Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijack log startpagina is veranderd

None
3 antwoorden
  • Logfile of HijackThis v1.99.1
    Scan saved at 21:49:25, on 27-10-2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\ATKKBService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\AMD\PowerNow!\GemServ.exe
    C:\WINNT\system32
    vsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\73TNFLCW\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {1D359F31-6328-4ED3-9408-503F707E1D21} - C:\WINNT\system32\mljjh.dll
    O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\TrueCodec\isaddon.dll
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: mljjh - C:\WINNT\system32\mljjh.dll
    O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32
    wprovau.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINNT\ATKKBService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: AMD PowerNow! ™ Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32
    vsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Administrator - vr 27-10-2006 21:39:27,60 Service Pack 4
    ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))


    2006-10-27 19:42 106,496 –a—— C:\WINNT\system32\tazth.dll
    2006-10-27 12:02 847,872 –a—— C:\WINNT\system32\xvidcore.dll
    2006-10-27 12:02 77,824 –a—— C:\WINNT\system32\mplaw7.dll
    2006-10-27 12:02 77,824 –a—— C:\WINNT\system32\mplaa6.dll
    2006-10-27 12:02 65,536 –a—— C:\WINNT\system32\mplapx.dll
    2006-10-27 12:02 65,536 –a—— C:\WINNT\system32\mplam6.dll
    2006-10-27 12:02 630,784 –a—— C:\WINNT\system32\vp7vfw.dll
    2006-10-27 12:02 56,832 –a—— C:\WINNT\system32\Iyvu9_32.dll
    2006-10-27 12:02 5,632 –a—— C:\WINNT\system32\ff_vfw.dll
    2006-10-27 12:02 446,464 –a—— C:\WINNT\system32\vp31vfw.dll
    2006-10-27 12:02 438,272 –a—— C:\WINNT\system32\vp6vfw.dll
    2006-10-27 12:02 413,760 –a—— C:\WINNT\system32\msmpeg4.dll
    2006-10-27 12:02 413,760 –a—— C:\WINNT\system32\DivXc32f.dll
    2006-10-27 12:02 413,760 –a—— C:\WINNT\system32\DivXc32.dll
    2006-10-27 12:02 39,936 –a—— C:\WINNT\system32\huffyuv.dll
    2006-10-27 12:02 344,064 –a—— C:\WINNT\system32\msvcr70.dll
    2006-10-27 12:02 338,432 –a—— C:\WINNT\system32\Ir41_qcx.dll
    2006-10-27 12:02 286,720 –a—— C:\WINNT\system32\3ivxVfWCodec.dll
    2006-10-27 12:02 2,024,448 –a—— C:\WINNT\system32\divx.dll
    2006-10-27 12:02 19,968 –a—— C:\WINNT\system32\cpuinf32.dll
    2006-10-27 12:02 157,696 –a—— C:\WINNT\system32\unrar.dll
    2006-10-27 12:02 151,552 –a—— C:\WINNT\system32\xvidvfw.dll
    2006-10-27 12:02 151,552 –a—— C:\WINNT\system32\Npindeo.dll
    2006-10-27 12:02 144,384 –a—— C:\WINNT\system32\Iacenc.dll
    2006-10-27 12:02 1,650,688 –a—— C:\WINNT\system32\mplva6.dll
    2006-10-27 12:02 1,581,056 –a—— C:\WINNT\system32\mplvw7.dll
    2006-10-27 12:02 1,552,384 –a—— C:\WINNT\system32\mplvm6.dll
    2006-10-27 12:02 1,122,304 –a—— C:\WINNT\system32\mplvpx.dll
    2006-10-27 12:02 1,024,000 –a—— C:\WINNT\system32\3ivx.dll
    2006-10-26 19:04 528,384 C:\WINNT\system32Astro Gemini Screensaver Manager.scr
    2006-10-26 11:13 118,804 –a—— C:\WINNT\system32\kfqmjylv.dll
    2006-10-25 11:12 118,804 –a—— C:\WINNT\system32\viogtsqe.dll
    2006-10-24 14:01 67,604 –a—— C:\WINNT\system32\jhrkykng.exe
    2006-10-24 14:01 118,804 –a—— C:\WINNT\system32\quxvqvda.dll
    2006-10-21 23:48 395,776 –a—— C:\WINNT\system32\libmplayer.dll
    2006-10-21 23:48 34,820 –a—— C:\WINNT\system32\ffdshow.reg
    2006-10-21 23:48 262,144 –a—— C:\WINNT\system32\TomsMoComp_ff.dll
    2006-10-21 23:48 2,255,360 –a—— C:\WINNT\system32\libavcodec.dll
    2006-10-21 23:48 112,640 –a—— C:\WINNT\system32\libmpeg2_ff.dll
    2006-10-21 12:22 947,472 –a—— C:\WINNT\system32\msjava.dll
    2006-10-21 12:22 46,352 –a—— C:\WINNT\setdebug.exe
    2006-10-21 12:22 313,856 –a—— C:\WINNT\system32\dx3j.dll
    2006-10-21 12:22 286,992 –a—— C:\WINNT\system32\vmhelper.dll
    2006-10-21 12:22 21,264 –a—— C:\WINNT\system32\msjdbc10.dll
    2006-10-21 12:22 172,304 –a—— C:\WINNT\system32\jview.exe
    2006-10-21 12:22 171,792 –a—— C:\WINNT\system32\wjview.exe
    2006-10-21 12:22 171,280 –a—— C:\WINNT\system32\jit.dll
    2006-10-21 12:22 154,384 –a—— C:\WINNT\system32\msawt.dll
    2006-10-21 12:22 15,120 –a—— C:\WINNT\system32\jdbgmgr.exe
    2006-10-21 12:22 139,536 –a—— C:\WINNT\system32\javaee.dll
    2006-10-21 12:22 113 –a—— C:\WINNT\system32\zonedon.reg
    2006-10-21 12:22 113 –a—— C:\WINNT\system32\zonedoff.reg
    2006-10-21 12:21 63,248 –a—— C:\WINNT\system32\javaprxy.dll
    2006-10-21 12:21 49,424 –a—— C:\WINNT\system32\clspack.exe
    2006-10-21 12:21 404,752 –a—— C:\WINNT\system32\javart.dll
    2006-10-21 12:21 187,152 –a—— C:\WINNT\system32\javacypt.dll
    2006-10-02 16:53 45,525 –a—— C:\WINNT\system32\tddgdhlf.dll
    2006-10-01 13:19 45,525 –a—— C:\WINNT\system32\iukiejvn.dll
    2006-09-30 22:15 58,952 –a—— C:\WINNT\system32\MsgPlusLoader.dll
    2006-09-30 15:32 30,768 –a—— C:\WINNT\system32\drivers\disk.sys
    2006-09-30 15:32 21,552 –a—— C:\WINNT\system32\drivers\USBSTOR.SYS
    2006-09-29 17:32 73,748 –a—— C:\WINNT\system32\tuqvjlln.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-27 21:38 ——– d——– C:\Program Files\Hitman Pro
    2006-10-27 21:18 ——– d——– C:\Program Files\SpywareBlaster
    2006-10-27 21:16 ——– d-a—— C:\Program Files\Spyware Doctor
    2006-10-27 20:41 ——– d——– C:\Program Files\3D Spooky Halloween Screensaver
    2006-10-27 19:42 ——– d——– C:\Program Files\TrueCodec
    2006-10-27 14:00 ——– d-a—— C:\Program Files\ewido anti-spyware 4.0
    2006-10-27 12:19 ——– d——– C:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2006-10-27 12:02 ——– d——– C:\Program Files\K-Lite Codec Pack
    2006-10-27 11:09 ——– d——– C:\Program Files\Google
    2006-10-26 19:46 ——– d——– C:\Documents and Settings\Administrator\Application Data\Starware316
    2006-10-26 19:04 ——– d——– C:\Program Files\Astro Gemini Software
    2006-10-26 19:02 ——– d——– C:\Program Files\Starware316
    2006-10-26 11:13 1243189 —hs—- C:\WINNT\system32\hjjlm.bak2
    2006-10-23 19:34 ——– d——– C:\Program Files\QuickTime
    2006-10-22 15:18 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-10-22 15:16 ——– d——– C:\Program Files\eMule
    2006-10-22 15:15 ——– d——– C:\Program Files\IrfanView
    2006-10-21 23:48 ——– d——– C:\Program Files\Cucusoft
    2006-10-21 23:44 ——– d——– C:\Program Files\AVI DivX to DVD SVCD VCD Converter
    2006-10-21 23:02 ——– d—s—- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2006-10-21 21:56 ——– d——– C:\Program Files\WinAVIVideoConverter
    2006-10-21 13:43 ——– d——– C:\Documents and Settings\Administrator\Application Data\Skype
    2006-10-21 12:28 ——– d——– C:\Program Files\Common Files\System
    2006-10-21 12:24 ——– d——– C:\Program Files\NetMeeting
    2006-10-21 12:22 ——– d-a—— C:\Program Files\Common Files\Microsoft Shared
    2006-10-21 12:22 ——– d-a—— C:\Program Files\Common Files
    2006-10-21 12:22 ——– d–h—– C:\Program Files\Uninstall Information
    2006-10-21 12:22 ——– d——– C:\Program Files\Windows Media Player
    2006-10-21 12:22 ——– d——– C:\Program Files\Outlook Express
    2006-10-21 12:22 ——– d——– C:\Program Files\Internet Explorer
    2006-10-20 12:09 ——– d——– C:\Program Files\LitexMedia
    2006-10-19 13:27 ——– d——– C:\Program Files\Common Files\Adaptec Shared
    2006-10-18 16:14 ——– d——– C:\Program Files\EasyCleaner
    2006-10-01 16:52 ——– d——– C:\Program Files\LimeWire
    2006-09-30 22:17 ——– d——– C:\Program Files\PacificPoker
    2006-09-30 19:56 ——– d——– C:\Program Files\Java
    2006-09-30 19:53 ——– d——– C:\Program Files\Common Files\Java
    2006-09-29 17:33 778656 –a—— C:\WINNT\system32\drivers\avg7core.sys
    2006-09-28 17:28 ——– d——– C:\Documents and Settings\Administrator\Application Data\Google
    2006-09-25 20:08 143380 –a—— C:\WINNT\system32\lbjdjskr.exe
    2006-09-24 18:13 51072 –a—— C:\WINNT\system32\drivers\ikhlayer.sys
    2006-09-23 13:13 ——– d——– C:\Documents and Settings\Administrator\Application Data\BearShare
    2006-09-12 13:48 1713536 –a—— C:\WINNT\system32\NTKRNLPA.EXE
    2006-09-12 13:48 1690880 –a—— C:\WINNT\system32\NTOSKRNL.EXE
    2006-09-06 06:58 1110528 –a—— C:\WINNT\system32\msxml3.dll
    2006-08-28 10:44 530192 –a—— C:\WINNT\system32\comctl32.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
    "ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe /logon"
    "LoadQM"="loadqm.exe"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "SoundMan"="SOUNDMAN.EXE"
    "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
    @=""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000003
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,2c,01,00,00,00,00,00,00,d4,02,00,00,e4,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
    "Spyware Doctor"=""

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
    "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000095
    "CDRAutoRun"=dword:00000000

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
    "isamonitor.exe"="C:\\Program Files\\TrueCodec\\isamonitor.exe"
    "pmsngr.exe"="C:\\Program Files\\TrueCodec\\pmsngr.exe"

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000095

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\mljjh
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify
    wprovau

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


    Completion time: Fri 2006-10-27 21:40:37.01
    ComboFix.txt
    ComboFix2.txt
    ComboFix3.txt
  • Wil je eerst HITMANPRO even verwijderen met alle componenten aub die kan de fix in de weg zitten.

    Start HJT opnieuw en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked.

    [b:8d9d99ef5d]O2 - BHO: (no name) - {1D359F31-6328-4ED3-9408-503F707E1D21} - C:\WINNT\system32\mljjh.dll
    O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
    O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\TrueCodec\isaddon.dll
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
    O4 - Startup: PowerReg Scheduler.exe
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab[/b:8d9d99ef5d]

    [b:8d9d99ef5d]1.[/b:8d9d99ef5d] Download SmitfraudFix (van[b:8d9d99ef5d]S!Ri[/b:8d9d99ef5d]), en pak het uit op je bureaublad.

    [b:8d9d99ef5d]2.[/b:8d9d99ef5d] Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
    Dit, omdat de rest van de fix in veilige modus is en je hier dus niet meer kan terugzoeken.

    [b:8d9d99ef5d]3.[/b:8d9d99ef5d] Start op in Veilige modus[/color:8d9d99ef5d]

    [b:8d9d99ef5d]4.[/b:8d9d99ef5d] Open de map [b:8d9d99ef5d]smitfraudfix[/b:8d9d99ef5d] en dubbelklik op [b:8d9d99ef5d]smitfraudfix.cmd[/b:8d9d99ef5d]
    [list:8d9d99ef5d]* Kies optie #2 - [b:8d9d99ef5d]Clean[/b:8d9d99ef5d] door[b:8d9d99ef5d]2[/b:8d9d99ef5d] te typen, en druk op "[b:8d9d99ef5d]Enter[/b:8d9d99ef5d]" om de
    geïnfecteerde bestanden te verwijderen.

    [i:8d9d99ef5d]Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?"[/i:8d9d99ef5d]
    * Antwoord "yes" door [b:8d9d99ef5d]y[/b:8d9d99ef5d] te typen en druk op "Enter".
    (Als je pc daarna niet herstart, start hem dan handmatig terug op in normale modus)

    [i:8d9d99ef5d]Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.[/i:8d9d99ef5d]
    * Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.[/list:u:8d9d99ef5d]
    [i:8d9d99ef5d]Er zal een tekstbestandje openen met de resultaten van de fix. [/i:8d9d99ef5d]

    [b:8d9d99ef5d]5.[/b:8d9d99ef5d] Post de inhoud van dit bestandje in je volgende antwoord,
    samen met een Hijackthis-logje. (Je kan het rapport ook vinden in c:\rapport.txt)

    Doe ook nog even

    Download [b:8d9d99ef5d]Dr.Web CureIt[/color:8d9d99ef5d][/b:8d9d99ef5d] naar je Bureaublad:[list:8d9d99ef5d][*:8d9d99ef5d]Dubbelklik [b:8d9d99ef5d]drweb-cureit.exe[/b:8d9d99ef5d] Klik op udate
    [*:8d9d99ef5d]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
    [*:8d9d99ef5d]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:8d9d99ef5d]Yes to all[/b:8d9d99ef5d] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    [*:8d9d99ef5d]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
    [*:8d9d99ef5d]Selecteer hier [b:8d9d99ef5d]alle drives[/b:8d9d99ef5d]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    [*:8d9d99ef5d]Klik daarna de [b:8d9d99ef5d]groene pijl[/b:8d9d99ef5d] rechts om de scan te starten.
    [*:8d9d99ef5d]Klik [b:8d9d99ef5d]Yes to all[/b:8d9d99ef5d] wanneer er gevraagd wordt om cure of move uit te voeren.
    [*:8d9d99ef5d]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:8d9d99ef5d]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:8d9d99ef5d]
    [*:8d9d99ef5d]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:8d9d99ef5d]Move incurable[/b:8d9d99ef5d] zoals je hier ziet:
    [img:8d9d99ef5d]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:8d9d99ef5d]
    Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
    [*:8d9d99ef5d]Nadat de scan gedaan is, in het menu bovenaan, klik [b:8d9d99ef5d]File[/b:8d9d99ef5d] en kies [b:8d9d99ef5d]Save report List[/b:8d9d99ef5d]. Bewaar het op je Bureaublad.
    [*:8d9d99ef5d]Sluit daarna Dr.Web Cureit.
    [*:8d9d99ef5d][b:8d9d99ef5d]Herstart[/b:8d9d99ef5d] je computer!! [i:8d9d99ef5d]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:8d9d99ef5d].
    [*:8d9d99ef5d]Na het herstarten, [b:8d9d99ef5d]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:8d9d99ef5d].
    [/list:u:8d9d99ef5d]

    Negeer popups over Buy of 50% korting

    Aub nieuw HJT logje en het logje van Dr.web plus het rapport

    Succes
    J

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.