Vraag & Antwoord

Beveiliging & privacy

virus

34 antwoorden
  • Hallo, Heb Spybot laten scannen, en hij vond Banker. Fat. Heb hem laten fixen, en in het register weg gehaald, maar elke keer krijg ik hem terug. Kan i. e niet opstarten en enle ander programmas. Wie weet hoe ik dit kan oplossen. thanx Darunia :)
  • Best dat je een hijackthislog maakt en deze post. Dan kunnen we zien wat er juist aan de hand is.
  • hallo, Hier mijn logfile. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:19:19, on 12-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe c:\program files\internet explorer\iexplore.exe c:\program files\mozilla firefox\firefox.exe c:\windows\explorer.exe c:\documents and settings\boss hogg\bureaublad\hijackthis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll (file missing) O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170494849734 O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1366B1-5C01-4545-9F9B-B027DD907521}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4729 bytes Hoop dat dit genoeg, en dat je wat kan vinden wat er niet thuis hoort Thanx Darunia
  • Laat we proberen Darunia. Sluit alle open vensters. Start HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:a9309b975a]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: H - {DF5986C1-3B7F-401d-B0C1-C270097F7040} - sc2.dll (file missing)[/b:a9309b975a] Klik daarna op "Fix checked" en sluit HijackThis af. Download SDFix: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Plaats het op je bureaublad en dubbelklik erop om de bestanden uit te pakken. (meestal C:\SDFix) Start de computer op in veilige modus. Hoe je dit doet kan je [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] lezen. Open de map c:\SDFix en dubbelklik op RunThis.bat om de tool te starten. In het scherm dat verschijnt druk je op Y om verwijderprocedure te starten. Wanneer je de vraag krijgt om een toets in te drukken om de computer te herstarten doe je dit. Na herstart krijg loopt het tweede deel van het cleaningsprocess. Wanneer je de melding krijgt FINISHED, druk je op een toets. Er opent dan een kladblokbestandje. Post de inhoud van dit bestandje. Maak een nieuwe hijackthislog en post deze ook.
  • Hi m@rc, Hier is de post van sdfix: SDFix: Version 1.98 Run by Boss Hogg on zo 12-08-2007 at 18:49 Microsoft Windows XP [versie 5.1.2600] Running From: C:\DOWNLO~1\sdfix\SDFix Safe Mode: Checking Services: Name: msupdate ImagePath: c:\windows\system32\vhosts.exe msupdate - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted C:\WINDOWS\system32\LB8D4.tmp.exe - Deleted C:\WINDOWS\system32\LBCE.tmp.exe - Deleted C:\Documents and Settings\Boss Hogg\Application Data\Install.dat - Deleted C:\WINDOWS\system32\help.txt - Deleted C:\WINDOWS\system32\Kernel32.exe - Deleted C:\WINDOWS\system32\mssrv32.exe - Deleted C:\WINDOWS\system32\ps.dat - Deleted C:\WINDOWS\system32\sc2.dll - Deleted C:\WINDOWS\system32\vhosts.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Backups Folder: - C:\DOWNLO~1\sdfix\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Boss Hogg\Local Settings\Application Data\Microsoft\Messenger\peppiezoektkokkie@hotmail.com\Sharing Folders\riems.bogers@hccnet.nl\Thumbs.db C:\Documents and Settings\Boss Hogg\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll C:\WINDOWS\system32\abfadbaddde_s.dll C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished En hier de logfile: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:08:13, on 12-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe c:\windows\system32\notepad.exe c:\program files\mozilla firefox\firefox.exe c:\program files\grisoft\avg7\avgcc.exe c:\documents and settings\boss hogg\bureaublad\hijackthis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170494849734 O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1366B1-5C01-4545-9F9B-B027DD907521}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing) O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4044 bytes thanx Darunia
  • Hallo Darunia, Je logje ziet er weer goed uit. Update je AV-programma en laat de volledige computer controleren op aanwezigheid van malware. Wordt er nog wat gevonden dan laat je dit verwijderen. Meldt even of er nog problemen zijn.
  • Hi . heb mijn AV geupdated en laten draaien, hij vond een trjoan horse: PSW. Banker3.WDB, de AV heeft hem ver- wijderd, maar kan nog steeds niet internetbrowser IE opstarten. weet jij hoet ik dit kan oplossen. thanx Darunia :)
  • Hoe bedoel je? Krijg je een foutmelding?
  • ls ik op het internet wil dan gebruik ik normaal i.e. 6.0. gelukkig heb ik ook nog mozilla anders kon ik helemaal het internet niet op. sinds ik last van die bankers3 had. kon ik via i.e.6.0 niet het internet op. Heb eht trouwens met meerdere programmaicoontje zodra ik die aanklik start het programma niet op. Darunia
  • Krijg je een foutmelding wanneer je IE start?
  • nee, niks. zodra ik het icoontje aanklik dan zie je dat die wil gaan laden en dan stopt die weer.
  • Niks geen melding? Ook niet dat de pagina niet gevonden kan worden of een foutmelding? Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Plaats het op je bureaublad. Dubbelklik er op om het programma te starten. In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren. Volg de instructies op het scherm. Als het tooltje klaar is, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • m@rc, hier is de combofixlog: ComboFix 07-08-09.3 - "Boss Hogg" 2007-08-12 20:46:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.44 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 ))))))))))))))))))))))))))))))) 2007-08-12 20:45 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-12 18:49 <DIR> d-------- C:\WINDOWS\ERUNT 2007-08-12 18:33 <DIR> dr-h----- C:\DOCUME~1\BOSSHO~1\Onlangs geopend 2007-08-09 21:17 <DIR> d-------- C:\Program Files\InterMute 2007-08-09 20:51 <DIR> d-------- C:\WINDOWS\Spy Sweeper 3.5.x FIX 2007-08-09 17:03 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-08-06 13:01 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-08-04 14:28 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.0 2007-08-04 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-07-31 13:07 4,980,736 --a------ C:\DOCUME~1\BOSSHO~1\ntuser.dat 2007-07-30 10:47 <DIR> d-------- C:\WINDOWS\system32\logz2 2007-07-29 13:12 3,287,754 --a------ C:\WINDOWS\AirForce.dat 2007-07-29 12:51 <DIR> d-------- C:\Program Files\Webshots 2007-07-28 11:18 <DIR> d-------- C:\WINDOWS\system32\logz2(2) 2007-07-25 17:49 20,480 --a------ C:\WINDOWS\system32\Ldrcrpt.dat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-12 18:24 --------- d-------- C:\Program Files\DivX 2007-08-09 13:43 --------- d-------- C:\DOCUME~1\BOSSHO~1\APPLIC~1\LimeWire 2007-08-09 00:00 --------- d-------- C:\Program Files\MSN Messenger 2007-08-07 20:00 671744 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-07 20:00 1028608 --a--c--- C:\WINDOWS\system32\dllcache\kernel32.dll 2007-08-06 14:49 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-06 14:49 --------- d-------- C:\Program Files\InterVideo 2007-08-06 14:48 --------- d-------- C:\Program Files\Common Files\InterVideo 2007-08-06 14:47 --------- d-------- C:\Program Files\InterActual 2007-08-06 12:11 --------- d-------- C:\DOCUME~1\BOSSHO~1\APPLIC~1\Lavasoft 2007-07-31 09:53 3136 --a------ C:\WINDOWS\system32\vscan.dat 2007-07-28 11:43 671744 --a------ C:\WINDOWS\system32\wininet(2)(2)(2).dll 2007-07-28 11:43 1028608 --a------ C:\WINDOWS\system32\kernel32(2)(2)(2).dll 2007-07-27 06:15 54624 --a------ C:\WINDOWS\system32\perfc013.dat 2007-07-27 06:15 367714 --a------ C:\WINDOWS\system32\perfh013.dat 2007-06-12 17:13 --------- d-------- C:\DOCUME~1\BOSSHO~1\APPLIC~1\InterVideo 2007-06-12 17:08 --------- d-------- C:\Program Files\InterVideo Information Service 2007-06-12 17:06 --------- d-------- C:\Program Files\CyberLink 2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe 2007-05-05 23:18 81920 --a------ C:\DOCUME~1\BOSSHO~1\APPLIC~1\ezpinst.exe 2007-05-05 23:18 47360 --a------ C:\DOCUME~1\BOSSHO~1\APPLIC~1\pcouffin.sys 2007-05-05 17:04 87608 --a------ C:\DOCUME~1\BOSSHO~1\APPLIC~1\inst.exe 2007-03-22 21:44:28 5 --sha-w C:\WINDOWS\system32\abfadbaddde_s.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\System32\wmfhotfix.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= :\WINDOWS\system32\srr [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk] backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk] backup=C:\WINDOWS\pss\PCzapper Media Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hitman Pro Expiration Helper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssrv32] c:\windows\system32\mssrv32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager] smanager.7.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] VTtrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnsvc"=3 (0x3) "svcWRSSSDK"=2 (0x2) "SDhelper"=3 (0x3) "RichVideo"=2 (0x2) "NOD32krn"=2 (0x2) R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5.sys R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys Contents of the 'Scheduled Tasks' folder 2007-02-24 00:01:16 C:\WINDOWS\Tasks\RegistryMedicAuotScan.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 20:48:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-12 20:49:43 --- E O F --- En de hijackthislog: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:52, on 12-8-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\svchost.exe c:\program files\mozilla firefox\firefox.exe C:\WINDOWS\explorer.exe c:\windows\system32\notepad.exe c:\documents and settings\boss hogg\bureaublad\hijackthis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170494849734 O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1366B1-5C01-4545-9F9B-B027DD907521}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing) O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4045 bytes greetz Darunia
  • [quote:3386c3f3cf="M@rc"]Niks geen melding? Ook niet dat de pagina niet gevonden kan worden of een foutmelding? [/quote:3386c3f3cf] ??? Je weet dat je OpenDNS servers gebruikt?
  • wat houdt dat in , ben er niet bekend mee
  • Kijk eens of IeFix het probleem kan oplossen. Download hier IeFix: http://windowsxp.mvps.org/IEFIX.htm Volg de instructies.
  • heb het gedaan, maar nog niet goed. gisteren lade i.e op en gaf een fout aan met de vermelding: ongeldige syntaxis. waar kan dit aan liggen Darunia :)
  • Krijg je die melding op elke pagina of niet? Als je de melding wegklikt, laadt de pagina dan?
  • de foutmelding komt linksboven de werkbalk te staan. als i e. is opgestart dan krijg ik de pagina waar vermeld in staat kan de pagina niet vinden. zodra ik op home klik dan sluit de browser zich, en kan hem daarna niet meer opstarten. of ik moet de pc opnieuw opstarten. Darunia
  • Geen idee wat de oorzaak is. Ik zou proberen om IE7 eens te installeren.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.