Vraag & Antwoord

Beveiliging & privacy

hijack log startpagina is veranderd

3 antwoorden
  • Logfile of HijackThis v1.99.1 Scan saved at 21:49:25, on 27-10-2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\ATKKBService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\AMD\PowerNow!\GemServ.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINNT\system32\NOTEPAD.EXE C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\73TNFLCW\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {1D359F31-6328-4ED3-9408-503F707E1D21} - C:\WINNT\system32\mljjh.dll O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\TrueCodec\isaddon.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: mljjh - C:\WINNT\system32\mljjh.dll O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINNT\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • Administrator - vr 27-10-2006 21:39:27,60 Service Pack 4 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 )))))))))))))))))))))))))))))))))) 2006-10-27 19:42 106,496 --a------ C:\WINNT\system32\tazth.dll 2006-10-27 12:02 847,872 --a------ C:\WINNT\system32\xvidcore.dll 2006-10-27 12:02 77,824 --a------ C:\WINNT\system32\mplaw7.dll 2006-10-27 12:02 77,824 --a------ C:\WINNT\system32\mplaa6.dll 2006-10-27 12:02 65,536 --a------ C:\WINNT\system32\mplapx.dll 2006-10-27 12:02 65,536 --a------ C:\WINNT\system32\mplam6.dll 2006-10-27 12:02 630,784 --a------ C:\WINNT\system32\vp7vfw.dll 2006-10-27 12:02 56,832 --a------ C:\WINNT\system32\Iyvu9_32.dll 2006-10-27 12:02 5,632 --a------ C:\WINNT\system32\ff_vfw.dll 2006-10-27 12:02 446,464 --a------ C:\WINNT\system32\vp31vfw.dll 2006-10-27 12:02 438,272 --a------ C:\WINNT\system32\vp6vfw.dll 2006-10-27 12:02 413,760 --a------ C:\WINNT\system32\msmpeg4.dll 2006-10-27 12:02 413,760 --a------ C:\WINNT\system32\DivXc32f.dll 2006-10-27 12:02 413,760 --a------ C:\WINNT\system32\DivXc32.dll 2006-10-27 12:02 39,936 --a------ C:\WINNT\system32\huffyuv.dll 2006-10-27 12:02 344,064 --a------ C:\WINNT\system32\msvcr70.dll 2006-10-27 12:02 338,432 --a------ C:\WINNT\system32\Ir41_qcx.dll 2006-10-27 12:02 286,720 --a------ C:\WINNT\system32\3ivxVfWCodec.dll 2006-10-27 12:02 2,024,448 --a------ C:\WINNT\system32\divx.dll 2006-10-27 12:02 19,968 --a------ C:\WINNT\system32\cpuinf32.dll 2006-10-27 12:02 157,696 --a------ C:\WINNT\system32\unrar.dll 2006-10-27 12:02 151,552 --a------ C:\WINNT\system32\xvidvfw.dll 2006-10-27 12:02 151,552 --a------ C:\WINNT\system32\Npindeo.dll 2006-10-27 12:02 144,384 --a------ C:\WINNT\system32\Iacenc.dll 2006-10-27 12:02 1,650,688 --a------ C:\WINNT\system32\mplva6.dll 2006-10-27 12:02 1,581,056 --a------ C:\WINNT\system32\mplvw7.dll 2006-10-27 12:02 1,552,384 --a------ C:\WINNT\system32\mplvm6.dll 2006-10-27 12:02 1,122,304 --a------ C:\WINNT\system32\mplvpx.dll 2006-10-27 12:02 1,024,000 --a------ C:\WINNT\system32\3ivx.dll 2006-10-26 19:04 528,384 C:\WINNT\system32Astro Gemini Screensaver Manager.scr 2006-10-26 11:13 118,804 --a------ C:\WINNT\system32\kfqmjylv.dll 2006-10-25 11:12 118,804 --a------ C:\WINNT\system32\viogtsqe.dll 2006-10-24 14:01 67,604 --a------ C:\WINNT\system32\jhrkykng.exe 2006-10-24 14:01 118,804 --a------ C:\WINNT\system32\quxvqvda.dll 2006-10-21 23:48 395,776 --a------ C:\WINNT\system32\libmplayer.dll 2006-10-21 23:48 34,820 --a------ C:\WINNT\system32\ffdshow.reg 2006-10-21 23:48 262,144 --a------ C:\WINNT\system32\TomsMoComp_ff.dll 2006-10-21 23:48 2,255,360 --a------ C:\WINNT\system32\libavcodec.dll 2006-10-21 23:48 112,640 --a------ C:\WINNT\system32\libmpeg2_ff.dll 2006-10-21 12:22 947,472 --a------ C:\WINNT\system32\msjava.dll 2006-10-21 12:22 46,352 --a------ C:\WINNT\setdebug.exe 2006-10-21 12:22 313,856 --a------ C:\WINNT\system32\dx3j.dll 2006-10-21 12:22 286,992 --a------ C:\WINNT\system32\vmhelper.dll 2006-10-21 12:22 21,264 --a------ C:\WINNT\system32\msjdbc10.dll 2006-10-21 12:22 172,304 --a------ C:\WINNT\system32\jview.exe 2006-10-21 12:22 171,792 --a------ C:\WINNT\system32\wjview.exe 2006-10-21 12:22 171,280 --a------ C:\WINNT\system32\jit.dll 2006-10-21 12:22 154,384 --a------ C:\WINNT\system32\msawt.dll 2006-10-21 12:22 15,120 --a------ C:\WINNT\system32\jdbgmgr.exe 2006-10-21 12:22 139,536 --a------ C:\WINNT\system32\javaee.dll 2006-10-21 12:22 113 --a------ C:\WINNT\system32\zonedon.reg 2006-10-21 12:22 113 --a------ C:\WINNT\system32\zonedoff.reg 2006-10-21 12:21 63,248 --a------ C:\WINNT\system32\javaprxy.dll 2006-10-21 12:21 49,424 --a------ C:\WINNT\system32\clspack.exe 2006-10-21 12:21 404,752 --a------ C:\WINNT\system32\javart.dll 2006-10-21 12:21 187,152 --a------ C:\WINNT\system32\javacypt.dll 2006-10-02 16:53 45,525 --a------ C:\WINNT\system32\tddgdhlf.dll 2006-10-01 13:19 45,525 --a------ C:\WINNT\system32\iukiejvn.dll 2006-09-30 22:15 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll 2006-09-30 15:32 30,768 --a------ C:\WINNT\system32\drivers\disk.sys 2006-09-30 15:32 21,552 --a------ C:\WINNT\system32\drivers\USBSTOR.SYS 2006-09-29 17:32 73,748 --a------ C:\WINNT\system32\tuqvjlln.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-27 21:38 -------- d-------- C:\Program Files\Hitman Pro 2006-10-27 21:18 -------- d-------- C:\Program Files\SpywareBlaster 2006-10-27 21:16 -------- d-a------ C:\Program Files\Spyware Doctor 2006-10-27 20:41 -------- d-------- C:\Program Files\3D Spooky Halloween Screensaver 2006-10-27 19:42 -------- d-------- C:\Program Files\TrueCodec 2006-10-27 14:00 -------- d-a------ C:\Program Files\ewido anti-spyware 4.0 2006-10-27 12:19 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic 2006-10-27 12:02 -------- d-------- C:\Program Files\K-Lite Codec Pack 2006-10-27 11:09 -------- d-------- C:\Program Files\Google 2006-10-26 19:46 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Starware316 2006-10-26 19:04 -------- d-------- C:\Program Files\Astro Gemini Software 2006-10-26 19:02 -------- d-------- C:\Program Files\Starware316 2006-10-26 11:13 1243189 ---hs---- C:\WINNT\system32\hjjlm.bak2 2006-10-23 19:34 -------- d-------- C:\Program Files\QuickTime 2006-10-22 15:18 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-22 15:16 -------- d-------- C:\Program Files\eMule 2006-10-22 15:15 -------- d-------- C:\Program Files\IrfanView 2006-10-21 23:48 -------- d-------- C:\Program Files\Cucusoft 2006-10-21 23:44 -------- d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter 2006-10-21 23:02 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2006-10-21 21:56 -------- d-------- C:\Program Files\WinAVIVideoConverter 2006-10-21 13:43 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Skype 2006-10-21 12:28 -------- d-------- C:\Program Files\Common Files\System 2006-10-21 12:24 -------- d-------- C:\Program Files\NetMeeting 2006-10-21 12:22 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared 2006-10-21 12:22 -------- d-a------ C:\Program Files\Common Files 2006-10-21 12:22 -------- d--h----- C:\Program Files\Uninstall Information 2006-10-21 12:22 -------- d-------- C:\Program Files\Windows Media Player 2006-10-21 12:22 -------- d-------- C:\Program Files\Outlook Express 2006-10-21 12:22 -------- d-------- C:\Program Files\Internet Explorer 2006-10-20 12:09 -------- d-------- C:\Program Files\LitexMedia 2006-10-19 13:27 -------- d-------- C:\Program Files\Common Files\Adaptec Shared 2006-10-18 16:14 -------- d-------- C:\Program Files\EasyCleaner 2006-10-01 16:52 -------- d-------- C:\Program Files\LimeWire 2006-09-30 22:17 -------- d-------- C:\Program Files\PacificPoker 2006-09-30 19:56 -------- d-------- C:\Program Files\Java 2006-09-30 19:53 -------- d-------- C:\Program Files\Common Files\Java 2006-09-29 17:33 778656 --a------ C:\WINNT\system32\drivers\avg7core.sys 2006-09-28 17:28 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Google 2006-09-25 20:08 143380 --a------ C:\WINNT\system32\lbjdjskr.exe 2006-09-24 18:13 51072 --a------ C:\WINNT\system32\drivers\ikhlayer.sys 2006-09-23 13:13 -------- d-------- C:\Documents and Settings\Administrator\Application Data\BearShare 2006-09-12 13:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE 2006-09-12 13:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE 2006-09-06 06:58 1110528 --a------ C:\WINNT\system32\msxml3.dll 2006-08-28 10:44 530192 --a------ C:\WINNT\system32\comctl32.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe /logon" "LoadQM"="loadqm.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SoundMan"="SOUNDMAN.EXE" "DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit" "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex] @="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,2c,01,00,00,00,00,00,00,d4,02,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" "Spyware Doctor"="" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 "CDRAutoRun"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "isamonitor.exe"="C:\\Program Files\\TrueCodec\\isamonitor.exe" "pmsngr.exe"="C:\\Program Files\\TrueCodec\\pmsngr.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: Fri 2006-10-27 21:40:37.01 ComboFix.txt ComboFix2.txt ComboFix3.txt
  • Wil je eerst HITMANPRO even verwijderen met alle componenten aub die kan de fix in de weg zitten. Start HJT opnieuw en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked. [b:8d9d99ef5d]O2 - BHO: (no name) - {1D359F31-6328-4ED3-9408-503F707E1D21} - C:\WINNT\system32\mljjh.dll O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing) O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\TrueCodec\isaddon.dll O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file) O4 - Startup: PowerReg Scheduler.exe O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab[/b:8d9d99ef5d] [b:8d9d99ef5d]1.[/b:8d9d99ef5d] Download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix[/url] (van[b:8d9d99ef5d]S!Ri[/b:8d9d99ef5d]), en pak het uit op je bureaublad. [b:8d9d99ef5d]2.[/b:8d9d99ef5d] Print onderstaande instrukties uit of kopieer ze naar een .txt bestand. Dit, omdat de rest van de fix in veilige modus is en je hier dus niet meer kan terugzoeken. [b:8d9d99ef5d]3.[/b:8d9d99ef5d] Start op in [url=http://www.virushelp.nl/veilige_modus.htm][color=Blue:8d9d99ef5d]Veilige modus[/color:8d9d99ef5d][/url] [b:8d9d99ef5d]4.[/b:8d9d99ef5d] Open de map [b:8d9d99ef5d]smitfraudfix[/b:8d9d99ef5d] en dubbelklik op [b:8d9d99ef5d]smitfraudfix.cmd[/b:8d9d99ef5d] [list:8d9d99ef5d]* Kies optie #2 - [b:8d9d99ef5d]Clean[/b:8d9d99ef5d] door[b:8d9d99ef5d]2[/b:8d9d99ef5d] te typen, en druk op "[b:8d9d99ef5d]Enter[/b:8d9d99ef5d]" om de geïnfecteerde bestanden te verwijderen. [i:8d9d99ef5d]Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?"[/i:8d9d99ef5d] * Antwoord "yes" door [b:8d9d99ef5d]y[/b:8d9d99ef5d] te typen en druk op "Enter". (Als je pc daarna niet herstart, start hem dan handmatig terug op in normale modus) [i:8d9d99ef5d]Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.[/i:8d9d99ef5d] * Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.[/list:u:8d9d99ef5d] [i:8d9d99ef5d]Er zal een tekstbestandje openen met de resultaten van de fix. [/i:8d9d99ef5d] [b:8d9d99ef5d]5.[/b:8d9d99ef5d] Post de inhoud van dit bestandje in je volgende antwoord, samen met een Hijackthis-logje. (Je kan het rapport ook vinden in c:\rapport.txt) Doe ook nog even Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe][b:8d9d99ef5d][color=blue:8d9d99ef5d]Dr.Web CureIt[/color:8d9d99ef5d][/b:8d9d99ef5d][/url] naar je Bureaublad:[list:8d9d99ef5d][*:8d9d99ef5d]Dubbelklik [b:8d9d99ef5d]drweb-cureit.exe[/b:8d9d99ef5d] Klik op udate [*:8d9d99ef5d]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten. [*:8d9d99ef5d]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de [b:8d9d99ef5d]Yes to all[/b:8d9d99ef5d] knop bij de vraag 'cure it?'. Dit is enkel een korte scan. [*:8d9d99ef5d]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen. [*:8d9d99ef5d]Selecteer hier [b:8d9d99ef5d]alle drives[/b:8d9d99ef5d]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. [*:8d9d99ef5d]Klik daarna de [b:8d9d99ef5d]groene pijl[/b:8d9d99ef5d] rechts om de scan te starten. [*:8d9d99ef5d]Klik [b:8d9d99ef5d]Yes to all[/b:8d9d99ef5d] wanneer er gevraagd wordt om cure of move uit te voeren. [*:8d9d99ef5d]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:8d9d99ef5d]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:8d9d99ef5d] [*:8d9d99ef5d]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:8d9d99ef5d]Move incurable[/b:8d9d99ef5d] zoals je hier ziet: [img:8d9d99ef5d]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:8d9d99ef5d] Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is. [*:8d9d99ef5d]Nadat de scan gedaan is, in het menu bovenaan, klik [b:8d9d99ef5d]File[/b:8d9d99ef5d] en kies [b:8d9d99ef5d]Save report List[/b:8d9d99ef5d]. Bewaar het op je Bureaublad. [*:8d9d99ef5d]Sluit daarna Dr.Web Cureit. [*:8d9d99ef5d][b:8d9d99ef5d]Herstart[/b:8d9d99ef5d] je computer!! [i:8d9d99ef5d]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:8d9d99ef5d]. [*:8d9d99ef5d]Na het herstarten, [b:8d9d99ef5d]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:8d9d99ef5d]. [/list:u:8d9d99ef5d] Negeer popups over Buy of 50% korting Aub nieuw HJT logje en het logje van Dr.web plus het rapport Succes J

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.