leootje
Enthousiast
- Lid geworden
- 16 jan 2007
- Berichten
- 2.430
- Waarderingsscore
- 0
[hjt]
Logfile of HijackThis v1.99.1
Scan saved at 23:08:05, on 24-12-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
c:\windows\system32\ati2evxx.exe
c:\windows\explorer.exe
c:\progra~1\avg\avg8\avgwdsvc.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\diskeeper corporation\diskeeper\dkservice.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\rvs\wcom\system\rvsinst.exe
c:\progra~1\avg\avg8\avgrsx.exe
c:\progra~1\avg\avg8\avgnsx.exe
c:\program files\logitech\itouch\itouch.exe
c:\windows\system32\svchost.exe
c:\windows\system32\searchindexer.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\yahoo!\softwareupdate\yahooauservice.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\java\jre6\bin\jusched.exe
c:\progra~1\avg\avg8\avgtray.exe
c:\program files\peerguardian2\pg2.exe
c:\windows\system32\ctfmon.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\windows desktop search\windowssearch.exe
c:\program files\winzip\wzqkpick.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\logonui.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\logon.scr
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchprotocolhost.exe
c:\documents and settings\leo van der stelt\bureaublad\anti virus\forum scanners\forum.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r3 - urlsearchhook: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
r3 - urlsearchhook: avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\ietoolbar.dll
o2 - bho: ie7pro - {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\ietoolbar.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn7\ytsingleinstance.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
o3 - toolbar: avg security toolbar - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\ietoolbar.dll
o4 - hklm\..\run: [zbrowser launcher] c:\program files\logitech\itouch\itouch.exe
o4 - hklm\..\run: [logitech utility] logi_mwx.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [aticcc] c:\program files\ati technologies\ati.ace\cli.exe runtime -delay
o4 - hklm\..\run: [hpdj taskbar utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [tkbellexe] c:\program files\common files\real\update_ob\realsched.exe -osboot
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [avg8_tray] c:\progra~1\avg\avg8\avgtray.exe
o4 - hklm\..\run: [diskeepersystray] c:\program files\diskeeper corporation\diskeeper\dkicon.exe
o4 - hklm\..\run: [malwarebytes anti-malware (reboot)] c:\program files\malwarebytes' anti-malware\mbam.exe /runcleanupscript
o4 - hkcu\..\run: [peerguardian] c:\program files\peerguardian2\pg2.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - global startup: windows search.lnk = c:\program files\windows desktop search\windowssearch.exe
o4 - global startup: winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: &iespell options - res://c:\program files\iespell\iespell.dll/spelloption.htm
o8 - extra context menu item: check &spelling - res://c:\program files\iespell\iespell.dll/spellcheck.htm
o8 - extra context menu item: geselecteerde koppelingen converteren naar bestaand pdf-bestand - res://c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll/acroieappendsellinks.html
o8 - extra context menu item: koppelingdoel converteren naar adobe pdf - res://c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll/acroiecapture.html
o8 - extra context menu item: koppelingdoel converteren naar bestaand pdf-bestand - res://c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll/acroieappend.html
o8 - extra context menu item: lookup on merriam webster - file://c:\program files\iespell\merriam webster.htm
o8 - extra context menu item: lookup on wikipedia - file://c:\program files\iespell\wikipedia.htm
o8 - extra context menu item: selectie converteren naar bestaand pdf-bestand - res://c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll/acroieappend.html
o9 - extra button: ie7pro grab and drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - c:\program files\iepro\iepro.dll
o9 - extra 'tools' menuitem: ie7pro grab and drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - c:\program files\iepro\iepro.dll
o9 - extra button: ie7pro preferences - {0026439f-a980-4f18-8c95-4f1cbbf9c1d8} - c:\program files\iepro\iepro.dll
o9 - extra 'tools' menuitem: ie7pro preferences - {0026439f-a980-4f18-8c95-4f1cbbf9c1d8} - c:\program files\iepro\iepro.dll
o9 - extra button: iespell - {0e17d5b7-9f5d-4fee-9df6-ca6ee38b68a8} - c:\program files\iespell\iespell.dll
o9 - extra 'tools' menuitem: iespell - {0e17d5b7-9f5d-4fee-9df6-ca6ee38b68a8} - c:\program files\iespell\iespell.dll
o9 - extra button: (no name) - {1606d6f9-9d3b-4aea-a025-ed5b2fd488e7} - c:\program files\iespell\iespell.dll
o9 - extra 'tools' menuitem: iespell options - {1606d6f9-9d3b-4aea-a025-ed5b2fd488e7} - c:\program files\iespell\iespell.dll
o9 - extra button: ati tv - {44226dff-747e-4edc-b30c-78752e50cd0c} - c:\program files\ati multimedia\dtv\explbar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o10 - unknown file in winsock lsp: c:\program files\bonjour\mdnsnsp.dll
o11 - options group: [international] international
o16 - dpf: {02bf25d5-8c17-4b23-bc80-d3488abddc6b} (quicktime object) - [noparse]http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab[/noparse]
o16 - dpf: {0cca191d-13a6-4e29-b746-314dee697d83} (facebook photo uploader 5 control) - [noparse]http://upload.facebook.com/controls/2008.10.10_v5.5.8/facebookphotouploader5.cab[/noparse]
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (installation support) - c:\program files\yahoo!\common\yinsthelper.dll
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://groups.msn.com/controls/photouc/msnpupld.cab[/noparse]
o16 - dpf: {55027008-315f-4f45-bbc3-8be119764741} (slide image uploader control) - [noparse]http://www.slide.com/uploader/slideimageuploader.cab[/noparse]
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} (windows live safety center base module) - [noparse]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab[/noparse]
o16 - dpf: {62475759-9e84-458e-a1ab-5d2c442adfde} - [noparse]http://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/quicktimeinstaller.exe[/noparse]
o16 - dpf: {63d6dd13-c913-466d-9444-9357561e4d94} (upload toepassing control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.5.9/uploadtoepassing.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1150732011093[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1150736644625[/noparse]
o16 - dpf: {6e5e167b-1566-4316-b27f-0ddab3484cf7} (image uploader control) - [noparse]http://cache.hyves-static.net/statics/aurigma/imageuploader4.cab[/noparse]
o16 - dpf: {a18962f6-e6ed-40b1-97c9-1fb36f38bfa8} (aurigma image uploader 3.5 control) - [noparse]http://cache.hyves.nl/statics/aurigma/imageuploader.cab[/noparse]
o16 - dpf: {a9f8d9ec-3d0a-4a60-bd82-fbd64bad370d} - [noparse]http://h20264.www2.hp.com/ediags/dd/install/hpdriverdiagnosticsxp2k.cab[/noparse]
o16 - dpf: {cac677b6-4963-4305-9066-0bd135cd9233} (ipsuploader4 control) - [noparse]http://as.photoprintit.de/ips-opdata/layout/default01/activex/ipsuploader4.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o16 - dpf: {de625294-70e6-45ed-b895-cffa13aeb044} (axismediacontrolemb class) - [noparse]http://195.113.207.238/activex/amc.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {edfcb7cb-942c-4822-af14-f0b687409848} (image uploader control) - [noparse]http://cache.hyves-static.net/statics/aurigma/imageuploader4.cab[/noparse]
o16 - dpf: {f00f4763-7355-4725-82f7-0da94a256d46} (incredimail) - [noparse]http://www2.incredimail.com/contents/setup/downloader/imloader.cab[/noparse]
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - [noparse]http://chat.msn.com/controls/msnchat45.cab[/noparse]
o16 - dpf: {fd0b6769-6490-4a91-aa0a-b5ae0dc75ac9} (performance viewer activex control) - [noparse]https://85.147.168.13/activex/ractrl.cab[/noparse]
o16 - dpf: {fe0bd779-44ee-4a4b-aa2e-743c63f2e5e6} (iwinampactivex class) - [noparse]http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab[/noparse]
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg8\avgpp.dll
o18 - protocol: livecall - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\wi1f86~1\messen~1\msgrap~1.dll
o18 - protocol: msnim - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\wi1f86~1\messen~1\msgrap~1.dll
o18 - protocol: wlmailhtml - {03c514a3-1efb-4856-9f99-10d7be1653c0} - c:\program files\windows live\mail\mailcomm.dll
o20 - winlogon notify: avgrsstarter - c:\windows\system32\avgrsstx.dll
o20 - winlogon notify: dimsntfy - %systemroot%\system32\dimsntfy.dll (file missing)
o21 - ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\windows\system32\wpdshserviceobj.dll
o23 - service: a-squared free service (a2free) - emsi software gmbh - c:\program files\a-squared free\a2service.exe
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: ati smart - unknown owner - c:\windows\system32\ati2sgag.exe
o23 - service: avg free8 watchdog (avg8wd) - avg technologies cz, s.r.o. - c:\progra~1\avg\avg8\avgwdsvc.exe
o23 - service: ##id_string1.6844f930_1628_4223_b5cc_5bb94b879762## (bonjour service) - apple computer, inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: diskeeper - diskeeper corporation - c:\program files\diskeeper corporation\diskeeper\dkservice.exe
o23 - service: flexnet licensing service - macrovision europe ltd. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: java quick starter (javaquickstarterservice) - unknown owner - c:\program files\java\jre6\bin\jqs.exe -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf (file missing)
o23 - service: nbservice - nero ag - c:\program files\nero\nero 7\nero backitup\nbservice.exe
o23 - service: rvs installer (rvsinst) - living byte software gmbh, mnchen - c:\program files\rvs\wcom\system\rvsinst.exe
o23 - service: smartlinkservice (slservice) - smart link - c:\windows\system32\slserv.exe
o23 - service: yahoo! updater (yahooauservice) - yahoo! inc. - c:\program files\yahoo!\softwareupdate\yahooauservice.exe
[/hjt]
heb een programma gedownload van 'hide my ip' Krijg hem niet verwijdert met mbam.Zie ook het log van m.bam.
--- automatische edit ---
Malwarebytes' Anti-Malware 1.42
Database versie: 3425
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24-12-2009 23:05:50
mbam-log-2009-12-24 (23-05-50).txt
Scan type: Snelle Scan
Objecten gescand: 108707
Verstreken tijd: 10 minute(s), 17 second(s)
Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 0
Registerwaarden genfecteerd: 1
Registerdata bestanden genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 0
Geheugenprocessen genfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen genfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels genfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden genfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\friendlyname (Trojan.FakeAlert) -> Delete on reboot.
Registerdata bestanden genfecteerd:
(Geen kwaadaardige items gevonden)
Mappen genfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden genfecteerd:
(Geen kwaadaardige items gevonden)
Logfile of HijackThis v1.99.1
Scan saved at 23:08:05, on 24-12-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
c:\windows\system32\ati2evxx.exe
c:\windows\explorer.exe
c:\progra~1\avg\avg8\avgwdsvc.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\diskeeper corporation\diskeeper\dkservice.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\rvs\wcom\system\rvsinst.exe
c:\progra~1\avg\avg8\avgrsx.exe
c:\progra~1\avg\avg8\avgnsx.exe
c:\program files\logitech\itouch\itouch.exe
c:\windows\system32\svchost.exe
c:\windows\system32\searchindexer.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\yahoo!\softwareupdate\yahooauservice.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\java\jre6\bin\jusched.exe
c:\progra~1\avg\avg8\avgtray.exe
c:\program files\peerguardian2\pg2.exe
c:\windows\system32\ctfmon.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\windows desktop search\windowssearch.exe
c:\program files\winzip\wzqkpick.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\program files\ati technologies\ati.ace\cli.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\rdpclip.exe
c:\windows\system32\logonui.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\logon.scr
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchprotocolhost.exe
c:\documents and settings\leo van der stelt\bureaublad\anti virus\forum scanners\forum.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r3 - urlsearchhook: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
r3 - urlsearchhook: avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\ietoolbar.dll
o2 - bho: ie7pro - {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\ietoolbar.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn7\ytsingleinstance.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
o3 - toolbar: avg security toolbar - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\ietoolbar.dll
o4 - hklm\..\run: [zbrowser launcher] c:\program files\logitech\itouch\itouch.exe
o4 - hklm\..\run: [logitech utility] logi_mwx.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [aticcc] c:\program files\ati technologies\ati.ace\cli.exe runtime -delay
o4 - hklm\..\run: [hpdj taskbar utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [tkbellexe] c:\program files\common files\real\update_ob\realsched.exe -osboot
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [avg8_tray] c:\progra~1\avg\avg8\avgtray.exe
o4 - hklm\..\run: [diskeepersystray] c:\program files\diskeeper corporation\diskeeper\dkicon.exe
o4 - hklm\..\run: [malwarebytes anti-malware (reboot)] c:\program files\malwarebytes' anti-malware\mbam.exe /runcleanupscript
o4 - hkcu\..\run: [peerguardian] c:\program files\peerguardian2\pg2.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - global startup: windows search.lnk = c:\program files\windows desktop search\windowssearch.exe
o4 - global startup: winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: &iespell options - res://c:\program files\iespell\iespell.dll/spelloption.htm
o8 - extra context menu item: check &spelling - res://c:\program files\iespell\iespell.dll/spellcheck.htm
o8 - extra context menu item: geselecteerde koppelingen converteren naar bestaand pdf-bestand - res://c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll/acroieappendsellinks.html
o8 - extra context menu item: koppelingdoel converteren naar adobe pdf - res://c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll/acroiecapture.html
o8 - extra context menu item: koppelingdoel converteren naar bestaand pdf-bestand - res://c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll/acroieappend.html
o8 - extra context menu item: lookup on merriam webster - file://c:\program files\iespell\merriam webster.htm
o8 - extra context menu item: lookup on wikipedia - file://c:\program files\iespell\wikipedia.htm
o8 - extra context menu item: selectie converteren naar bestaand pdf-bestand - res://c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll/acroieappend.html
o9 - extra button: ie7pro grab and drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - c:\program files\iepro\iepro.dll
o9 - extra 'tools' menuitem: ie7pro grab and drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - c:\program files\iepro\iepro.dll
o9 - extra button: ie7pro preferences - {0026439f-a980-4f18-8c95-4f1cbbf9c1d8} - c:\program files\iepro\iepro.dll
o9 - extra 'tools' menuitem: ie7pro preferences - {0026439f-a980-4f18-8c95-4f1cbbf9c1d8} - c:\program files\iepro\iepro.dll
o9 - extra button: iespell - {0e17d5b7-9f5d-4fee-9df6-ca6ee38b68a8} - c:\program files\iespell\iespell.dll
o9 - extra 'tools' menuitem: iespell - {0e17d5b7-9f5d-4fee-9df6-ca6ee38b68a8} - c:\program files\iespell\iespell.dll
o9 - extra button: (no name) - {1606d6f9-9d3b-4aea-a025-ed5b2fd488e7} - c:\program files\iespell\iespell.dll
o9 - extra 'tools' menuitem: iespell options - {1606d6f9-9d3b-4aea-a025-ed5b2fd488e7} - c:\program files\iespell\iespell.dll
o9 - extra button: ati tv - {44226dff-747e-4edc-b30c-78752e50cd0c} - c:\program files\ati multimedia\dtv\explbar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o10 - unknown file in winsock lsp: c:\program files\bonjour\mdnsnsp.dll
o11 - options group: [international] international
o16 - dpf: {02bf25d5-8c17-4b23-bc80-d3488abddc6b} (quicktime object) - [noparse]http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab[/noparse]
o16 - dpf: {0cca191d-13a6-4e29-b746-314dee697d83} (facebook photo uploader 5 control) - [noparse]http://upload.facebook.com/controls/2008.10.10_v5.5.8/facebookphotouploader5.cab[/noparse]
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (installation support) - c:\program files\yahoo!\common\yinsthelper.dll
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) - [noparse]http://groups.msn.com/controls/photouc/msnpupld.cab[/noparse]
o16 - dpf: {55027008-315f-4f45-bbc3-8be119764741} (slide image uploader control) - [noparse]http://www.slide.com/uploader/slideimageuploader.cab[/noparse]
o16 - dpf: {5ed80217-570b-4da9-bf44-be107c0ec166} (windows live safety center base module) - [noparse]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab[/noparse]
o16 - dpf: {62475759-9e84-458e-a1ab-5d2c442adfde} - [noparse]http://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/quicktimeinstaller.exe[/noparse]
o16 - dpf: {63d6dd13-c913-466d-9444-9357561e4d94} (upload toepassing control) - [noparse]http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.5.9/uploadtoepassing.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1150732011093[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1150736644625[/noparse]
o16 - dpf: {6e5e167b-1566-4316-b27f-0ddab3484cf7} (image uploader control) - [noparse]http://cache.hyves-static.net/statics/aurigma/imageuploader4.cab[/noparse]
o16 - dpf: {a18962f6-e6ed-40b1-97c9-1fb36f38bfa8} (aurigma image uploader 3.5 control) - [noparse]http://cache.hyves.nl/statics/aurigma/imageuploader.cab[/noparse]
o16 - dpf: {a9f8d9ec-3d0a-4a60-bd82-fbd64bad370d} - [noparse]http://h20264.www2.hp.com/ediags/dd/install/hpdriverdiagnosticsxp2k.cab[/noparse]
o16 - dpf: {cac677b6-4963-4305-9066-0bd135cd9233} (ipsuploader4 control) - [noparse]http://as.photoprintit.de/ips-opdata/layout/default01/activex/ipsuploader4.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o16 - dpf: {de625294-70e6-45ed-b895-cffa13aeb044} (axismediacontrolemb class) - [noparse]http://195.113.207.238/activex/amc.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o16 - dpf: {edfcb7cb-942c-4822-af14-f0b687409848} (image uploader control) - [noparse]http://cache.hyves-static.net/statics/aurigma/imageuploader4.cab[/noparse]
o16 - dpf: {f00f4763-7355-4725-82f7-0da94a256d46} (incredimail) - [noparse]http://www2.incredimail.com/contents/setup/downloader/imloader.cab[/noparse]
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - [noparse]http://chat.msn.com/controls/msnchat45.cab[/noparse]
o16 - dpf: {fd0b6769-6490-4a91-aa0a-b5ae0dc75ac9} (performance viewer activex control) - [noparse]https://85.147.168.13/activex/ractrl.cab[/noparse]
o16 - dpf: {fe0bd779-44ee-4a4b-aa2e-743c63f2e5e6} (iwinampactivex class) - [noparse]http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab[/noparse]
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg8\avgpp.dll
o18 - protocol: livecall - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\wi1f86~1\messen~1\msgrap~1.dll
o18 - protocol: msnim - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\wi1f86~1\messen~1\msgrap~1.dll
o18 - protocol: wlmailhtml - {03c514a3-1efb-4856-9f99-10d7be1653c0} - c:\program files\windows live\mail\mailcomm.dll
o20 - winlogon notify: avgrsstarter - c:\windows\system32\avgrsstx.dll
o20 - winlogon notify: dimsntfy - %systemroot%\system32\dimsntfy.dll (file missing)
o21 - ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\windows\system32\wpdshserviceobj.dll
o23 - service: a-squared free service (a2free) - emsi software gmbh - c:\program files\a-squared free\a2service.exe
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: ati smart - unknown owner - c:\windows\system32\ati2sgag.exe
o23 - service: avg free8 watchdog (avg8wd) - avg technologies cz, s.r.o. - c:\progra~1\avg\avg8\avgwdsvc.exe
o23 - service: ##id_string1.6844f930_1628_4223_b5cc_5bb94b879762## (bonjour service) - apple computer, inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: diskeeper - diskeeper corporation - c:\program files\diskeeper corporation\diskeeper\dkservice.exe
o23 - service: flexnet licensing service - macrovision europe ltd. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: java quick starter (javaquickstarterservice) - unknown owner - c:\program files\java\jre6\bin\jqs.exe -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf (file missing)
o23 - service: nbservice - nero ag - c:\program files\nero\nero 7\nero backitup\nbservice.exe
o23 - service: rvs installer (rvsinst) - living byte software gmbh, mnchen - c:\program files\rvs\wcom\system\rvsinst.exe
o23 - service: smartlinkservice (slservice) - smart link - c:\windows\system32\slserv.exe
o23 - service: yahoo! updater (yahooauservice) - yahoo! inc. - c:\program files\yahoo!\softwareupdate\yahooauservice.exe
[/hjt]
heb een programma gedownload van 'hide my ip' Krijg hem niet verwijdert met mbam.Zie ook het log van m.bam.
--- automatische edit ---
Malwarebytes' Anti-Malware 1.42
Database versie: 3425
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24-12-2009 23:05:50
mbam-log-2009-12-24 (23-05-50).txt
Scan type: Snelle Scan
Objecten gescand: 108707
Verstreken tijd: 10 minute(s), 17 second(s)
Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 0
Registerwaarden genfecteerd: 1
Registerdata bestanden genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 0
Geheugenprocessen genfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen genfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels genfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden genfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\friendlyname (Trojan.FakeAlert) -> Delete on reboot.
Registerdata bestanden genfecteerd:
(Geen kwaadaardige items gevonden)
Mappen genfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden genfecteerd:
(Geen kwaadaardige items gevonden)
Laatst bewerkt door een moderator: