Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Hans Klopper
Er verschijnt rechtsonderin in beeld:
Malewarebytes antimalware
Toegang tot mogelijke kwaadaardige website is succesvol geblokkeerd: 208.732.10.29
type uitgaande verbinding
Hoi Hans,
Het stappenplan nog steeds niet goed doorlopen. lees:
>>>Logfile of Trend Micro HijackThis v2.0.2<<<
We zitten nu op v2.0.4.
Verwijder HijackThis en download hem opnieuw.
Ga in de tussenliggende tijd niet van alles en nog wat uitproberen, anders raken wij het overzicht kwijt.
Heb jij Ziggy tv er zelf op gezet?
RegistryBooster staat er ook nog steeds, verwijder deze vanuit configuratiescherm - software.
Ook zie ik nog Sophos en Norman, verwijder deze ook
Start HijackThis, klik op scan en vink de volgende regels aan:
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -k
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
O20 - Winlogon Notify: xxywWoNe - C:\WINDOWS\
Sluit alle vensters, behalve HijackThis en klik op fix chexked.
Download combofix HIER
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis logje.
Succes,
Huib;)
Beste Huib,
Het gekke is dat in het configuratiescherm niets meer is te zien van Norton. Vamn Sophos wel een vermelding, maar geen knop van verwijderen.
Dit is het log
ComboFix 11-10-11.01 - Hans Klopper 11-10-2011 14:44:00.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1279.650
Gestart vanuit: c:\documents and settings\Hans Klopper\Bureaublad\ComboFix.exe
AV: NOD32 antivirus systeem 2.50 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norman Virus Control ver. 5.90 *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\documents and settings\Hans Klopper\Application Data\PriceGong
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Hans Klopper\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Hans Klopper\Mijn documenten\~WRL1782.tmp
c:\documents and settings\Hans Klopper\Mijn documenten\~WRL2001.tmp
c:\documents and settings\Hans Klopper\Mijn documenten\~WRL2691.tmp
c:\documents and settings\Hans Klopper\Mijn documenten\~WRL3101.tmp
c:\documents and settings\Hans Klopper\WINDOWS
c:\windows\Fonts\acrsec.fon
c:\windows\IsUn0413.exe
c:\windows\tsoc.log
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Legacy_AFISICX
——-\Legacy_SECURENTM
——-\Legacy_SOPIDKC
——-\Legacy_TDCTXTE
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-09-11 to 2011-10-11 ))))))))))))))))))))))))))))))
.
.
2011-10-11 12:31 . 2011-10-11 12:31 388096 —-a-r- c:\documents and settings\Hans Klopper\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-11 11:15 . 2011-10-11 11:15 ——– d—–w- c:\documents and settings\Hans Klopper\Application Data\DriverCure
2011-10-11 11:15 . 2011-10-11 11:15 ——– d—–w- c:\documents and settings\Hans Klopper\Application Data\ParetoLogic
2011-10-11 11:15 . 2011-10-11 11:23 ——– d—–w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-10-11 09:49 . 2011-10-11 09:49 ——– d—–w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-11 09:09 . 2011-10-11 09:09 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-10-11 09:09 . 2011-08-31 15:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 06:46 . 2011-10-11 07:16 ——– d—–w- c:\documents and settings\Hans Klopper\Application Data\Systweak
2011-10-11 06:46 . 2011-07-28 11:06 17280 —-a-w- c:\windows\system32\roboot.exe
2011-10-10 22:31 . 2011-10-11 08:16 ——– d—–w- c:\program files\Microsoft Security Client
2011-10-10 22:19 . 2011-10-10 22:19 ——– d—–w- c:\documents and settings\Hans Klopper\Application Data\ElevatedDiagnostics
2011-10-10 17:57 . 2011-10-10 17:57 ——– d—–w- C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 20:37 . 2010-02-20 21:39 87608 —-a-w- c:\documents and settings\Hans Klopper\Application Data\inst.exe
2011-10-10 20:37 . 2008-07-12 08:01 47360 —-a-w- c:\documents and settings\Hans Klopper\Application Data\pcouffin.sys
2011-07-28 12:44 . 2011-07-28 12:44 0 —-a-w- c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“ISUSPM”=“c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe”
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“RoxWatchTray”=“c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
“PinnacleDriverCheck”=“c:\windows\System32\PSDrvCheck.exe”
“RIMBBLaunchAgent.exe”=“c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe”
“Malwarebytes' Anti-Malware”=“c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe”
.
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
AirLive 802.11G Wireless Utility.lnk - c:\program files\Ovislink\Common\AirLiveUI.exe
.
.
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
@=“service”
.
@=“”
.
@=“”
.
@=“Driver”
.
@=“”
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Java\\jre6\\bin\\javaw.exe”=
“c:\\Documents and Settings\\Hans Klopper\\Bureaublad\\Thijs Klopper\\teamspeak3-server_win32\\ts3server_win32.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
“c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe”=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys
S1 ctredr15.sys;ctredr15.sys;
S1 ctredrv.sys;ctredrv.sys;
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
S3 hitmanpro3;Hitman Pro 3 Support Driver;
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys
.
Inhoud van de ‘Gedeelde Taken’ map
.
2011-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.startpagina.nl/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
IE: &D&ownload &with BitComet
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet
IE: Add to AMV Convert Tool…
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: MediaManager tool grab multimedia file
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4C350B19-6CA1-4569-B14C-296D8D65300C} - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-11 15:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@DACL=(02 0000)
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘winlogon.exe’(580)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > ‘explorer.exe’(948)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\norman\Npm\bin\ELOGSVC.EXE
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Ovislink\Common\RalinkRegistryWriter.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2011-10-11 15:24:26 - machine werd herstart
ComboFix-quarantined-files.txt 2011-10-11 13:24
ComboFix2.txt 2009-03-27 18:26
ComboFix3.txt 2009-03-05 17:27
ComboFix4.txt 2009-02-21 12:07
ComboFix5.txt 2011-10-11 12:40
.
Pre-Run: 9.849.176.064 bytes beschikbaar
Post-Run: 10.058.584.064 bytes beschikbaar
.
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - E5E14A1D0CD9CE2C37678FC45B61FDDF
Hierna volgt de hijacklog
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:41, on 11-10-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Ovislink\Common\AirLiveUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKLM\..\Run: C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\AirLiveUI.exe
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mijnalbum.nl/skin/system/upload/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
–
End of file - 10125 bytes
Hallo Hans,
Wil je Sophos verwijderen ?
Staat hij niet Start>cofiguratiescherm>software?
Staat er in de map van Sophos geen uninstall ?
Te vinden:
C:\Program Files\Sophos
Als Sophos nog actief is wel eerst uitschakelen voordat je hem kan verwijderd.
Anders Sophos op nieuw instaleren en dan verwijderen.
Vergeet hierna niet een nieuwe Antivirus te instaleren b.v. Avast
Als dat alles gelukt is plaats dan nog even een nieuw HijackThis logje.
Ben
http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif
Hoi Hans,
Als sophos jou betaalde scanner is, deze laten staan!!
Graag ook nog antwoord op mijn vraag over Ziggytv!!!!
We gaan eens kijken of Norman en nog meer scanners erbij zitten.
Doe het volgende:
Klik op HijackThis - klik op Main menu - klik op open the misc tool section - klik op open uninstal manager - klik op save list.
Sla nu op en plaats deze lijst hier, samen met een nieuw HijackThis logje.
Groetjes Huib;)
Beste Ben,
Ik zie bij program files inderdaad een map sophos staan, maar wanneer ik deze aanklik met de opdracht verwijderen, wordt er aangegeven dat dit Sava adminserviceniet kan worden verwijderd omdat deze in gebruik is, of tegen schrijven beveiligd. Hoe kan ik dit uitschakelen/verwijderen? Ik heb nooit een schijf gehad van Sophos, maar kon het programma via mijn werkgever downloaden
