Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

virus

None
34 antwoorden
  • Hallo,

    Heb Spybot laten scannen, en hij vond Banker. Fat.
    Heb hem laten fixen, en in het register weg gehaald,
    maar elke keer krijg ik hem terug.
    Kan i. e niet opstarten en enle ander programmas.
    Wie weet hoe ik dit kan oplossen.
    thanx Darunia :)
  • Best dat je een hijackthislog maakt en deze post.
    Dan kunnen we zien wat er juist aan de hand is.
  • hallo,

    Hier mijn logfile.



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:19:19, on 12-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\internet explorer\iexplore.exe
    c:\program files\mozilla firefox\firefox.exe
    c:\windows\explorer.exe
    c:\documents and settings\boss hogg\bureaublad\hijackthis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll (file missing)
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170494849734
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1366B1-5C01-4545-9F9B-B027DD907521}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 4729 bytes

    Hoop dat dit genoeg, en dat je wat kan vinden wat er niet thuis hoort

    Thanx Darunia
  • Laat we proberen Darunia.

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:a9309b975a]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll (file missing)[/b:a9309b975a]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download SDFix: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Plaats het op je bureaublad en dubbelklik erop om de bestanden uit te pakken. (meestal C:\SDFix)
    Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
    Open de map c:\SDFix en dubbelklik op RunThis.bat om de tool te starten.
    In het scherm dat verschijnt druk je op Y om verwijderprocedure te starten.
    Wanneer je de vraag krijgt om een toets in te drukken om de computer te herstarten doe je dit.
    Na herstart krijg loopt het tweede deel van het cleaningsprocess. Wanneer je de melding krijgt FINISHED, druk je op een toets. Er opent dan een kladblokbestandje. Post de inhoud van dit bestandje.

    Maak een nieuwe hijackthislog en post deze ook.
  • Hi m@rc,

    Hier is de post van sdfix:


    SDFix: Version 1.98

    Run by Boss Hogg on zo 12-08-2007 at 18:49

    Microsoft Windows XP [versie 5.1.2600]

    Running From: C:\DOWNLO~1\sdfix\SDFix

    Safe Mode:
    Checking Services:

    Name:
    msupdate

    ImagePath:
    c:\windows\system32\vhosts.exe

    msupdate - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting…


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted
    C:\WINDOWS\system32\LB8D4.tmp.exe - Deleted
    C:\WINDOWS\system32\LBCE.tmp.exe - Deleted
    C:\Documents and Settings\Boss Hogg\Application Data\Install.dat - Deleted
    C:\WINDOWS\system32\help.txt - Deleted
    C:\WINDOWS\system32\Kernel32.exe - Deleted
    C:\WINDOWS\system32\mssrv32.exe - Deleted
    C:\WINDOWS\system32\ps.dat - Deleted
    C:\WINDOWS\system32\sc2.dll - Deleted
    C:\WINDOWS\system32\vhosts.exe - Deleted



    Removing Temp Files…

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32
    toskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ——————



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    Remaining Files:
    —————

    Backups Folder: - C:\DOWNLO~1\sdfix\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\Boss Hogg\Local Settings\Application Data\Microsoft\Messenger\peppiezoektkokkie@hotmail.com\Sharing Folders\riems.bogers@hccnet.nl\Thumbs.db
    C:\Documents and Settings\Boss Hogg\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll
    C:\WINDOWS\system32\abfadbaddde_s.dll
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

    Finished

    En hier de logfile:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 19:08:13, on 12-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\windows\system32
    otepad.exe
    c:\program files\mozilla firefox\firefox.exe
    c:\program files\grisoft\avg7\avgcc.exe
    c:\documents and settings\boss hogg\bureaublad\hijackthis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170494849734
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1366B1-5C01-4545-9F9B-B027DD907521}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 4044 bytes

    thanx Darunia
  • Hallo Darunia,

    Je logje ziet er weer goed uit.
    Update je AV-programma en laat de volledige computer controleren op aanwezigheid van malware. Wordt er nog wat gevonden dan laat je dit verwijderen.
    Meldt even of er nog problemen zijn.
  • Hi .

    heb mijn AV geupdated en laten draaien, hij vond een
    trjoan horse: PSW. Banker3.WDB, de AV heeft hem ver-
    wijderd, maar kan nog steeds niet internetbrowser IE
    opstarten.
    weet jij hoet ik dit kan oplossen.

    thanx Darunia :)
  • Hoe bedoel je?
    Krijg je een foutmelding?
  • ls ik op het internet wil dan gebruik ik normaal i.e. 6.0. gelukkig heb ik
    ook nog mozilla anders kon ik helemaal het internet niet op.
    sinds ik last van die bankers3 had. kon ik via i.e.6.0 niet het internet op.
    Heb eht trouwens met meerdere programmaicoontje zodra ik die aanklik
    start het programma niet op.

    Darunia
  • Krijg je een foutmelding wanneer je IE start?
  • nee, niks.

    zodra ik het icoontje aanklik dan zie je dat die wil gaan laden en dan stopt die weer.
  • Niks geen melding?
    Ook niet dat de pagina niet gevonden kan worden of een foutmelding?

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • m@rc,

    hier is de combofixlog:
    ComboFix 07-08-09.3 - "Boss Hogg" 2007-08-12 20:46:44.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.44 [GMT 2:00]


    ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


    2007-08-12 20:45 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-08-12 18:49 <DIR> d——– C:\WINDOWS\ERUNT
    2007-08-12 18:33 <DIR> dr-h—– C:\DOCUME~1\BOSSHO~1\Onlangs geopend
    2007-08-09 21:17 <DIR> d——– C:\Program Files\InterMute
    2007-08-09 20:51 <DIR> d——– C:\WINDOWS\Spy Sweeper 3.5.x FIX
    2007-08-09 17:03 76,560 –a—— C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-08-06 13:01 28,672 –a—— C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-08-04 14:28 <DIR> d——– C:\Program Files\Thoosje Sidebar V2.0
    2007-08-04 12:59 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-07-31 13:07 4,980,736 –a—— C:\DOCUME~1\BOSSHO~1
    tuser.dat
    2007-07-30 10:47 <DIR> d——– C:\WINDOWS\system32\logz2
    2007-07-29 13:12 3,287,754 –a—— C:\WINDOWS\AirForce.dat
    2007-07-29 12:51 <DIR> d——– C:\Program Files\Webshots
    2007-07-28 11:18 <DIR> d——– C:\WINDOWS\system32\logz2(2)
    2007-07-25 17:49 20,480 –a—— C:\WINDOWS\system32\Ldrcrpt.dat


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-12 18:24 ——— d——– C:\Program Files\DivX
    2007-08-09 13:43 ——— d——– C:\DOCUME~1\BOSSHO~1\APPLIC~1\LimeWire
    2007-08-09 00:00 ——— d——– C:\Program Files\MSN Messenger
    2007-08-07 20:00 671744 –a–c— C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-07 20:00 1028608 –a–c— C:\WINDOWS\system32\dllcache\kernel32.dll
    2007-08-06 14:49 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-08-06 14:49 ——— d——– C:\Program Files\InterVideo
    2007-08-06 14:48 ——— d——– C:\Program Files\Common Files\InterVideo
    2007-08-06 14:47 ——— d——– C:\Program Files\InterActual
    2007-08-06 12:11 ——— d——– C:\DOCUME~1\BOSSHO~1\APPLIC~1\Lavasoft
    2007-07-31 09:53 3136 –a—— C:\WINDOWS\system32\vscan.dat
    2007-07-28 11:43 671744 –a—— C:\WINDOWS\system32\wininet(2)(2)(2).dll
    2007-07-28 11:43 1028608 –a—— C:\WINDOWS\system32\kernel32(2)(2)(2).dll
    2007-07-27 06:15 54624 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-07-27 06:15 367714 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-06-12 17:13 ——— d——– C:\DOCUME~1\BOSSHO~1\APPLIC~1\InterVideo
    2007-06-12 17:08 ——— d——– C:\Program Files\InterVideo Information Service
    2007-06-12 17:06 ——— d——– C:\Program Files\CyberLink
    2007-05-15 09:45 972336 –a—— C:\WINDOWS\UNNeroVision.exe
    2007-05-05 23:18 81920 –a—— C:\DOCUME~1\BOSSHO~1\APPLIC~1\ezpinst.exe
    2007-05-05 23:18 47360 –a—— C:\DOCUME~1\BOSSHO~1\APPLIC~1\pcouffin.sys
    2007-05-05 17:04 87608 –a—— C:\DOCUME~1\BOSSHO~1\APPLIC~1\inst.exe
    2007-03-22 21:44:28 5 –sha-w C:\WINDOWS\system32\abfadbaddde_s.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\System32\wmfhotfix.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= :\WINDOWS\system32\srr

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk]
    backup=C:\WINDOWS\pss\PCzapper Media Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
    C:\WINDOWS\System32\LXSUPMON.EXE RUN

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssrv32]
    c:\windows\system32\mssrv32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]
    smanager.7.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
    VTtrayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "usnsvc"=3 (0x3)
    "svcWRSSSDK"=2 (0x2)
    "SDhelper"=3 (0x3)
    "RichVideo"=2 (0x2)
    "NOD32krn"=2 (0x2)

    R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
    S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys
    S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
    S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers
    mwcd.sys
    S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers
    mwcdc.sys
    S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers
    mwcdcj.sys
    S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers
    mwcdcm.sys


    Contents of the 'Scheduled Tasks' folder
    2007-02-24 00:01:16 C:\WINDOWS\Tasks\RegistryMedicAuotScan.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-12 20:48:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-12 20:49:43

    — E O F —

    En de hijackthislog:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:52, on 12-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\mozilla firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    c:\windows\system32
    otepad.exe
    c:\documents and settings\boss hogg\bureaublad\hijackthis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170494849734
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1366B1-5C01-4545-9F9B-B027DD907521}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 4045 bytes


    greetz Darunia
  • [quote:3386c3f3cf="M@rc"]Niks geen melding?
    Ook niet dat de pagina niet gevonden kan worden of een foutmelding?
    [/quote:3386c3f3cf]
    ???


    Je weet dat je OpenDNS servers gebruikt?
  • wat houdt dat in , ben er niet bekend mee
  • Kijk eens of IeFix het probleem kan oplossen.
    Download hier IeFix:
    http://windowsxp.mvps.org/IEFIX.htm
    Volg de instructies.
  • heb het gedaan, maar nog niet goed.
    gisteren lade i.e op en gaf een fout aan met de
    vermelding: ongeldige syntaxis.
    waar kan dit aan liggen


    Darunia
    :)
  • Krijg je die melding op elke pagina of niet?
    Als je de melding wegklikt, laadt de pagina dan?
  • de foutmelding komt linksboven de werkbalk te staan.
    als i e. is opgestart dan krijg ik de pagina waar vermeld in staat
    kan de pagina niet vinden. zodra ik op home klik dan sluit de
    browser zich, en kan hem daarna niet meer opstarten. of ik
    moet de pc opnieuw opstarten.

    Darunia
  • Geen idee wat de oorzaak is.
    Ik zou proberen om IE7 eens te installeren.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.