Dringend verzoek !!!

Jan

18-08-2009 12:15

Graag hulp voor onderstaande log.
Ik heb het volgende al gedaan:
- ATF Cleaner gedraaid
- Ad-aware
- Spybot
Herstarten PC
En nog steeds wordt er via mijn PC, grote hoeveelheden spam verstuurd.
Logfile of HijackThis v1.99.1
Scan saved at 12:11:42, on 18-8-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
D:\Documents and Settings\Jan\Mijn documenten\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: ForceField Toolbar Registrar - {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - D:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “D:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM\..\Run: “C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe”
O4 - HKLM\..\Run: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: “D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe” -nosplash -minimized
O4 - HKCU\..\Run: “C:\Program Files\Microsoft ActiveSync\Wcescomm.exe”
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: In weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Mobiele favorieten maken… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: International*
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intelligente achtergrondsoverdrachtservice (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe“ -service -config ”C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Jos H

18-08-2009 13:00

Dringend verzoek om de stappen uit het stappenplan bovenaan de pagina te doorlopen.
Daarna de TWEE logjes plaatsen.
Teaser

18-08-2009 15:20

Je HJT versie stamt uit de steen tijd
Dus daar ook even de nieuwste versie van gebruiken.
Staat ook wel in het 1ste bericht
Jan

19-08-2009 12:09

Hieronder nieuwe log.
En wat die eerste twee regels betreft, graag nadere uitleg?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:47, on 19-8-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\csrss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\microsoft windows onecare live\antivirus\msmpeng.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\zonelabs\vsmon.exe
c:\program files\lavasoft\ad-aware\aawservice.exe
c:\windows\system32\spoolsv.exe
c:\program files\avira\antivir desktop\sched.exe
c:\windows\explorer.exe
c:\program files\avira\antivir desktop\avguard.exe
c:\windows\system32\svchost.exe
c:\program files\sitecom\bluetooth software\bin\btwdins.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\microsoft windows onecare live\ochealthmon.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\system32\snmp.exe
c:\windows\system32\svchost.exe
c:\windows\system32\searchindexer.exe
c:\program files\microsoft windows onecare live\winss.exe
c:\windows\system32\rundll32.exe
d:\program files\quicktime\qttask.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\scansoft\paperport\pptd40nt.exe
c:\windows\system32\wbem\wmiprvse.exe
c:\program files\brother\brmfcmon\brmfcwnd.exe
c:\windows\system32\wbem\wmiprvse.exe
c:\program files\avira\antivir desktop\avgnt.exe
c:\program files\enigma software group\spyhunter\spyhunter3.exe
c:\windows\system32\alg.exe
c:\program files\brother\controlcenter3\brccmctl.exe
c:\program files\java\jre6\bin\jusched.exe
c:\windows\system32\rundll32.exe
c:\program files\microsoft windows onecare live\winssnotify.exe
d:\program files\voipbuster.com\voipbuster\voipbuster.exe
c:\program files\brother\brmfcmon\brmfcmon.exe
c:\program files\microsoft activesync\wcescomm.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\progra~1\micros~4\rapimgr.exe
c:\program files\uniblue\registrybooster\registrybooster.exe
c:\windows\system32\ctfmon.exe
c:\program files\spybot - search & destroy\teatimer.exe
c:\program files\sitecom\bluetooth software\bttray.exe
c:\program files\windows desktop search\windowssearch.exe
c:\progra~1\sitecom\blueto~1\btstac~1.exe
c:\windows\system32\svchost.exe
c:\program files\lavasoft\ad-aware\aawtray.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\windows live\contacts\wlcomm.exe
c:\program files\skype\phone\skype.exe
c:\program files\skype\plugin manager\skypepm.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\windows live\toolbar\wltuser.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = http://www.google.nl/
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = http://go.microsoft.com/fwlink/?linkid=69157
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = http://go.microsoft.com/fwlink/?linkid=54896
r1 - hklm\software\microsoft\internet explorer\main,search page = http://go.microsoft.com/fwlink/?linkid=54896
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\sdhelper.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
o2 - bho: forcefield toolbar registrar - {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\trustcheckerieplugin.dll
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
o2 - bho: cutepdf form filler - {d41289f2-69c6-417b-897e-c653d677cbaf} - d:\program files\acro software\cutepdf pro\cpfillerco.dll
o2 - bho: java™ plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: forcefield toolbar - {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\trustcheckerieplugin.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: c:\program files\nero\nero8\nero backitup\nbkeyscan.exe
o4 - hklm\..\run: rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: d:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: c:\program files\common files\nero\lib\nerocheck.exe
o4 - hklm\..\run: c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: c:\program files\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe -embedding -boot
o4 - hklm\..\run: c:\program files\scansoft\paperport\pptd40nt.exe
o4 - hklm\..\run: c:\program files\scansoft\paperport\indexsearch.exe
o4 - hklm\..\run: c:\program files\brother\brmfcmon\brmfcwnd.exe /autorun
o4 - hklm\..\run: c:\program files\brother\controlcenter3\brctrcen.exe /autorun
o4 - hklm\..\run: c:\program files\avira\antivir desktop\avgnt.exe /min
o4 - hklm\..\run: c:\program files\enigma software group\spyhunter\spyhunter3.exe
o4 - hklm\..\run: c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: c:\program files\nvidia corporation\nview\nwiz.exe /install
o4 - hklm\..\run: rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hklm\..\run: rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: c:\program files\microsoft windows onecare live\winssnotify.exe
o4 - hkcu\..\run: d:\program files\voipbuster.com\voipbuster\voipbuster.exe -nosplash -minimized
o4 - hkcu\..\run: c:\program files\microsoft activesync\wcescomm.exe
o4 - hkcu\..\run: c:\program files\windows live\messenger\msnmsgr.exe /background
o4 - hkcu\..\run: c:\program files\uniblue\registrybooster\registrybooster.exe /s
o4 - hkcu\..\run: c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: c:\program files\spybot - search & destroy\teatimer.exe
o4 - hkus\.default\..\run: c:\windows\system32\ctfmon.exe (user ‘default user’)
o4 - hkus\.default\..\run: c:\windows\system32\bndmss.exe * (user ‘default user’)
o4 - hkus\.default\..\run: c:\program files\counterpath\x-lite beta\x-lite.exe (user ‘default user’)
o4 - global startup: bttray.lnk = ?
o4 - global startup: windows desktop search.lnk = c:\program files\windows desktop search\windowssearch.exe
o8 - extra context menu item: e&xporteren naar microsoft excel - res://e:\progra~1\micros~1\office12\excel.exe/3000
o8 - extra context menu item: verzenden naar &bluetooth-apparaat… - c:\program files\sitecom\bluetooth software\btsendto_ie_ctx.htm
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra ‘tools’ menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: create mobile favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\micros~4\inetrepl.dll
o9 - extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\micros~4\inetrepl.dll
o9 - extra ‘tools’ menuitem: mobiele favorieten maken… - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\micros~4\inetrepl.dll
o9 - extra button: onderzoek - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\mi1933~1\office11\refiebar.dll
o9 - extra button: @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\sitecom\bluetooth software\btsendto_ie.htm
o9 - extra ‘tools’ menuitem: @btrez.dll,-12650 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\sitecom\bluetooth software\btsendto_ie.htm
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\program files\spybot - search & destroy\sdhelper.dll
o9 - extra ‘tools’ menuitem: spybot - search && destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\program files\spybot - search & destroy\sdhelper.dll
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra ‘tools’ menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (activescan 2.0 installer class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~1\common~1\skype\skype4~1.dll
o22 - sharedtaskscheduler: windows dreamscene - {e31004d1-a431-41b8-826f-e902f9d95c81} - (no file)
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files\avira\antivir desktop\avguard.exe
o23 - service: intelligente achtergrondsoverdrachtservice (bits) - unknown owner - c:\windows\
o23 - service: bluetooth service (btwdins) - broadcom corporation. - c:\program files\sitecom\bluetooth software\bin\btwdins.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lavasoft ad-aware service (lavasoft ad-aware service) - lavasoft - c:\program files\lavasoft\ad-aware\aawservice.exe
o23 - service: pure networks platform service (nmservice) - cisco systems, inc. - c:\program files\common files\pure networks shared\platform\nmsrvc.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
o23 - service: truevector internet monitor (vsmon) - check point software technologies ltd - c:\windows\system32\zonelabs\vsmon.exe
o23 - service: automatische updates (wuauserv) - unknown owner - c:\windows\
–
end of file - 11575 bytes
Jos H

19-08-2009 12:30

De regel bovenaan deze pagina.
http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317
Jan

19-08-2009 13:53

En de laatste log-file:
Malwarebytes' Anti-Malware 1.40
Database versie: 2653
Windows 5.1.2600 Service Pack 2
19-8-2009 13:49:43
mbam-log-2009-08-19 (13-49-43).txt
Scan type: Snelle Scan
Objecten gescand: 110839
Verstreken tijd: 3 minute(s), 56 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\11618284 (Rogue.Multiple) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\11618284\11618284 (Rogue.Multiple) -> Quarantined and deleted successfully.
sijlvia

19-08-2009 22:57

je windows is niet up to date.

Dringend verzoek !!!

Jan

Jos H

Teaser

Jan

Jos H

Jan

sijlvia