Hallo,
Gisteren werd ik verrast door System security. Met geen mogelijkheid kon ik het verwijderen, steeds kwam hij weer terug. Heb hem toen handmatig verwijderd. (niet goed?) Sinds gisteravond kan ik niet meer op internet, mijn Outlook werkt wel. In de veilige modus werkt internet explorer wel. Ik heb inmiddels M-bam, Ad Aware en Spybot erdoor gehaald. Allen uitgebreide scans. Vervolgens de gevonden problemen verwijderd. Ook met Panda een volledige scan gedaan. Helaas is het probleem nog niet opgelost.
Hierbij de logjes van M-bam, AdAware en Hijack in de hoop dat jullie mij kunnen helpen.
Malwarebytes' Anti-Malware 1.36
Database versie: 2155
Windows 6.0.6001 Service Pack 1
20-5-2009 14:45:44
mbam-log-2009-05-20 (14-45-44).txt
Scan type: Volledige Scan (C:\|H:\|)
Objecten gescand: 283616
Verstreken tijd: 32 minute(s), 37 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\ProgramData\18681784\18681784.exe (Rogue.SystemSecurity2009) -> Quarantined and deleted successfully.
Logfile created: 20-5-2009 14:52:58
Lavasoft Ad-Aware version: 8.0.4
Extended engine version: 8.1
User performing scan: Carl
*********************** Definitions database information ***********************
Lavasoft definition file: 144.0
Extended engine definition file: 8.1
******************************** Scan results: *********************************
Scan profile name: Vol. scan (ID: full)
Objects scanned: 237360
Objects detected: 12
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 12
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Clean status: Success Item ID: 409125 Family ID: 0
Description: *webads* Family Name: Cookies Clean status: Success Item ID: 408780 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Clean status: Success Item ID: 409125 Family ID: 0
Description: *webads* Family Name: Cookies Clean status: Success Item ID: 408780 Family ID: 0
Scan and cleaning complete: Finished correctly after 1996 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vol. scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\,H:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Tue May 19 21:20:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Tue May 19 21:20:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: PC_VAN_CARL
Processor name: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz
Processor identifier: x86 Family 6 Model 15 Stepping 11
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3851, number of processors 4
Physical memory available: 2685202432 bytes
Physical memory total: 3219468288 bytes
Virtual memory available: 2042810368 bytes
Virtual memory total: 2147352576 bytes
Memory load: 16%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:
Running processes:
PID: 352 name: C:\WINDOWS\System32\smss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 420 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 456 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 464 name: C:\WINDOWS\System32\wininit.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 508 name: C:\WINDOWS\System32\winlogon.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 536 name: C:\WINDOWS\System32\services.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 552 name: C:\WINDOWS\System32\lsass.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 560 name: C:\WINDOWS\System32\lsm.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 712 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 768 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 804 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 888 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 920 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 944 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 976 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1052 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1220 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1276 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1420 name: C:\WINDOWS\explorer.exe owner: Carl domain: PC_van_Carl
PID: 1532 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1792 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1900 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 256 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Carl domain: PC_van_Carl
PID: 1284 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Carl domain: PC_van_Carl
PID: 860 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Carl domain: PC_van_Carl
Startup items:
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: RtHDVCpl
imagepath: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Name: GrooveMonitor
imagepath: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Name: APVXDWIN
imagepath: "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
Name: SCANINICIO
imagepath: "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
Name: NBKeyScan
imagepath: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Snelle start.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
imagepath: C:\Program Files\WinZip\WZQKPICK.EXE
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: BFE
displayname: Base Filtering Engine
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: EapHost
displayname: Extensible Authentication Protocol
Name: Eventlog
displayname: Windows Event Log
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: KeyIso
displayname: CNG Key Isolation
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MpsSvc
displayname: Windows Firewall
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List-service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface-service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile-service
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN Auto Config
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:02, on 20-5-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Bij voorbaat mijn hartelijke dank.
Een in paniek zijnde Carl
Gisteren werd ik verrast door System security. Met geen mogelijkheid kon ik het verwijderen, steeds kwam hij weer terug. Heb hem toen handmatig verwijderd. (niet goed?) Sinds gisteravond kan ik niet meer op internet, mijn Outlook werkt wel. In de veilige modus werkt internet explorer wel. Ik heb inmiddels M-bam, Ad Aware en Spybot erdoor gehaald. Allen uitgebreide scans. Vervolgens de gevonden problemen verwijderd. Ook met Panda een volledige scan gedaan. Helaas is het probleem nog niet opgelost.
Hierbij de logjes van M-bam, AdAware en Hijack in de hoop dat jullie mij kunnen helpen.
Malwarebytes' Anti-Malware 1.36
Database versie: 2155
Windows 6.0.6001 Service Pack 1
20-5-2009 14:45:44
mbam-log-2009-05-20 (14-45-44).txt
Scan type: Volledige Scan (C:\|H:\|)
Objecten gescand: 283616
Verstreken tijd: 32 minute(s), 37 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\ProgramData\18681784\18681784.exe (Rogue.SystemSecurity2009) -> Quarantined and deleted successfully.
Logfile created: 20-5-2009 14:52:58
Lavasoft Ad-Aware version: 8.0.4
Extended engine version: 8.1
User performing scan: Carl
*********************** Definitions database information ***********************
Lavasoft definition file: 144.0
Extended engine definition file: 8.1
******************************** Scan results: *********************************
Scan profile name: Vol. scan (ID: full)
Objects scanned: 237360
Objects detected: 12
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 12
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Clean status: Success Item ID: 409125 Family ID: 0
Description: *webads* Family Name: Cookies Clean status: Success Item ID: 408780 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Clean status: Success Item ID: 409125 Family ID: 0
Description: *webads* Family Name: Cookies Clean status: Success Item ID: 408780 Family ID: 0
Scan and cleaning complete: Finished correctly after 1996 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vol. scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\,H:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Tue May 19 21:20:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Tue May 19 21:20:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: PC_VAN_CARL
Processor name: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz
Processor identifier: x86 Family 6 Model 15 Stepping 11
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3851, number of processors 4
Physical memory available: 2685202432 bytes
Physical memory total: 3219468288 bytes
Virtual memory available: 2042810368 bytes
Virtual memory total: 2147352576 bytes
Memory load: 16%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:
Running processes:
PID: 352 name: C:\WINDOWS\System32\smss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 420 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 456 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 464 name: C:\WINDOWS\System32\wininit.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 508 name: C:\WINDOWS\System32\winlogon.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 536 name: C:\WINDOWS\System32\services.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 552 name: C:\WINDOWS\System32\lsass.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 560 name: C:\WINDOWS\System32\lsm.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 712 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 768 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 804 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 888 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 920 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 944 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 976 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1052 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1220 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1276 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1420 name: C:\WINDOWS\explorer.exe owner: Carl domain: PC_van_Carl
PID: 1532 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1792 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 1900 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: SYSTEEM domain: NT AUTHORITY
PID: 256 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Carl domain: PC_van_Carl
PID: 1284 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Carl domain: PC_van_Carl
PID: 860 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Carl domain: PC_van_Carl
Startup items:
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: RtHDVCpl
imagepath: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Name: GrooveMonitor
imagepath: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Name: APVXDWIN
imagepath: "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
Name: SCANINICIO
imagepath: "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
Name: NBKeyScan
imagepath: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Snelle start.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
imagepath: C:\Program Files\WinZip\WZQKPICK.EXE
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: BFE
displayname: Base Filtering Engine
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: EapHost
displayname: Extensible Authentication Protocol
Name: Eventlog
displayname: Windows Event Log
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: KeyIso
displayname: CNG Key Isolation
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MpsSvc
displayname: Windows Firewall
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List-service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface-service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile-service
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN Auto Config
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:02, on 20-5-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Bij voorbaat mijn hartelijke dank.
Een in paniek zijnde Carl
Laatst bewerkt door een moderator:
