antivirus.startpagina.nl

Logje Wie wilt hem aub nakijken

  • Anonymous avatar

    tara

    Bij het begint zegt hijack al dat hij niet in alle bestanden kan kijken want die zijn geblokkeerd.

    Mijn computer sluit uitzelf zelf af een geeft een fatale system fout.

    Wie wilt er de tijd voor nemen om het na te kijken ?

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 8:53:06, on 19-2-2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\hp\support\hpsysdrv.exe

    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

    C:\Windows\RtHDVCpl.exe

    C:\Windows\system32\schtasks.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Windows\PixArt\Pac207\Monitor.exe

    C:\Program Files\AVG\AVG8\avgtray.exe

    C:\Windows\system32\jusched.exe

    C:\Windows\System32\rundll32.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

    C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\uTorrent\uTorrent.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\hp\kbd\kbd.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\conime.exe

    C:\Program Files\LimeWire\LimeWire.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: mysidesearch search enhancer - {1055A67D-8AE3-56C9-158E-61E08AD067FA} - C:\Windows\system32\sgohlngsguuozvwlg.dll (file missing)

    O2 - BHO: milehighads browser enhancer - {25A29CD5-57B9-F4AD-D859-68286E87E025} - C:\Windows\system32\ogrytiafstw.dll (file missing)

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: milehighads - {8725d17a-943e-cf6f-8131-46ec69a57df8} - C:\Windows\system32\nsw5635.dll (file missing)

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: c:\hp\support\hpsysdrv.exe

    O4 - HKLM\..\Run: C:\HP\KBD\KbdStub.EXE

    O4 - HKLM\..\Run: “C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe”

    O4 - HKLM\..\Run: RtHDVCpl.exe

    O4 - HKLM\..\Run: Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: “C:\Windows\system32\jureg.exe”

    O4 - HKLM\..\Run: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: C:\Windows\PixArt\PAC207\Monitor.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime

    O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe” -startup

    O4 - HKLM\..\Run: C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: C:\Windows\System32\regsvr32.exe /s “C:\Windows\system32\ogrytiafstw.dll”

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

    O4 - HKLM\..\Run: “C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe” /command:faststart

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020

    O4 - HKCU\..\Run: C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount

    O4 - HKCU\..\Run: “C:\Program Files\uTorrent\uTorrent.exe”

    O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

    O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Users\tara\AppData\Local\Temp\{405679C7-9280-424E-BF3A-83D1F1E2B87B}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe

    O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll

    O13 - Gopher Prefix:

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - AppInit_DLLs: avgrsstx.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    End of file - 10678 bytes

  • Anonymous avatar

    Teaser

    Sluit even alle vensters.

    Open alleen HJT en klik op “do a system scan only”

    Vink nu de volgende regels aan en klik op “fix checked”

    O2 - BHO: mysidesearch search enhancer - {1055A67D-8AE3-56C9-158E-61E08AD067FA} - C:\Windows\system32\sgohlngsguuozvwlg.dll (file missing)

    O2 - BHO: milehighads browser enhancer - {25A29CD5-57B9-F4AD-D859-68286E87E025} - C:\Windows\system32\ogrytiafstw.dll (file missing)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: milehighads - {8725d17a-943e-cf6f-8131-46ec69a57df8} - C:\Windows\system32\nsw5635.dll (file missing)

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O4 - HKLM\..\Run: C:\Windows\System32\regsvr32.exe /s “C:\Windows\system32\ogrytiafstw.dll”

    Download Combofix naar je Bureaublad.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

    want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt

    van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    • Dubbelklik op Combofix.exe

      Volg de instructies, aanvaard de disclaimer.

      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Plaats deze log in je volgende post samen met een nieuw HijackThis log.

  • Anonymous avatar

    hatolex

    @Teaser:

    heb je de scan datum gezien???

    hatolex

  • Anonymous avatar

    tara

    Nou ja wat raar ik zie die datum nu ook maar heb het gedaan en daarna gelijk op de prikpagina gezet.

    Maar ik ga even doen wat teaser zegt en dan meld ik me weer .

    bedankt voor de reactie.

  • Anonymous avatar

    Teaser

    Oeps had ik niet gezien ::o

  • Anonymous avatar

    Teaser

    Zet ook je datum en tijd even goed dan (tu)

  • Anonymous avatar

    fazantje

    En je windows update, zie: Platform: Windows Vista SP1

    Huib:)