• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Virus e.d.

Status
Niet open voor verdere reacties.
S

snakechaser

Gevestigd lid
Lid geworden
6 sep 2004
Berichten
345
Waarderingsscore
0
Ha die Kingpin, Abraham, en evt. andere guru's:biggrin:

Zonet deed ik een geheugenkaartje in mijn pc ("Pc XP") en Avira begon me te waarschuwen voor een virus in de autorun.inf. Omdat dit geheugenkaartje ook op andere computers is geweest leek het me verstandig maar even drie logjes te plaatsen van alle computers. Ik heb eerst met dat kleine bestandje alle temp files e.d. weggehaald, daarna Spybot gebruikt (die vond op elke computer wel wat, maar het meeste op de sony vaio vista) en toen de volgende logjes gemaakt. Sommige pc's hebben ook wat popups

Misschien is het niet de bedoeling er drie in een keer te geven, maar hulp wordt natuurlijk zeer op prijs gesteld! Ik blijf er versteld van staan hoe jullie iedereen zo helpen!:worship:

PC XP:

[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:39, on 30-12-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\spoolsv.exe
c:\program files\avira\antivir desktop\sched.exe
c:\program files\avira\antivir desktop\avguard.exe
c:\xampp\apache\bin\apache.exe
c:\program files\bonjour\mdnsresponder.exe
c:\windows\system32\hasplms.exe
c:\windows\explorer.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\sandboxie\sbiesvc.exe
c:\windows\system32\svchost.exe
c:\windows\system32\rundll32.exe
c:\program files\avira\antivir desktop\avgnt.exe
c:\windows\system32\ctfmon.exe
c:\xampp\apache\bin\apache.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Naam\mijn documenten\downloads\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/ig[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o4 - hklm\..\run: [cmaudio] rundll32 cmicnfg.cpl,cmictrlwnd
o4 - hklm\..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe /min
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o9 - extra button: bonjour - {7f9db11c-e358-4ca6-a83d-acc663939424} - c:\program files\bonjour\explorerplugin.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {4871a87a-bfdd-4106-8153-ffde2bac2967} (dlm control) - [noparse]http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1235082886390[/noparse]
o16 - dpf: {fd0b6769-6490-4a91-aa0a-b5ae0dc75ac9} (performance viewer activex control) - [noparse]https://secure.logmein.com/activex/ractrl.cab?lmi=100[/noparse]
o17 - hklm\system\ccs\services\tcpip\..\{0dc0b648-8fee-40e6-b86c-9faf6e42db5e}: nameserver = 62.179.104.196
o17 - hklm\system\cs1\services\tcpip\..\{0dc0b648-8fee-40e6-b86c-9faf6e42db5e}: nameserver = 62.179.104.196
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files\avira\antivir desktop\avguard.exe
o23 - service: apache2.2 - apache software foundation - c:\xampp\apache\bin\apache.exe
o23 - service: ati hotkey poller - ati technologies inc. - c:\windows\system32\ati2evxx.exe
o23 - service: ati smart - unknown owner - c:\windows\system32\ati2sgag.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: flexnet licensing service - acresso software inc. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: google updateservice (gupdate1c9a930e2d0bda8) (gupdate1c9a930e2d0bda8) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: hasp license manager (hasplms) - aladdin knowledge systems ltd. - c:\windows\system32\hasplms.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: mysql - unknown owner - c:\xampp\mysql\bin\mysqld.exe
o23 - service: nbservice - nero ag - d:\program files\nero\nero 7\nero backitup\nbservice.exe
o23 - service: sandboxie service (sbiesvc) - tzuk - c:\program files\sandboxie\sbiesvc.exe
--
end of file - 5878 bytes

[/hjt]


Sony Vaio laptop (Vista):
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:09, on 30-12-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\windows\system32\taskeng.exe
c:\program files\sony\vaio power management\spmgr.exe
c:\program files\sony\vaio update 4\vaioupdt.exe
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\program files\windows defender\msascui.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\synaptics\syntp\syntpenh.exe
c:\program files\adobe\reader 8.0\reader\reader_sl.exe
c:\program files\sony\isb utility\isbmgr.exe
c:\program files\avira\antivir desktop\avgnt.exe
c:\program files\quicktime\qttask.exe
c:\windows\windowsmobile\wmdsync.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\sony\network utility\lanutil.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\searchfilterhost.exe
c:\users\naam\downloads\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://www.club-vaio.com[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/ig?hl=nl&source=iglk[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://www.club-vaio.com[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: adobe pdf reader help bij koppelingen - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: bitcomet clickcapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\bitcometbho_1.3.3.2.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
o2 - bho: browser address error redirector - {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\bae.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: flashfxp helper for internet explorer - {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\ieflash.dll
o3 - toolbar: (no name) - {0bf43445-2f28-4351-9252-17fe6e806aa0} - (no file)
o4 - hklm\..\run: [windows defender] %programfiles%\windows defender\msascui.exe -hide
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [hotkeyscmds] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [rthdvcpl] rthdvcpl.exe
o4 - hklm\..\run: [syntpenh] c:\program files\synaptics\syntp\syntpenh.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [isbmgr.exe] c:\program files\sony\isb utility\isbmgr.exe
o4 - hklm\..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe /min
o4 - hklm\..\run: [updatepdrshortcut] c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [windows mobile-based device management] %windir%\windowsmobile\wmdsync.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [nbagent] c:\program files\nero\nero backitup & burn\nero backitup\nbagent.exe /winstart
o4 - hklm\..\run: [nbkeyscan] c:\program files\nero\nero backitup 4\nbkeyscan.exe
o4 - hkcu\..\run: [nsufloatingui] c:\program files\sony\network utility\lanutil.exe
o4 - hkcu\..\run: [google update] c:\users\naam\appdata\local\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'local service')
o4 - hkus\s-1-5-19\..\run: [windowswelcomecenter] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /detectmem (user 'network service')
o4 - startup: openoffice.org 3.1 .lnk = c:\program files\openoffice.org 3\program\quickstart.exe
o8 - extra context menu item: &d&ownload &met bitcomet - res://c:\program files\bitcomet\bitcomet.exe/addlink.htm
o8 - extra context menu item: &d&ownload alle video met bitcomet - res://c:\program files\bitcomet\bitcomet.exe/addvideo.htm
o8 - extra context menu item: &d&ownload alles met bitcomet - res://c:\program files\bitcomet\bitcomet.exe/addalllink.htm
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: bitcomet - {d18a0b52-d63c-4ed0-afc6-c1e3dc1af43a} - res://c:\program files\bitcomet\tools\bitcometbho_1.3.3.2.dll/206 (file missing)
o13 - gopher prefix:
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files\avira\antivir desktop\avguard.exe
o23 - service: intel(r) proset/wireless event log (evteng) - intel(r) corporation - c:\program files\intel\wifi\bin\evteng.exe
o23 - service: google updateservice (gupdate1c9f19f13f0fa5d) (gupdate1c9f19f13f0fa5d) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: iviregmgr - intervideo - c:\program files\common files\intervideo\regmgr\iviregmgr.exe
o23 - service: nero backitup scheduler 4.0 - nero ag - c:\program files\common files\nero\nero backitup 4\nbservice.exe
o23 - service: nsuservice - sony corporation - c:\program files\sony\network utility\nsuservice.exe
o23 - service: plflash deviceiocontrol service - prolific technology inc. - c:\windows\system32\ioctlsvc.exe
o23 - service: intel(r) proset/wireless registry service (regsrvc) - intel(r) corporation - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
o23 - service: cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
o23 - service: realtek audio service (rtkaudioservice) - realtek semiconductor - c:\windows\rtkaudioservice.exe
o23 - service: sandboxie service (sbiesvc) - tzuk - c:\program files\sandboxie\sbiesvc.exe
o23 - service: vaio power management - sony corporation - c:\program files\sony\vaio power management\spmservice.exe
o23 - service: vaio content metadata intelligent analyzing manager (vcmialzmgr) - sony corporation - c:\program files\sony\vcm intelligent analyzing manager\vcmialzmgr.exe
o23 - service: vaio content metadata xml interface (vcmxmlifhelper) - sony corporation - c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper.exe
o23 - service: xaudioservice - conexant systems, inc. - c:\windows\system32\drivers\xaudio.exe
--
end of file - 8076 bytes

[/hjt]






HP laptop (xp)

[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:22, on 30-12-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\hewlett-packard\drive encryption\hpfkcrypt.exe
c:\windows\system32\svchost.exe
c:\program files\widcomm\bluetooth software\bin\btwdins.exe
c:\windows\system32\spoolsv.exe
c:\program files\avira\antivir desktop\sched.exe
c:\program files\hewlett-packard\iam\bin\asghost.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\avira\antivir desktop\avguard.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\windows\system32\cisvc.exe
c:\program files\common files\intervideo\regmgr\iviregmgr.exe
c:\program files\common files\lightscribe\lssrvc.exe
c:\windows\explorer.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\mqsvc.exe
c:\program files\hewlett-packard\hp protecttools security manager\pthosttr.exe
c:\program files\synaptics\syntp\syntpenh.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\hewlett-packard\hp wireless assistant\hpwamain.exe
c:\windows\sminst\scheduler.exe
c:\windows\system32\accelerometerst.exe
c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe
c:\program files\avira\antivir desktop\avgnt.exe
c:\program files\analog devices\core\smax4pnp.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\hp\hp software update\hpwuschd2.exe
c:\windows\system32\ctfmon.exe
c:\program files\microsoft activesync\wcescomm.exe
c:\progra~1\mi3aa1~1\rapimgr.exe
c:\program files\widcomm\bluetooth software\bttray.exe
c:\program files\mcafee security scan\1.0.150\ssscheduler.exe
c:\windows\system32\mqtgsvc.exe
c:\progra~1\widcomm\blueto~1\btstac~1.exe
c:\program files\hewlett-packard\shared\hpqwmiex.exe
c:\program files\ipod\bin\ipodservice.exe
c:\program files\hewlett-packard\hp quick launch buttons\com4qlbex.exe
c:\program files\hewlett-packard\shared\hpqtoaster.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\cidaemon.exe
c:\program files\mozilla firefox\firefox.exe
c:\documents and settings\administrator\mijn documenten\mijn downloads\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/ig[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\internet connection wizard,shellnext = [noparse]http://www.hp.com/[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: btorbit.com - {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
o2 - bho: credential manager for hp protecttools - {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\itieaddin.dll
o2 - bho: flashfxp helper for internet explorer - {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\ieflash.dll
o3 - toolbar: grab pro - {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\grabpro.dll
o4 - hklm\..\run: [msmqintcert] regsvr32 /s mqrt.dll
o4 - hklm\..\run: [pthosttr] c:\program files\hewlett-packard\hp protecttools security manager\pthosttr.exe /start
o4 - hklm\..\run: [syntpenh] c:\program files\synaptics\syntp\syntpenh.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [hotkeyscmds] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [hpwirelessassistant] %programfiles%\hewlett-packard\hp wireless assistant\hpwamain.exe
o4 - hklm\..\run: [cognizancets] rundll32.exe c:\progra~1\hewlet~1\iam\bin\astsvcc.dll,registermodule
o4 - hklm\..\run: [recguard] c:\windows\sminst\recguard.exe
o4 - hklm\..\run: [scheduler] c:\windows\sminst\scheduler.exe
o4 - hklm\..\run: [cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
o4 - hklm\..\run: [watchdog] c:\program files\intervideo\dvd check\dvdcheck.exe
o4 - hklm\..\run: [accelerometersystrayapplet] c:\windows\system32\accelerometerst.exe
o4 - hklm\..\run: [syntpstart] c:\program files\synaptics\syntp\syntpstart.exe
o4 - hklm\..\run: [qlbctrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe /start
o4 - hklm\..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe /min
o4 - hklm\..\run: [soundmaxpnp] c:\program files\analog devices\core\smax4pnp.exe
o4 - hklm\..\run: [pcleusbtip] c:\program files\pinnacle\shared files\programs\usbtip\usbtip.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [hp software update] c:\program files\hp\hp software update\hpwuschd2.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [h/pc connection agent] c:\program files\microsoft activesync\wcescomm.exe
o4 - hkcu\..\run: [google update] c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe /c
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: bttray.lnk = ?
o4 - global startup: mcafee security scan.lnk = ?
o8 - extra context menu item: &download by orbit - res://c:\program files\orbitdownloader\orbitmxt.dll/201
o8 - extra context menu item: &grab video by orbit - res://c:\program files\orbitdownloader\orbitmxt.dll/204
o8 - extra context menu item: do&wnload selected by orbit - res://c:\program files\orbitdownloader\orbitmxt.dll/203
o8 - extra context menu item: down&load all by orbit - res://c:\program files\orbitdownloader\orbitmxt.dll/202
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office10\excel.exe/3000
o8 - extra context menu item: verzenden naar &bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
o9 - extra button: create mobile favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\mi3aa1~1\inetrepl.dll
o9 - extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\mi3aa1~1\inetrepl.dll
o9 - extra 'tools' menuitem: mobiele favorieten maken... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\mi3aa1~1\inetrepl.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra 'tools' menuitem: @btrez.dll,-12650 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o14 - iereset.inf: start_page_url=[noparse]http://www.hp.com[/noparse]
o16 - dpf: {a796d216-2de1-4ea8-babb-fe6e7c959098} (hpsddx class) - [noparse]http://www.hp.com/cpso-support-new/sdd/hpsddobjsigned.cab[/noparse]
o20 - appinit_dlls: apshook.dll
o20 - winlogon notify: onecard - c:\program files\hewlett-packard\iam\bin\aswlnpkg.dll
o23 - service: agere modem call progress audio (ageremodemaudio) - agere systems - c:\windows\system32\agrsmsvc.exe
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files\avira\antivir desktop\avguard.exe
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: bluetooth service (btwdins) - broadcom corporation. - c:\program files\widcomm\bluetooth software\bin\btwdins.exe
o23 - service: com4qlbex - hewlett-packard development company, l.p. - c:\program files\hewlett-packard\hp quick launch buttons\com4qlbex.exe
o23 - service: google update service (gupdate1c989c682d98756) (gupdate1c989c682d98756) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: drive encryption service (hpfkcryptservice) - safeboot international - c:\program files\hewlett-packard\drive encryption\hpfkcrypt.exe
o23 - service: hpqwmiex - hewlett-packard development company, l.p. - c:\program files\hewlett-packard\shared\hpqwmiex.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: iviregmgr - intervideo - c:\program files\common files\intervideo\regmgr\iviregmgr.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: liveupdate - unknown owner - c:\progra~1\symantec\liveup~1\lucoms~1.exe (file missing)
o23 - service: liveupdate notice service ex (liveupdate notice ex) - unknown owner - c:\program files\common files\symantec shared\ccsvchst.exe (file missing)
o23 - service: liveupdate notice service - unknown owner - c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe (file missing)
o23 - service: pc angel (pca) - softthinks - c:\windows\sminst\pcangel.exe
o23 - service: planner voor automatische liveupdate - unknown owner - c:\program files\symantec\liveupdate\aluschedulersvc.exe (file missing)
o23 - service: stllssvr - unknown owner - c:\program files\common files\surething shared\stllssvr.exe (file missing)
--
end of file - 11824 bytes

[/hjt]
 
Hoi Snakechaser :)


Kan je eens het betreffende geheugenkaartje insteken (bij de computer waar je er de medingen over krijgt) , en deze tool ("ontsmetter" van Flesh geheugen) er over laten gaan :


Gebruik Flash_Disinfector.exe van sUbs
* Download volgend removaltooltje naar je bureaublad:
Flash_Disinfector.exe
* Dubbelklik Flash_Disinfector.exe (sdkaartje dus in de pcv ingestoken, anders wordt het niet gedesinfecteerd ;))
* wacht tot het klaar is


Herstart de pc
Heb je dan nog last van de waarschuwingen bij het geheugenkaartje?



=================================
# Het eerste logje (PC XP) ziet er clean uit :)
==================================

======================================================
# Bij het tweede logje, Vaoio Vista laptop, kan je onderstaande doen:

Fix met Hijackthis volgende sleutel
* Maak een nieuwe scan met HJT.
* Enkel onderstaande regel aanvinken in de nieuwe scan.
* Even alle open sites (ook deze) sluiten.
* Dan op het knopje "fix checked" klikken.
* Sluit daarna HJT
o3 - toolbar: (no name) - {0bf43445-2f28-4351-9252-17fe6e806aa0} - (no file) <-- restje van McAfee siteadvisor
Klik om te vergroten...
======================================================

======================================================
# En bij de derde, HP laptop-xp volgende:



Fix met HJT deze regel
o4 - global startup: mcafee security scan.lnk = ? <--- McAfee overblijseltje
Klik om te vergroten...


Schakel deze services uit
Het gaat om achtergebleven Symantec regels die voor problemen kunnen zorgen ivm de huidige antivirus (avira)
* ga naar start > uitvoeren > geef in : services.msc en enter
* ga naar deze achtergebleven Symantec service :
planner voor automatische liveupdate
* rechtermuisklik erop > kies "eigenschappen"
* bij "opstarttype" zet op "uitgeschakeld"
* klik "toepassen", dan "ok"
* doe hetzelfde voor deze, dus ook op uitgeschakeld > toepassen > ok zetten
liveupdate
liveupdate notice service ex
liveupdate notice service


Herstart de pc


download en gebruik het Symantec removaltool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
En laat het lopen


Herstart weer de pc


En maak/post een vers HJTlogje van deze
======================================================


succes :)
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan