Windows Photo Gallery
        2008-04-17 00:37 --------- d-----w C:\Program Files\Windows Journal
        2008-04-17 00:37 --------- d-----w C:\Program Files\Windows Defender
        2008-04-17 00:37 --------- d-----w C:\Program Files\Windows Collaboration
        2008-04-17 00:37 --------- d-----w C:\Program Files\Windows Calendar
        2008-04-17 00:30 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
        2008-04-17 00:30 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
        2008-04-17 00:20 82,432 ----a-w C:\Windows\System32\axaltocm.dll
        2008-04-17 00:20 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
        2008-04-15 15:11 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
        2008-04-15 15:11 --------- d-----w C:\ProgramData\Ubisoft
        2008-04-15 15:07 --------- d-----w C:\Program Files\Ubisoft
        2008-04-14 09:05 --------- d-----w C:\ProgramData\Lavasoft
        2008-04-14 09:04 --------- d-----w C:\Program Files\Lavasoft
        2008-04-14 08:50 --------- d-----w C:\Users\Bert\AppData\Roaming\Ubisoft
        2008-04-14 08:31 --------- d-----w C:\Users\Bert\AppData\Roaming\InstallShield
        2008-04-12 13:18 --------- d-----w C:\Program Files\MSECache
        2008-04-11 23:01 --------- d-----w C:\ProgramData\NVIDIA Corporation
        2008-04-11 15:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
        2008-03-24 17:52 35,840 ----a-w C:\Windows\System32\nvcod100.dll
        2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
        2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
        2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
        2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
        2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
        2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F286500C-177A-4316-9E88-9814FBB1DC3D}]
        2008-05-29 15:28 156144 --a----t- C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
        "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]
        "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
        "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
        "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
        "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19 204800]
        "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
        "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTXFIREG"="CTxfiReg.exe" [2008-02-20 20:55 43520 C:\Windows\System32\CTXFIREG.EXE]
        "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 18:39 55824 C:\Windows\KHALMNPR.Exe]
        "Launch LgDevAgt"="C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 18:59 346648]
        "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
        "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
        "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
        "Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-16 00:38 1441792]
        "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
        "D-Link D-Link Wireless N DWA-140"="C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 19:29 1388544]
        "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 18:10 180224]
        "UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
        "CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\Windows\System32\CTHELPER.EXE]
        "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\Windows\System32\CTXFIHLP.EXE]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
        "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
        "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
        "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-03-21 10:21 91432]
        "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
        "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
        "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 18:03 267064]
        "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]
        "CtxfiReg"="CTXFIREG.exe" [2008-02-20 20:55 43520 C:\Windows\System32\CTXFIREG.EXE]

        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
        SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [30-8-2007 19:13:06 319488]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "EnableUIADesktopToggle"= 0 (0x0)

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
        "TCP Query User{0286610A-C217-47D1-A60D-B43A0815D9F1}C:\\program files\\avant browser\\avant.exe"= UDP:C:\program files\avant browser\avant.exe:Avant Browser
        "UDP Query User{5DAA4F79-0B21-41DE-A63B-1BA212E84D3C}C:\\program files\\avant browser\\avant.exe"= TCP:C:\program files\avant browser\avant.exe:Avant Browser
        "TCP Query User{411F68B2-D580-4F13-B4F6-45B6266B9746}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
        "UDP Query User{698B9D8B-5D6D-4477-8A52-4CA72D8D4EE6}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
        "{E11DEBB3-893E-4A2D-A26D-D733BCD0E47F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
        "{A3AE51C1-45E6-4239-A42A-2634D595D455}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
        "{AE3123D0-EDE3-4B90-9B66-43805040CD63}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
        "{A98A7043-9CE1-43CE-9F7D-8E976593150F}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
        "{BC571087-D135-4317-856C-576AB3BD82C6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
        "{B5FA1297-D596-40C5-A5F0-15C1BDAFD4BF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
        "{C80F35B6-B169-433B-B8BF-B2CF05610C9A}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
        "{178EF038-0024-4CD4-B1F7-E759C4030B0B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
        "{83CFF485-3065-49F1-985F-002A18E9FA76}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
        "{5DB6446D-7868-4B4C-9F4B-775530DDDDD7}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
        "{E2EF4D46-FA9E-4376-95E3-796373048EA9}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
        "{738C12C3-721C-4AF6-9A02-ED8B0B51B0CE}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
        "{C3912A33-F191-4B00-972E-2AC57B9F77C5}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
        "{9070E736-C0A6-419E-93C9-7F63C95D2C50}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
        "{052D6A08-1674-488C-80AA-30ED30CF7D41}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
        "{48E3A59B-8B48-4009-B9E2-92BEDD89DA39}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
        "{D0E12195-137D-4CE8-918B-5BA0519D6BF1}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
        "{0977F6F5-7D17-4049-A46E-79345BEDD549}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
        "{87665C3B-E37C-4CC6-A7E9-9DD3E08D6A20}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
        "{44D40175-9422-43A6-9712-D57DBED8B434}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
        "{FADA68F2-CA54-4FC3-861C-7C2DFC508E0E}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
        "{B6336F55-07F9-4959-A07C-0DDBD0F02F57}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
        "{D391E213-4991-4ED1-B446-A00640FC3868}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
        "{4B11F98E-E187-4503-99D8-A1DF212E45D7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
        "{B80DA531-1D2E-4F87-AE51-B63B433E978F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

        R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
        R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]
        R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
        R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
        R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
        R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
        R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
        S2 gupdate1c8c18fdac00ca0;Google Update Service (gupdate1c8c18fdac00ca0);"C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe" /svc /lang en
        S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-02 15:59]
        S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\rt2870.sys [2007-03-13 06:35]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        GPSvcGroup REG_MULTI_SZ GPSvc

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19c73ac3-e63d-11dc-8f06-806e6f6e6963}]
        \shell\AutoRun\command - F:\AutoRunCD.exe

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eafcbc7f-ea0a-11dc-ace8-806e6f6e6963}]
        \shell\AutoRun\command - F:\AutoRunCD.exe

        *Newly Created Service* - CATCHME

        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
        %SystemRoot%\system32\soundschemes.exe /AddRegistration
        .
        Inhoud van de 'Gedeelde Taken' map
        "2008-06-06 11:49:11 C:\Windows\Tasks\GoogleUpdateTask.job"
        - C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe
        .
        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-06-09 01:05:04
        Windows 6.0.6001 Service Pack 1 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        HKLM\Software\Microsoft\Windows\CurrentVersion\Run
        CTHelper = CTHELPER.EXE?
        CTxfiHlp = CTXFIHLP.EXE?

        scannen van verborgen bestanden ...


        C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 404 bytes
        C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 331 bytes

        Scan succesvol afgerond
        verborgen bestanden: 2

        **************************************************************************
        .
        Voltooingstijd: 2008-06-09 1:05:55
        ComboFix-quarantined-files.txt 2008-06-08 23:05:50

        Pre-Run: 52,638,826,496 bytes beschikbaar
        Post-Run: 52,947,247,104 bytes beschikbaar

        1764 --- E O F --- 2008-05-29 21:12:43
        Last edited by smeenk; 09-06-08, 08:57.

        Comment


        • #5
          Ik zie eigenlijk geen verkeerde dingen, zijn de problemen er nog steeds?

          Comment


          • #6
            Ik had gezegd dat ik problemen had met mijn geheugen. Heb deze nu vervangen door OCZ 1066 MHz geheugen en nog steeds heb ik af en toe een bluescreen. Na opnieuw opstarten vindt windows de fout niet. Voorheen gaf hij mij (af en toe) aan dat het probleem bij het geheugen ligt.

            Vooral tijdens gamen crasht de pc. Ofwel krijg ik een kader waarin gezegd wordt dat er een fout is opgetreden en de toepassing moet worden afgesloten, ofwel krijg ik een bluescreen.

            Tzal dan wel aan een driver liggen (heb nochtans alle laatste drivers van de graka en geluidskaart).

            Als ik dan nog even spreek over dat ANIO virus. Het is dus verwijderd maar staat nog steeds in de lijst van programma's en krijg het daar niet weg.

            Comment


            • #7
              Download ATF cleaner (gemaakt door Atribune)
              Dubbelklik op ATF cleaner om het programma te starten.
              Op het tabblad "Main", plaats je een vinkje bij Select All.
              Klik op de knop Empty Selected.

              Het volgende doen als je ook FireFox als browser hebt:
              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
              Klik op de knop Empty Selected.

              Het volgende doen als je ook Opera als browser hebt:
              Klik op tabblad "Opera", plaats een vinkje bij Select All.
              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
              Klik op de knop Empty Selected.
              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

              Download Malwarebytes' Anti-Malware via hier of hier.

              Dubbelklik mbam-setup.exe om het programma te installeren.
              • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
              • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
              • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
              • Het scannen kan een tijdje duren, dus wees geduldig.
              • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
              • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
              • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
              • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
              • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

              Extra opmerking:
              Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

              Comment


              • #8
                Malwarebytes' Anti-Malware 1.17
                Database versie: 848

                23:44:02 11/06/2008
                mbam-log-6-11-2008 (23-44-02).txt

                Scan type: Snelle Scan
                Objecten gescand: 37749
                Verstreken tijd: 2 minute(s), 22 second(s)

                Geheugenprocessen geïnfecteerd: 0
                Geheugenmodulen geïnfecteerd: 0
                Registersleutels geïnfecteerd: 0
                Registerwaarden geïnfecteerd: 0
                Registerdata bestanden geïnfecteerd: 3
                Mappen geïnfecteerd: 0
                Bestanden geïnfecteerd: 0

                Geheugenprocessen geïnfecteerd:
                (Geen kwaadaardige items gevonden)

                Geheugenmodulen geïnfecteerd:
                (Geen kwaadaardige items gevonden)

                Registersleutels geïnfecteerd:
                (Geen kwaadaardige items gevonden)

                Registerwaarden geïnfecteerd:
                (Geen kwaadaardige items gevonden)

                Registerdata bestanden geïnfecteerd:
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

                Mappen geïnfecteerd:
                (Geen kwaadaardige items gevonden)

                Bestanden geïnfecteerd:
                (Geen kwaadaardige items gevonden)


                Hijackthis log:

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 13:46:51, on 24/05/2008
                Platform: Windows Vista SP1 (WinNT 6.00.1905)
                MSIE: Internet Explorer v7.00 (7.00.6001.18000)
                Boot mode: Normal

                Running processes:
                C:\Windows\system32\taskeng.exe
                C:\Windows\system32\Dwm.exe
                C:\Windows\Explorer.EXE
                C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
                C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
                C:\Program Files\Telemeter 3.0\Telemeter3.exe
                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
                C:\Windows\System32\CTHELPER.EXE
                C:\Windows\System32\CTXFIHLP.EXE
                C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                C:\Windows\System32\rundll32.exe
                C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
                C:\Program Files\CyberLink\Shared Files\brs.exe
                C:\Program Files\Windows Sidebar\sidebar.exe
                C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
                C:\Program Files\DAEMON Tools Lite\daemon.exe
                C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
                C:\Windows\ehome\ehtray.exe
                C:\Windows\ehome\ehmsas.exe
                C:\Program Files\Logitech\SetPoint II\SetpointII.exe
                C:\Program Files\Windows Defender\MSASCui.exe
                C:\Program Files\Windows Media Player\wmpnscfg.exe
                C:\Windows\SYSTEM32\CTXFISPI.EXE
                C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
                C:\Program Files\Windows Sidebar\sidebar.exe
                C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
                C:\Program Files\Mozilla Firefox\firefox.exe
                C:\Program Files\Windows Live\Contacts\wlcomm.exe
                C:\Program Files\Azureus\Azureus.exe
                C:\Program Files\Avant Browser\avant.exe
                C:\Windows\system32\SearchFilterHost.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                O1 - Hosts: ::1 localhost
                O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
                O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
                O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
                O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
                O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
                O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
                O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
                O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
                O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
                O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
                O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
                O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
                O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
                O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
                O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
                O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
                O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
                O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
                O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
                O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEEM')
                O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
                O4 - Global Startup: SetPointII.lnk = ?
                O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
                O13 - Gopher Prefix:
                O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
                O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
                O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
                O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
                O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
                O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
                O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
                O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
                O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
                O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
                O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                --
                End of file - 9691 bytes

                Ik wil nog even dit zeggen:
                de volgende bestanden staan in de System32 directory: ANICtl.dll, ANIO.sys, anio4.sys, ANIO64.sys, ANIOApi.dll, ANIWZCS2.dll, ANIWZCSUSERNAME{A9274FEF-8999-4B4A-B8C7-0B4A6AEE7CE2}
                Deze bestanden staan er vanaf 23/03/08... en geen enkel programma die dit tot hier toe opmerkte. Waarschijnlijk staan er nog zo'n verdachte bestanden in de windows directory. Wat moet moet ik hiermee?
                Last edited by Roopert; 12-06-08, 00:01.

                Comment


                • #9
                  Waarom denk je dat het malware is?

                  Ik heb daar geen bewijzen voor gevonden:
                  明泰科技秉持「德行」、「客戶價值」、「敏捷」、「協作績效」的企業精神,強調以人為本的中心思想,將人文結合科技,成功經營企業,透過卓越創新的網路通訊技術,提升環境生活品質,開創世界級DMS大廠。


                  Comment


                  • #10
                    Waarom kan ik ze dan niet verwijderen uit de software list? Dat is toch verdacht. Trouwens, ik zie geen enkele reden waarom ik deze bestanden nodig zou hebben. Ze zijn op mijn computer geplaatst zonder mijn weten. Hoe kan ik ze nou verwijderen? Manueel?

                    Comment


                    • #11
                      Misschien een uninstaller die verwijderd is?

                      Of je ze nodig hebt, weet ik niet, ik neem aan dat ze via de installatie van een ander programma meegekomen zijn.
                      Waarom zou je het weg halen?
                      Via mijn links kon je zien dat het om een legitiem programma gaat, als het geen problemen veroorzaakt kan je het gewoon laten staan.

                      Comment


                      • #12
                        Dan zal ik ze laten staan maar dit lost wel niet de problemen van de bluescreens op. Ik krijg zo stilaan de indruk dat er iets scheelt aan de drivers van de soundblaster X-fi aangezien ook regelmatig is het geluid wegvalt en tijdens het switchen van een liedje telkens een klik gehoord wordt. Is dit een bekend probleem in vista?

                        Of kan het aan een hardwarematige fout liggen? Heb in het verleden al een moederbord (asus striker extreme ) van 2 maand oud moeten buiten bonjouren omdat telkens ik een HDD aansloot deze direct crashte en stuk was!!
                        Deze heb ik vervangen door een maximus formula, waar regelmatig de bios instellingen gerest worden na reboot!!! Iktrek echt problemen aan

                        Comment


                        • #13
                          Lijken me echt problemen die niet malware-gerelateerd zijn

                          Ik denk dat je deze problemen beter in deze sectie voorleggen kan:


                          Want met behulp van Hijackthis of andere antimalware-tools gaan we dit vast niet oplossen.

                          Comment


                          • #14
                            Ik weet niet of het de moeite waard is nog een post te plaatsen bij het windows gedeelte. Mijn problemen zijn zo algemeen, ik bedoel, ik weet niet wat de bluescreens veroorzaakt... Hoe kan een expert als jij me dan helpen..

                            Denk dat ik de problemen maar zal uitzweten tot ik een volgende systeem samenstel en hopen dat we wat meer geluk hebben.

                            Bedankt voor de vele reacties

                            Comment


                            • #15
                              Graag gedaan hoor

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X