PDA

Volledige versie bekijken : Nog eens een logje



128MB
28 januari 2007, 19:15
Pc weer ubertraag, maar ik denk ne bottleneck ofzo.
Hij was zelfs sneller met men oude Fx5200 *sigh*

Is niet dringend, check gewoon als je zin hebt :)

Logfile of HijackThis v1.99.1
Scan saved at 19:14:41, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Jurgenv1
28 januari 2007, 21:18
Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement".
De pagina zal herladen.
Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

* Open hijackthis en vink volgende regel aan:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Post dan een nieuw hijackthis logje hier.

128MB
30 januari 2007, 20:53
Dat van de java vergeet ik nooit meer ;)
Logfile of HijackThis v1.99.1
Scan saved at 20:52:46, on 30/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Jurgenv1
30 januari 2007, 20:53
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

128MB
30 januari 2007, 21:24
Op het einde van Combofix kreeg ik ook deze fout:
"nircmd.exe - Kan onderdeel niet vinden"
"Deze toepassing kan niet worden gestart omdat ConnAPI.DLL niet kan worden gevonden. Het opnieuw installeren van deze toepasing kan dit probleem oplossen."




"Eigenaar" - 07-01-30 21:18:42 Service Pack 2
ComboFix 07.01.30 - Running from: "C:\Documents and Settings\Eigenaar\Bureaublad"

((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))


2007-01-30 20:50 <DIR> d-------- C:\Program Files\Java
2007-01-30 20:50 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-29 17:17 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft
2007-01-29 17:13 168,396 --a------ C:\WINDOWS\OG WWII Content Pack #1 for FPSC Uninstaller.exe
2007-01-29 17:06 <DIR> d-------- C:\Program Files\The Game Creators
2007-01-29 17:02 <DIR> d-------- C:\WINDOWS\Sun
2007-01-29 17:02 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\Sun
2007-01-29 16:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia
2007-01-28 19:14 <DIR> d-------- C:\Program Files\Hijack This
2007-01-27 17:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-01-27 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Test Drive Unlimited
2007-01-27 16:19 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-01-27 16:19 <DIR> dr-h----- C:\DOCUME~1\Eigenaar\Application Data\SecuROM
2007-01-27 16:05 <DIR> d-------- C:\Program Files\Atari
2007-01-22 17:32 227,395 --a------ C:\WINDOWS\rFactor Data Acquisition Plugin Uninstaller.exe
2007-01-22 17:32 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2007-01-20 17:39 <DIR> d-------- C:\Program Files\rFactor
2007-01-20 16:07 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\Datalayer
2007-01-19 16:39 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-19 16:39 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-19 16:39 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\DivX
2007-01-19 16:38 <DIR> d-------- C:\Program Files\DivX
2007-01-17 17:32 <DIR> d-------- C:\Program Files\Real
2007-01-17 17:32 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-17 17:32 <DIR> d-------- C:\Program Files\Common Files\Real
2007-01-17 17:31 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\Real
2007-01-16 18:19 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\Nokia Multimedia Player
2007-01-15 20:20 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\VERITAS
2007-01-15 18:04 <DIR> d-------- C:\Program Files\Simbin
2007-01-13 23:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-13 23:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-13 23:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-13 23:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-13 23:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-13 11:40 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-13 11:40 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-13 11:40 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-13 11:34 <DIR> d-------- C:\Program Files\LucasArts
2007-01-13 09:21 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\BSplayer
2007-01-13 02:08 520,192 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-13 02:08 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-13 02:08 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-13 02:08 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-13 02:03 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-01-13 02:03 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-01-13 02:03 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-01-13 02:03 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-13 02:03 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-13 02:03 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-13 02:03 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-13 02:03 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-13 02:03 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-13 02:03 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-13 02:03 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-13 02:03 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-12 20:58 <DIR> d--hs---- C:\DOCUME~1\Eigenaar\Phone Browser
2007-01-12 20:56 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\Nokia
2007-01-12 20:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PC Suite
2007-01-12 20:55 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-01-12 20:55 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-01-12 20:55 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-01-12 20:55 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-01-12 20:55 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-01-12 20:55 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-01-12 20:55 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-01-12 20:55 <DIR> d-------- C:\Program Files\Nokia
2007-01-12 20:55 <DIR> d-------- C:\Program Files\DIFX
2007-01-12 20:55 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-01-12 20:55 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-01-12 20:55 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\PC Suite
2007-01-12 18:06 <DIR> d-------- C:\DOCUME~1\Eigenaar\Application Data\ATI
2007-01-12 02:19 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-01-12 02:19 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-01-11 20:07 <DIR> d-------- C:\Program Files\Half-Life 2
2007-01-11 17:17 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-01-11 17:17 <DIR> d-------- C:\ATI
2007-01-11 16:58 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-01-11 16:54 <DIR> d-------- C:\Program Files\ATI Technologies
2007-01-11 16:46 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-01-01 22:04 139,264 --a------ C:\WINDOWS\system32\eax.dll
2007-01-01 22:04 <DIR> d-------- C:\Program Files\Creative
2007-01-01 22:00 <DIR> d-------- C:\Program Files\Mafia
2006-12-30 17:16 <DIR> d-------- C:\GTR
2006-12-30 15:07 <DIR> d-------- C:\Program Files\Rockstar Games


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-01-30 21:17 -------- d-------- C:\Program Files\mozilla firefox
2007-01-30 16:10 -------- d-------- C:\DOCUME~1\Eigenaar\Application Data\avg7
2007-01-29 17:13 -------- d--h----- C:\Program Files\installshield installation information
2007-01-27 17:11 -------- d-------- C:\Program Files\magiciso
2007-01-27 11:44 -------- d-------- C:\Program Files\spyware doctor
2007-01-20 14:41 -------- d-------- C:\DOCUME~1\Eigenaar\Application Data\limewire
2007-01-15 16:40 -------- d-------- C:\DOCUME~1\Eigenaar\Application Data\adobe
2007-01-13 02:08 20640 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-01-11 16:58 -------- d---s---- C:\DOCUME~1\Eigenaar\Application Data\microsoft
2006-12-23 11:05 -------- d-------- C:\DOCUME~1\Eigenaar\Application Data\lavasoft
2006-12-22 18:44 -------- d-------- C:\DOCUME~1\Eigenaar\Application Data\intervideo
2006-12-22 14:48 -------- d-------- C:\Program Files\d-tools
2006-12-22 13:14 -------- d-------- C:\Program Files\Common Files\adobe systems shared
2006-12-22 13:13 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-22 13:07 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-22 12:59 -------- d-------- C:\Program Files\ea sports
2006-12-20 12:12 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-20 12:12 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-20 12:12 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-20 12:12 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-20 12:12 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-20 12:12 18240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-20 12:12 -------- d-------- C:\Program Files\grisoft
2006-12-19 17:41 -------- d-------- C:\Program Files\msn messenger
2006-12-19 15:36 -------- d-------- C:\Program Files\Common Files\directx
2006-12-19 15:09 -------- d-------- C:\Program Files\logitech
2006-12-19 15:09 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-19 14:55 -------- d-------- C:\Program Files\sci games
2006-12-19 14:54 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-19 14:49 -------- d-------- C:\DOCUME~1\Eigenaar\Application Data\mozilla
2006-12-19 14:49 -------- d-------- C:\DOCUME~1\Eigenaar\Application Data\macromedia
2006-12-19 14:46 -------- d-------- C:\Program Files\lavasoft
2006-12-19 14:46 -------- d-------- C:\DOCUME~1\Eigenaar\Application Data\pc tools
2006-12-19 14:45 -------- d-------- C:\Program Files\spywareblaster
2006-12-19 14:36 -------- d-------- C:\Program Files\movie maker
2006-12-19 14:36 -------- d-------- C:\Program Files\messenger
2006-12-19 14:35 -------- d-------- C:\Program Files\windows nt
2006-12-19 14:20 -------- d--h----- C:\Program Files\windowsupdate
2006-12-19 14:17 -------- d-------- C:\Program Files\arcsoft
2006-12-19 14:16 724992 --a------ C:\WINDOWS\iun6002.exe
2006-12-19 13:15 -------- d-------- C:\Program Files\usb storage rw
2006-11-02 23:35 8271872 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-02 22:53 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-02 22:52 257536 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-02 22:50 7680 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 11:52 42496 --------- C:\WINDOWS\system32\wpdshextres.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"Start WingMan Profiler"="\"C:\\Program Files\\Logitech\\Profiler\\lwemon.exe\" /noui"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\K]
Shell\AutoRun\command K:\atisetup.exe
Shell\launch\command K:\atisetup.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\eenvoudige internetaanmelding.job

Completion time: 07-01-30 21:21:06




Logfile of HijackThis v1.99.1
Scan saved at 21:22:56, on 30/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Jurgenv1
30 januari 2007, 22:01
* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Voer ook eens een schijfdefragmentatie uit.

128MB
31 januari 2007, 13:11
Done, zal defragmenteren en dan nog es een logje posten om zeker te zijn.
Weet jij misschien waarom AVG een full pc scan doet als ik men PC opstart? Ik kan dat nergens instellen :s

Hartelijk bedankt!

Jurgenv1
31 januari 2007, 13:49
Done, zal defragmenteren en dan nog es een logje posten om zeker te zijn.
Weet jij misschien waarom AVG een full pc scan doet als ik men PC opstart? Ik kan dat nergens instellen :s

Hartelijk bedankt!

Geen idee, weet je zeker dat het nergens bij de opties staat?