Zhu
-
Items
9 -
Registratiedatum
-
Laatst bezocht
Zhu's prestaties
-
Dag kape, Als ik het met Internet Explorer probeer, krijg ik het volgende bericht: "Launch of Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program." Worden al deze problemen veroorzaakt door het virus/worm? Alvast bedankt, Zhu
-
Dag kape, opnieuw bedankt voor je reactie, maar weer stuit ik op een probleem. Ik heb Java dan maar gedownload en geinstalleerd, maar opnieuw krijg ik hetzelfde bericht. Ik gebruik Mozilla Firefox. Misschien heeft dat er iets mee te maken, want ik kan me herinneren dat ik nog wel eens problemen heb gehad met Java.
-
Hallo kape, het gaat om één foutmelding met "regsvr32.exe" in de titelbalk (meen ik me toch te herinneren, de foutmelding kwam vandaag niet op het scherm) en met de tekst atl.dll kan niet worden gevonden. De precieze formulering weet ik niet meer. Vandaag kwam er wel de volgende foutmelding op: in de titelbalk: daemon tools lite. Tekst: dit programma heeft minstens Windows 2000 met SPTD 1.60 of hoger nodig. Kernell debugger moet gedeactiveerd zijn.
-
Dag kape, opnieuw bedankt voor de snelle reactie! Met Malwarebytes heb ik nog steeds hetzelfde probleem en ondertussen komt er een nieuwe foutmelding op het scherm: "regsvr32.exe", atl.dll kan niet worden gevonden. In ieder geval, hier zijn de logbestandjes van HiJackThis and Combofix. Het logbestandje van HiJackThis. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:07:14, on 30-8-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21283) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Documents and Settings\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\regsvr32.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Documents and Settings\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- End of file - 8699 bytes Logbestandje van Combofix: ComboFix 10-08-28.02 - Zhu 30-08-2010 11:06:03.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.751 [GMT 2:00] Gestart vanuit: c:\documents and settings\Zhu\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Zhu\Bureaublad\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100819-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))) . 2010-08-30 07:53 . 2010-08-30 07:53 -------- d-----w- c:\windows\system32\wbem\snmp 2010-08-30 07:53 . 2010-08-30 07:53 -------- d-----w- c:\windows\system32\xircom 2010-08-30 07:53 . 2010-08-30 07:53 -------- d-----w- c:\program files\microsoft frontpage 2010-08-20 09:20 . 2010-08-20 09:20 388096 ----a-r- c:\documents and settings\Zhu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-20 09:20 . 2010-08-20 09:20 -------- d-----w- c:\program files\Trend Micro 2010-08-20 09:12 . 2010-08-20 09:12 -------- d-----w- c:\program files\Common Files\Deterministic Networks 2010-08-19 16:00 . 2010-08-19 16:00 -------- d-----w- c:\documents and settings\Zhu\Application Data\Registry Mechanic 2010-08-19 14:34 . 2010-08-19 17:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-08-19 14:33 . 2010-08-19 14:33 -------- d-----w- c:\program files\Common Files\PC Tools 2010-08-19 14:05 . 2010-08-19 14:18 -------- d-----w- c:\documents and settings\Zhu\Application Data\Uniblue 2010-08-04 13:08 . 2010-08-04 13:08 -------- d-----w- c:\documents and settings\Zhu\Local Settings\Application Data\Yahoo 2010-08-04 13:07 . 2010-08-04 13:07 -------- d-----w- c:\documents and settings\Zhu\Application Data\Yahoo! 2010-08-04 12:58 . 2010-08-04 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2010-08-04 12:58 . 2010-04-20 14:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2010-08-04 12:51 . 2010-08-04 12:58 -------- d-----w- c:\program files\Yahoo! 2010-08-01 11:42 . 2010-08-01 11:44 2568656 ----a-w- c:\documents and settings\Zhu\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-29 16:53 . 2001-09-07 12:00 91074 ----a-w- c:\windows\system32\perfc013.dat 2010-08-29 16:53 . 2001-09-07 12:00 509122 ----a-w- c:\windows\system32\perfh013.dat 2010-08-19 16:48 . 2009-07-19 13:28 -------- d-----w- c:\documents and settings\Zhu\Application Data\vlc 2010-08-19 14:45 . 2009-10-24 23:23 -------- d-----w- c:\documents and settings\Zhu\Application Data\BitTorrent 2010-08-17 16:53 . 2009-01-07 13:15 12543 ----a-w- c:\windows\system32\nvModes.dat 2010-08-16 16:25 . 2009-04-06 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-16 14:54 . 2007-11-11 01:24 29232 ----a-w- c:\documents and settings\Zhu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-15 22:04 . 2009-04-06 12:20 -------- d-----w- c:\program files\Microsoft Works 2010-08-09 11:48 . 2010-04-29 12:31 -------- d-----w- c:\program files\Hotspot Shield 2010-08-08 11:50 . 2007-11-11 01:17 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-30 12:33 . 2008-04-14 20:32 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:19 . 2008-07-05 09:16 841216 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:19 . 2008-07-05 09:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 12:19 . 2008-07-05 09:16 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-24 09:02 . 2008-04-14 20:05 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2008-04-13 22:45 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2008-04-14 20:32 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2007-11-11 01:08 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:43 . 2008-04-14 20:32 1172480 ----a-w- c:\windows\system32\msxml3.dll 2008-02-07 19:46 . 2008-02-07 19:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-02-07 19:46 . 2008-02-07 19:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-02-07 19:46 . 2008-02-07 19:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-02-07 19:46 . 2008-02-07 19:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-02-07 19:46 . 2008-02-07 19:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-02-07 19:46 . 2008-02-07 19:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-02-07 19:46 . 2008-02-07 19:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-03-16 15:27 . 2007-03-16 15:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2007-03-16 15:27 . 2007-03-16 15:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2007-03-16 15:27 . 2007-03-16 15:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2007-07-20 10:47 . 2007-07-20 10:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-02-07 19:46 . 2008-02-07 19:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-29_19.15.44 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-30 08:00 . 2010-08-30 08:00 16384 c:\windows\Temp\Perflib_Perfdata_618.dat + 2010-08-30 08:02 . 2010-08-30 08:02 16384 c:\windows\Temp\Perflib_Perfdata_2d8.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-10 4501504] "nwiz"="nwiz.exe" [2008-11-10 323584] "D-Link AirPlus XtremeG DWL-G122"="c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2010-06-24 124928] c:\documents and settings\Zhu\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2009-12-29 1611152] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Zhu\\Mijn documenten\\Mijn video's\\age\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13-1-2010 15:29 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13-1-2010 15:29 20560] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [19-8-2010 16:56 583640] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28-1-2010 18:39 691696] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.scroogle.org/cgi-bin/scraper.htm FF - prefs.js: keyword.URL - FF - component: c:\documents and settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-30 11:42 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(744) c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Voltooingstijd: 2010-08-30 11:51:34 ComboFix-quarantined-files.txt 2010-08-30 09:51 Pre-Run: 2.334.842.880 bytes beschikbaar Post-Run: 2.325.803.008 bytes beschikbaar - - End Of File - - D3E59FB42C789B6C1546CF499D4283D0
-
Hallo, Combofix gedownload, eerst enkele problemen gehad (ik kreeg een melding dat ik Windows 2000 of XP nodig had - ik heb XP) maar dan opnieuw geïnstalleerd en uiteindelijk is het toch gelukt. Bedankt en hier is het logbestand: ComboFix 10-08-28.02 - Zhu 29-08-2010 20:51:13.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.779 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Zhu\Bureaublad\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100819-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))) . 2010-08-20 09:20:27 . 2010-08-20 09:20:27 388096 ----a-r- C:\Documents and Settings\Zhu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-20 09:20:24 . 2010-08-20 09:20:24 -------- d-----w- C:\Program Files\Trend Micro 2010-08-20 09:12:10 . 2010-08-20 09:12:10 -------- d-----w- C:\Program Files\Common Files\Deterministic Networks 2010-08-19 16:00:02 . 2010-08-19 16:00:02 -------- d-----w- C:\Documents and Settings\Zhu\Application Data\Registry Mechanic 2010-08-19 14:34:02 . 2010-08-19 17:25:33 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP 2010-08-19 14:33:37 . 2010-08-19 14:33:37 -------- d-----w- C:\Program Files\Common Files\PC Tools 2010-08-19 14:05:48 . 2010-08-19 14:18:09 -------- d-----w- C:\Documents and Settings\Zhu\Application Data\Uniblue 2010-08-04 13:08:00 . 2010-08-04 13:08:00 -------- d-----w- C:\Documents and Settings\Zhu\Local Settings\Application Data\Yahoo 2010-08-04 13:07:59 . 2010-08-04 13:07:59 -------- d-----w- C:\Documents and Settings\Zhu\Application Data\Yahoo! 2010-08-04 12:58:08 . 2010-08-04 12:58:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo! 2010-08-04 12:58:08 . 2010-04-20 14:45:20 607472 ----a-w- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2010-08-04 12:51:18 . 2010-08-04 12:58:08 -------- d-----w- C:\Program Files\Yahoo! 2010-08-01 11:42:29 . 2010-08-01 11:44:33 2568656 ----a-w- C:\Documents and Settings\Zhu\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-29 16:53:38 . 2001-09-07 12:00:00 91074 ----a-w- C:\WINDOWS\system32\perfc013.dat 2010-08-29 16:53:38 . 2001-09-07 12:00:00 509122 ----a-w- C:\WINDOWS\system32\perfh013.dat 2010-08-19 16:48:06 . 2009-07-19 13:28:58 -------- d-----w- C:\Documents and Settings\Zhu\Application Data\vlc 2010-08-19 14:45:14 . 2009-10-24 23:23:26 -------- d-----w- C:\Documents and Settings\Zhu\Application Data\BitTorrent 2010-08-17 16:53:16 . 2009-01-07 13:15:54 12543 ----a-w- C:\WINDOWS\system32\nvModes.dat 2010-08-16 16:25:48 . 2009-04-06 12:14:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-08-16 14:54:34 . 2007-11-11 01:24:57 29232 ----a-w- C:\Documents and Settings\Zhu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-15 22:04:18 . 2009-04-06 12:20:00 -------- d-----w- C:\Program Files\Microsoft Works 2010-08-09 11:48:18 . 2010-04-29 12:31:05 -------- d-----w- C:\Program Files\Hotspot Shield 2010-08-08 11:50:32 . 2007-11-11 01:17:09 -------- d-----w- C:\Program Files\Microsoft Silverlight 2010-06-30 12:33:19 . 2008-04-14 20:32:40 149504 ----a-w- C:\WINDOWS\system32\schannel.dll 2010-06-24 12:19:30 . 2008-07-05 09:16:14 841216 ----a-w- C:\WINDOWS\system32\wininet.dll 2010-06-24 12:19:29 . 2008-07-05 09:16:06 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll 2010-06-24 12:19:29 . 2008-07-05 09:16:02 17408 ----a-w- C:\WINDOWS\system32\corpol.dll 2010-06-24 09:02:59 . 2008-04-14 20:05:10 1852032 ----a-w- C:\WINDOWS\system32\win32k.sys 2010-06-21 15:27:11 . 2008-04-13 22:45:12 354304 ----a-w- C:\WINDOWS\system32\drivers\srv.sys 2010-06-17 14:03:48 . 2008-04-14 20:32:28 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll 2010-06-14 14:31:20 . 2007-11-11 01:08:04 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:43:35 . 2008-04-14 20:32:34 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll 2008-02-07 19:46:38 . 2008-02-07 19:46:38 13624 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll 2008-02-07 19:46:12 . 2008-02-07 19:46:12 87360 ----a-w- C:\Program Files\mozilla firefox\plugins\CgpCore.dll 2008-02-07 19:46:20 . 2008-02-07 19:46:20 91448 ----a-w- C:\Program Files\mozilla firefox\plugins\confmgr.dll 2008-02-07 19:46:16 . 2008-02-07 19:46:16 21824 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll 2008-02-07 19:46:56 . 2008-02-07 19:46:56 206136 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxmui.dll 2008-02-07 19:46:18 . 2008-02-07 19:46:18 31544 ----a-w- C:\Program Files\mozilla firefox\plugins\icafile.dll 2008-02-07 19:46:36 . 2008-02-07 19:46:36 40248 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll 2007-03-16 15:27:00 . 2007-03-16 15:27:00 479232 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcm80.dll 2007-03-16 15:27:00 . 2007-03-16 15:27:00 548864 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcp80.dll 2007-03-16 15:27:00 . 2007-03-16 15:27:00 626688 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcr80.dll 2007-07-20 10:47:44 . 2007-07-20 10:47:44 981170 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll 2008-02-07 19:46:12 . 2008-02-07 19:46:12 24384 ----a-w- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "C:\Program Files\Hotspot_Shield\tbHots.dll" [2010-04-15 10:33:48 2515552] [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] 2010-04-15 10:33:48 2515552 ----a-w- C:\Program Files\Hotspot_Shield\tbHots.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "C:\Program Files\Hotspot_Shield\tbHots.dll" [2010-04-15 10:33:48 2515552] [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 15:44:30 3883856] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 11:57:08 369200] "Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 08:17:48 5252408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 01:38:00 34672] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-20 18:41:26 136600] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-11-10 22:10:50 4501504] "nwiz"="nwiz.exe" [2008-11-10 22:10:51 323584] "D-Link AirPlus XtremeG DWL-G122"="C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 11:04:20 1552384] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 10:49:04 49152] "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 09:19:26 207360] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 20:32:54 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "nltide_3"="advpack.dll" [2010-06-24 12:19:28 124928] C:\Documents and Settings\Zhu\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Philips GoGear VIBE Device Manager.lnk - C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2009-12-29 1611152] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-9-11 525664] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Documents and Settings\\Zhu\\Mijn documenten\\Mijn video's\\age\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [13-1-2010 15:29:39 114768] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [13-1-2010 15:29:39 20560] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [19-8-2010 16:56:03 583640] S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [28-1-2010 18:39:00 691696] . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - C:\Documents and Settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.scroogle.org/cgi-bin/scraper.htm FF - prefs.js: keyword.URL - FF - component: C:\Documents and Settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll FF - component: C:\Documents and Settings\Zhu\Application Data\Mozilla\Firefox\Profiles\atjr3w9b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-RegistryMechanic - C:\Program Files\Registry Mechanic\RegMech.exe AddRemove-Forsaken - d:\documents and settings\marc\sjablonen\Uninst.isu AddRemove-Seven Kingdoms Ancient Adversaries Demo - C:\7KAADEMO\DeIsL1.isu
-
Hallo, ik heb dit geprobeerd maar helaas krijg ik opnieuw die twee foutmeldingen te zien en Malwarebytes start niet op. Ik heb Malwarebytes verwijderd en opnieuw geïnstalleerd, maar het zelfde probleem doet zich opnieuw voor. Ik merk ook dat mijn computer een heel stuk trager is geworden dus ik vrees dat avast! niet volledig succesvol was in het tegenhouden van het virus. In ieder geval, ik apprecieer de tijd die je hier al aan besteed hebt. Zhu
-
Deze foutenmeldingen kwamen pas op het scherm nadat ik op Voltooien had geklikt. Sindsdien staat er ook constant een zandlopertje naast mijn muis.
-
Dag kape, bedankt voor de snelle reactie. Het eerste deel is al uitgevoerd, maar na het installeren van MBAM komen er twee foutmeldingen op het scherm: Run-time error '0' (met in die balk bovenaan, waar het X-je om af te sluiten staat de volgende tekst: vb Accelerator s Grid II Control) en Run-time error 440 Automation error . Groeten, Zhu
-
Hallo, Ik ben Zhu. Sinds gisteren krijg ik iedere keer ik internet open (firefox) een waarschuwing van avast! met de mededeling dat dit virus of deze worm op mijn pc zit (of toch iets dergelijks). Avast laat me ook weten dat ik me geen zorgen moet maken, maar dat doe ik nu wel. Avast geeft ook een link aan van de site die, vermoed ik - want ik weet er eigenlijk niet van - , mij pc aanvalt. Dit is de link: h---://storage.conduit.com/52/156/CT1561552/BrowserFiles/5cf24901-2f12-4157-8b75-081f049e00f05a3dc691-4296-4a6b-b36e-c71f83c967f8.html Een vlugge zoektocht op het internet laat me weten dat dit probleem niet in 1, 2, 3 opgelost is. Kunnen jullie mij helpen? Ik heb ondertussen HiJackThis gedownload. Dit is het logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:21:01, on 20-8-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21283) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Documents and Settings\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [hivew] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Zhu\LOCALS~1\Temp\4139152416don.dll,Set1 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Documents and Settings\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- End of file - 10269 bytes
