PDA

Volledige versie bekijken : HJT - Vista



TiZon
3 februari 2007, 22:08
Hey,

Kwou daarjuist eens een HJT van mijn Vista bekijken, nu krijg ik 2-3 errors tijdens het scannen, en weet ik niet of het wel goed werkt onder Vista.

Werkt HJT onder Vista?

Thx,
Bart

Jurgenv1
3 februari 2007, 22:14
Die werkt perfect onder vista, je zou me een groot plezier kunnen doen als je eens die hier post, ik ben benieuwd. :)

TiZon
3 februari 2007, 22:27
Voor u alles ;)




Logfile of HijackThis v1.99.1
Scan saved at 22:26:56, on 3/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
E:\VentriloMIX\Ventrilo 2.3.0.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Bart De Vos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)





Foutjes:
http://85.12.17.39/~tizon/upload/upload/hjt-fout1.JPG
http://85.12.17.39/~tizon/upload/upload/hjt-fout2.JPG


grtz,
Bart

Jurgenv1
3 februari 2007, 22:32
* Download en installeer AVG Anti-Spyware (http://www.ewido.net/en/download/).
Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
* onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.

* Start AVG Anti-Spyware.* Klik op Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)
http://home.scarlet.be/~topalex/ewidoscan.jpg
* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.

* Post dan het rapport van AVG antispyware hier met een nieuw hijackthis logje.

PS, als AVG antispyware niet werkt probeer dan dit even:
http://www.helpmij.nl/forum/showthread.php?t=271598

Meld mij dan ook of je die truk heb moeten toepassen. :)

TiZon
3 februari 2007, 23:02
AVG in compabiliteit XP SP2 laten draaien, anders werkt het idd niet ;)

~~~~~~~~~~~~~~EWIDO~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:02:41 3/02/2007

+ Scan result:



C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@microsoftwga.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\bart _de_vos@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@ehg-digg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@ehg-samsungusa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Users\Bart De Vos\AppData\Roaming\Microsoft\Windows\Cookies\Low\ bart_de_vos@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\WINDOWS\9129837.exe -> Trojan.Small.bs : Error during cleaning.
D:\WINDOWS\new_drv.sys -> Trojan.Small.bs : Error during cleaning.


::Report end


~~~~~~~~~~~~~~EINDE EWIDO~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~HJT~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 23:05:27, on 3/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Bart De Vos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


~~~~~~~~~~~~~~EINDE HJT~~~~~~~~~~~~~~~~~~~~


Mss ff vermelden:
Als in vista:
Partities:
C: Vista
D: Windows
E: Prog's (XP)
F: Games
G: Data

Als in XP:
C: Windows
D: Progs
E: Games
F: Data
V: Vista

Jurgenv1
3 februari 2007, 23:08
* Download Killbox (http://www.downloads.subratam.org/KillBox.exe).
Klik op killbox.exe.
Kies de optie: "Delete on reboot".

Kopieer het volgende vetgedrukt deel:

D:\WINDOWS\9129837.exe
D:\WINDOWS\new_drv.sys

Open 'file' in het killboxmenu bovenaan en kies: Paste from clipboard

Je zal zien, het bovenstaande vetgedrukte zal staan in het "Full Path of File to Delete"-veld.
Er is een klein pijltje naast dat veld. Als je daarop klikt zal je al die bovenstaande lijntjes (indien bestanden aanwezig) die je gekopieerd hebt zien staan (dit is alvast de bedoeling)

Klik op de knop: All files (!Belangrijk!)

Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

Je pc moet nu rebooten.

* Open hijackthis en vink volgende regel aan:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Post dan een nieuw hijackthis logje hier.

TiZon
3 februari 2007, 23:25
Killbox lukte niet:
kreeg error bij het aftellen voor de reboot:
http://85.12.17.39/~tizon/upload/upload/fout-killbox.JPG

Bestanden staan nog steeds in D:\Windows...
Manueel verwijderen ? zit toch op andere OS...

HJT-LOG:
Kan die ene regel niet fixen, er gebeurt niets...


Windows version: Windows NT 6.00.1904
MSIE version: 7.0.6000.16386
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

Dan, HJT, als ik die ene regel aanvink en klik op 'fix checked' dan gaan alle records (andere lijnen) weg en gebeurt er voor de rest niets.

Lukt ook niet na 2de/3de keer...

LOG:
Logfile of HijackThis v1.99.1
Scan saved at 23:25:26, on 3/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Bart De Vos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Jurgenv1
3 februari 2007, 23:36
Upload die twee bestanden eens hier:

http://www.virustotal.com/en/indexf.html

Meld mij het rapport van die twee bestanden hier.

TiZon
3 februari 2007, 23:47
Complete scanning result of "9129837.exe", received in VirusTotal at 02.03.2007, 23:37:29 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.34 02.03.2007 TR/PSW.Pinch.A.4
Authentium 4.93.8 02.03.2007 no virus found
Avast 4.7.936.0 02.03.2007 no virus found
AVG 386 02.03.2007 PSW.Generic2.ACEH
BitDefender 7.2 02.03.2007 Trojan.PWS.Pinch.A
CAT-QuickHeal 9.00 02.03.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 02.03.2007 no virus found
DrWeb 4.33 02.03.2007 Trojan.PWS.Braof
eSafe 7.0.14.0 02.03.2007 Win32.Polipos.sus
eTrust-InoculateIT 30.4.3364 02.02.2007 Win32/Ursnif.TYI!Trojan
eTrust-Vet 30.3.3366 02.03.2007 Win32/Ursnif.AA
Ewido 4.0 02.03.2007 Trojan.Small.bs
Fortinet 2.85.0.0 02.03.2007 W32/Agent.BS!tr.pws
F-Prot 4.2.1.29 02.03.2007 generic
Ikarus T3.1.0.31 02.03.2007 Trojan-Downloader.Win32.Zlob.and
Kaspersky 4.0.2.24 02.03.2007 Trojan-PSW.Win32.Small.bs
McAfee 4955 02.02.2007 Spy-Agent.bg
Microsoft 1.2101 02.03.2007 no virus found
NOD32v2 2035 02.03.2007 no virus found
Norman 5.80.02 02.02.2007 W32/Suspicious_U.gen
Panda 9.0.0.4 02.03.2007 Trj/Spyforms.H
Prevx1 V2 02.03.2007 Polynomial.Code.Exploit
Sophos 4.13.0 02.02.2007 Mal/Behav-027
Sunbelt 2.2.907.0 02.02.2007 Trojan-PSW.Win32.Small.bs
Symantec 10 02.03.2007 Infostealer.Snifula.B
TheHacker 6.0.3.162 02.02.2007 Trojan/PSW.Small.bs
UNA 1.83 02.03.2007 Trojan.PSW.Win32.Small.B931
VBA32 3.11.2 02.03.2007 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.19:9 02.03.2007 novirus:Packed/Upack


Aditional Information
File size: 27416 bytes
MD5: c00bcbbeb228b9209c64897fdfd1af1b
SHA1: 4b335183ced0077fe349c68de53b8910603bda8a
packers: UPACK
packers: UPack
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=786d68875338
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Service is stopped in this moments. Scanning of your sample has not been finalized and results has been lost. If you wish to scan it, please send it again.

Antivirus Version Update Result
AntiVir 7.3.1.34 02.03.2007 TR/Rootkit.Gen
Authentium 4.93.8 02.03.2007 W32/PWStealer.CAQ
Avast 4.7.936.0 02.03.2007 Win32:Small-BXP
AVG 386 02.03.2007 PSW.Generic2.AANO
BitDefender 7.2 02.03.2007 Trojan.PWS.Pinch.A
CAT-QuickHeal 9.00 02.03.2007 no virus found
ClamAV devel-20060426 02.03.2007 no virus found
DrWeb 4.33 02.03.2007 Trojan.NtRootKit.168
eSafe 7.0.14.0 02.03.2007 no virus found
eTrust-InoculateIT 30.4.3364 02.02.2007 Win32/Ursnif.8tu!Trojan
eTrust-Vet 30.3.3366 02.03.2007 Win32/Ursnif
Ewido 4.0 02.03.2007 Trojan.Small.bs
Fortinet 2.85.0.0 02.03.2007 W32/Small.BS!tr.pws
F-Prot 4.2.1.29 02.03.2007 W32/PWStealer.CAQ
Ikarus T3.1.0.31 02.03.2007 Trojan-PSW.Win32.Small.bs
Kaspersky 4.0.2.24 02.03.2007 Trojan-PSW.Win32.Small.bs
McAfee 4955 02.02.2007 Generic RootKit.a
Microsoft 1.2101 02.03.2007 no virus found
NOD32v2 2035 02.03.2007 Win32/PSW.Small.NAJ
Norman 5.80.02 02.02.2007 no virus found
Panda 9.0.0.4 02.03.2007 Rootkit/Spyforms.H
Prevx1 V2 02.04.2007 PWS.Generic
Sophos 4.13.0 02.02.2007 Troj/NTRootK-BE
Sunbelt 2.2.907.0 02.02.2007 Trojan-PSW.Win32.Small.bs


Aditional Information
File size: 5376 bytes
MD5: 7dd143443c609905bc2fbcb25a9d5607
SHA1: 833d2aa67a56b03b09711c1d723bb78691739516
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=fe3165685471

Jurgenv1
3 februari 2007, 23:53
Bestanden staan nog steeds in D:\Windows...
Manueel verwijderen ? zit toch op andere OS...
Probeer even dan. ;)

TiZon
4 februari 2007, 00:00
ze zijn weg ;)

Jurgenv1
4 februari 2007, 00:02
Probeer deze regel nog eens te fixen:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Post dan eens een nieuw hijackthis logje hier. :)

TiZon
4 februari 2007, 00:27
In Vista kan ik die niet fixen, hij blijft er tussen staan...

dit is log XP (als het iets kan doen)


Logfile of HijackThis v1.99.1
Scan saved at 0:42:09, on 2007/02/04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
V:\Users\Bart De Vos\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Startup: CronGIP.bat.lnk = C:\Scripts\CronGIP.bat
O4 - Startup: SpeedFan.lnk = D:\SpeedFan\speedfan.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{07371F2C-0AED-46B9-9ACD-A851E6009959}: NameServer = 194.119.228.67,193.74.208.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9962703-4993-4559-8EDC-AA83A81279AE}: NameServer = 194.119.228.67,193.74.208.135
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Jurgenv1
4 februari 2007, 13:05
Die ziet er goed uit, installeer wel een antivirus.

Kan je me nog eens een log posten van Vista?

TiZon
4 februari 2007, 14:31
Logfile of HijackThis v1.99.1
Scan saved at 14:30:48, on 4/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Bart De Vos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Jurgenv1
4 februari 2007, 14:39
Ga naar start==>uitvoeren==>typ:

regedit /e C:/kijk.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects"

Klik dan op 'ok' en ga dan naar C: schijf en open kijk.txt en post de inhoud ervan hier.

TiZon
4 februari 2007, 14:42
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

Jurgenv1
4 februari 2007, 14:45
Open Kladblok.
Kopieer de onderstaande vetgedrukte tekst en plak deze in een nieuw document.


REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

Kies Bestand -> Opslaan
Selecteer bij "Opslaan in": Bureaublad
Vul bij "Bestandsnaam" in: fix.reg
Selecteer bij "Opslaan als type": Alle bestanden
Klik op "Opslaan".

Dubbelklik op fix.reg, dat nu op je bureaublad staat.
Ga ermee akkoord dat deze gegevens aan het register worden toegevoegd.

Post dan een nieuw hijackthis logje hier.

TiZon
4 februari 2007, 14:48
Logfile of HijackThis v1.99.1
Scan saved at 14:48:24, on 4/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
E:\VentriloMIX\Ventrilo 2.3.0.exe
E:\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Bart De Vos\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)



;) nicy

Jurgenv1
4 februari 2007, 14:57
Ziet er goed uit nu. ;)

TiZon
4 februari 2007, 15:05
thx...

Komt er toevallig geen nieuwe HJT-versie uit die beetje meer ondersteuning heeft voor vista ? :D

Jurgenv1
4 februari 2007, 15:08
thx...

Komt er toevallig geen nieuwe HJT-versie uit die beetje meer ondersteuning heeft voor vista ? :D

Ja daaraan wordt er gewerkt. :)