Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

worm agobot-ku?

jorte
8 antwoorden
  • Met Spybot controlleerde ik mijn opstart gegevens.
    Daarbij gaf het bij RunOnceEx aan dat dit een entry was van Agobot-ku worm. Ik vind dat wat raar om eerlijk te zijn, die worm is oud en ik draai steeds norton en die ziet nix. In de registry staat inderdaad een RunOnceExe met reg-sz, maar verder nix. Ik controleer regelmatig via "mscsonfig" of er iets raars opstart, maar daar zie/zag ik nooit wat. Om eerlijk te zijn was het meer toeval dat ik mijn opstart gegevens controleerde met spybot…
    Maar via dat toeval liep ik dus tegen RunOnceEx
    Met zoeken via google vind ik niet zoveel of er echt iets is.
    Ik aarzel, denk zelf dat het niet helemaal klopt, maar ik heb via spybot het opstarten wel gestopt (?).
    Onderstaand mijn log met de meest recente Hijack gemaakt, heel graag suggesties, vast dank.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:55:16, on 2-9-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\Program Files\Norton Internet Security\NISUM.EXE
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\WINDOWS\system32\hphmon03.exe
    D:\Program Files\iRiver\HSeries\iHPDetect.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\USBToolbox\ResModify.EXE
    D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
    D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Norton Internet Security\ccPxySvc.exe
    D:\Program Files\Norton AntiVirus
    avapsvc.exe
    D:\WINDOWS\system32\ssoftsrv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    D:\WINDOWS\system32\HPHipm09.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\ICQ\icq.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.startpagina.nl/"); (D:\Documents and

    Settings\JORIS\Application Data\Mozilla\Profiles\default\b5u0cs9z.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine",

    "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and

    Settings\JORIS\Application Data\Mozilla\Profiles\default\b5u0cs9z.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton

    AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
    O4 - HKLM\..\Run: [iHP-100] D:\Program Files\iRiver\HSeries\iHPDetect.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [EPSON PictureMate] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON

    PictureMate" /O6 "USB001" /M "PictureMate"
    O4 - HKLM\..\Run: [EPSON PictureMate (Kopie 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P27 "EPSON

    PictureMate (Kopie 1)" /O5 "LPT1:" /M "PictureMate"
    O4 - HKLM\..\Run: [ResModify] D:\Program Files\USBToolbox\ResModify.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON PictureMate] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON

    PictureMate" /M "PictureMate" /EF "HKCU"
    O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.EXE
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.EXE
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec

    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common

    Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Internet

    Security\ccPxySvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton

    AntiVirus
    avapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton

    Internet Security\NISUM.EXE
    O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common

    Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - D:\WINDOWS\SYSTEM32\ssoftsrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec

    Shared\Security Center\SymWSC.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file

    missing)


    End of file - 7871 bytes
  • Ga naar [b:24c0a7e374]Start[/b:24c0a7e374] - [b:24c0a7e374]Uitvoeren[/b:24c0a7e374] en tik in: [b:24c0a7e374]notepad.exe[/b:24c0a7e374]
    Klik op [b:24c0a7e374]OK.[/b:24c0a7e374]
    Ga in Kladblok naar Opmaak, en haal het vinkje weg voor [b:24c0a7e374]"Automatische terugloop".[/b:24c0a7e374]
    Sluit Kladblok terug af.



    plaats een nieuw HJT logje aub.
  • Is dit beter zo?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:47:48, on 2-9-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\Program Files\Norton Internet Security\NISUM.EXE
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\WINDOWS\system32\hphmon03.exe
    D:\Program Files\iRiver\HSeries\iHPDetect.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\USBToolbox\ResModify.EXE
    D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
    D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Norton Internet Security\ccPxySvc.exe
    D:\Program Files\Norton AntiVirus
    avapsvc.exe
    D:\WINDOWS\system32\ssoftsrv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    D:\WINDOWS\system32\HPHipm09.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.startpagina.nl/"); (D:\Documents and Settings\JORIS\Application Data\Mozilla\Profiles\default\b5u0cs9z.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\JORIS\Application Data\Mozilla\Profiles\default\b5u0cs9z.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
    O4 - HKLM\..\Run: [iHP-100] D:\Program Files\iRiver\HSeries\iHPDetect.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [EPSON PictureMate] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
    O4 - HKLM\..\Run: [EPSON PictureMate (Kopie 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P27 "EPSON PictureMate (Kopie 1)" /O5 "LPT1:" /M "PictureMate"
    O4 - HKLM\..\Run: [ResModify] D:\Program Files\USBToolbox\ResModify.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON PictureMate] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /M "PictureMate" /EF "HKCU"
    O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.EXE
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.EXE
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPxySvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - D:\WINDOWS\SYSTEM32\ssoftsrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


    End of file - 7841 bytes
  • Als je deze zelf in de trusted zone gezet hebt kan je ze laten staan, anders fixen.


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:5ffaeef7e8]
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    [/b:5ffaeef7e8]
    Klik op 'Fix checked' om de items te verwijderen.








    Download [b:5ffaeef7e8]Combofix[/b:5ffaeef7e8]



    naar je Bureaublad.

    Dubbelklik [b:5ffaeef7e8]Combofix.exe[/b:5ffaeef7e8]

    Volg de instructies, aanvaard de disclaimer door [b:5ffaeef7e8]1[/b:5ffaeef7e8] (continue) te typen gevolgd door [b:5ffaeef7e8]ENTER[/b:5ffaeef7e8].

    Tijdens het runnen van de fix, [b:5ffaeef7e8]NIET[/b:5ffaeef7e8] in het venster klikken, want dit zal je pc doen vasthangen.



    Wanneer de fix voltooid is en na herstart, zal de log [b:5ffaeef7e8]combofix.txt[/b:5ffaeef7e8] openen.

    Plaats dit log in je volgende post aan het einde van de fix. <<<<



    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Vast dank voor de moeite!
    Onderstaand de log:

    ComboFix 07-08-30.3 - "Joris" 2007-09-03 10:07:55.1 - [b:b87504fcf7]FAT32[/b:b87504fcf7][/color:b87504fcf7]x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.224 [GMT 2:00]
    * Created a new restore point


    ((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))


    2007-09-03 10:07 51,200 –a—— D:\WINDOWS
    ircmd.exe
    2007-09-02 21:55 <DIR> d——– D:\Program Files\Trend Micro
    2007-08-31 23:37 <DIR> d–hs—- D:\FOUND.001
    2007-08-31 18:48 <DIR> d——– D:\Fotomap


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-30 19:19 92504 –a—— D:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 –a—— D:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 –a—— D:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 –a—— D:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 –a—— D:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 –a—— D:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 –a—— D:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 –a—— D:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 –a—— D:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 203096 –a—— D:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 –a—— D:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 –a—— D:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 –a—— D:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 –a—— D:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 –a—— D:\WINDOWS\system32\dllcache\wups.dll
    2007-07-23 19:33 ——— d——– D:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    2007-07-23 19:31 ——— d——– D:\Program Files\TomTom HOME
    2007-07-23 19:31 ——— d——– D:\DOCUME~1\JORIS\APPLIC~1\InstallShield
    2007-07-04 22:41 ——— d——– D:\DOCUME~1\JORIS\APPLIC~1\COWON
    2007-07-04 21:44 ——— d——– D:\Program Files\Google
    2007-07-04 21:44 ——— d——– D:\DOCUME~1\JORIS\APPLIC~1\Google
    2007-06-26 16:15 662016 ——— D:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-26 15:58 851968 ——— D:\WINDOWS\system32\dllcache\vgx.dll
    2007-06-26 08:10 1104896 –a—— D:\WINDOWS\system32\msxml3.dll
    2007-06-26 08:10 1104896 ——— D:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 15:33 282112 –a—— D:\WINDOWS\system32\gdi32.dll
    2007-06-19 15:33 282112 ——— D:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-14 20:11 96768 ——— D:\WINDOWS\system32\dllcache\inseng.dll
    2007-06-14 20:11 616960 ——— D:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-14 20:11 55808 ——— D:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-14 20:11 532480 ——— D:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-14 20:11 474624 ——— D:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-06-14 20:11 449024 ——— D:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-14 20:11 39424 ——— D:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-06-14 20:11 357888 ——— D:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-06-14 20:11 3079680 ——— D:\WINDOWS\system32\dllcache\mshtml.dll
    2007-06-14 20:11 251392 ——— D:\WINDOWS\system32\dllcache\iepeers.dll
    2007-06-14 20:11 205312 ——— D:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-06-14 20:11 16384 ——— D:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-14 20:11 151552 ——— D:\WINDOWS\system32\dllcache\cdfview.dll
    2007-06-14 20:11 1494528 ——— D:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-06-14 20:11 146432 ——— D:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-14 20:11 1057280 ——— D:\WINDOWS\system32\dllcache\danim.dll
    2007-06-14 20:11 1023488 ——— D:\WINDOWS\system32\dllcache\browseui.dll
    2007-06-14 16:07 18432 ——— D:\WINDOWS\system32\dllcache\iedw.exe
    2007-06-13 15:24 1036800 –a—— D:\WINDOWS\explorer.exe
    2007-06-13 15:24 1036800 ——— D:\WINDOWS\system32\dllcache\explorer.exe
    2005-08-19 18:40:50 80 –sh–r D:\WINDOWS\system32\8A57C8E7FA.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-07-15 14:56]
    "ccRegVfy"="D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:50]
    "Symantec NetDriver Monitor"="D:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-12 17:41]
    "HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 18:55]
    "HPHmon03"="D:\WINDOWS\system32\hphmon03.exe" [2003-01-30 18:55]
    "iHP-100"="D:\Program Files\iRiver\HSeries\iHPDetect.exe" [2004-05-10 16:24]
    "NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50]
    "InCD"="D:\Program Files\Ahead\InCD\InCD.exe" [2003-12-12 14:43]
    "EPSON PictureMate"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.exe" [2003-10-10 05:00]
    "EPSON PictureMate (Kopie 1)"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.exe" [2003-10-10 05:00]
    "ResModify"="D:\Program Files\USBToolbox\ResModify.EXE" [2003-12-16 21:20]
    "NVMixerTray"="D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
    "ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 11:31]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "EPSON PictureMate"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.exe" [2003-10-10 05:00]
    "ATI Remote Control"="D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2003-11-20 05:10]
    "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Symantec NetDriver Warning"=D:\PROGRA~1\SYMNET~1\SNDWarn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
    path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
    backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
    path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
    backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BlueSoleil.lnk]
    path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BlueSoleil.lnk
    backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Exif Launcher.lnk]
    path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Exif Launcher.lnk
    backup=D:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HOTSYNCSHORTCUTNAME.lnk]
    path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HOTSYNCSHORTCUTNAME.lnk
    backup=D:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk]
    path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk
    backup=D:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak software updater.lnk]
    path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak software updater.lnk
    backup=D:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Joris^Menu Start^Programma's^Opstarten^Palm Registration.lnk]
    path=D:\Documents and Settings\Joris\Menu Start\Programma's\Opstarten\Palm Registration.lnk
    backup=D:\WINDOWS\pss\Palm Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    D:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    D:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "D:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    D:\Program Files\ScanSoft\OmniPageSE\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    "D:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
    "D:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" -atboottime
    "REGSHAVE"=D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    "HP Software Update"=D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    "MMTray"=D:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

    R2 ATITUNEP;ATI WDM TV Tuner;D:\WINDOWS\system32\DRIVERS\atintuxx.sys
    R2 ATIXSAudio;ATI WDM TV Audio Crossbar;D:\WINDOWS\system32\DRIVERS\atinxsxx.sys
    R2 ssoftnt4;ssoftnt4;\??\D:\WINDOWS\system32\Drivers\ssoftnt4.sys
    R2 TSKNF501.SYS;TSKNF501.SYS;\??\D:\WINDOWS\system32\Drivers\TSKNF501.SYS
    R2 TTDec;ATI WDM Teletext Decoder;D:\WINDOWS\system32\DRIVERS\ATINTTXX.sys
    R3 ativraxx;ATI WDM Rage Theater Audio;D:\WINDOWS\system32\DRIVERS\atinraxx.sys
    R3 Dot4 HPH09;Dot4 HPH09;D:\WINDOWS\system32\DRIVERS\hphid409.sys
    R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;D:\WINDOWS\system32\DRIVERS\hphipr09.sys
    R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);D:\WINDOWS\system32\Drivers\hphs2k09.sys
    R3 Dot4Usb HPH09;Dot4Usb HPH09;D:\WINDOWS\system32\drivers\hphius09.sys
    S3 3xHybrid;Pinnacle PCTV Stereo service;D:\WINDOWS\system32\DRIVERS\3xHybrid.sys
    S3 FINEPIX_PCC;FinePix Digital Camera 020523;D:\WINDOWS\system32\Drivers\V4CB0115.SYS
    S3 pctvvbi;PCTVVBI;D:\WINDOWS\system32\DRIVERS\pctvvbi.sys
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);D:\WINDOWS\system32\DRIVERS\sscdbus.sys
    S3 sscdmdfl;SAMSUNG CDMA Modem Filter;D:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    S3 sscdmdm;SAMSUNG CDMA Modem Drivers;D:\WINDOWS\system32\DRIVERS\sscdmdm.sys

    *Newly Created Service* - CATCHME

    Contents of the 'Scheduled Tasks' folder
    2007-08-31 18:00:02 D:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job - D:\PROGRA~1\NORTON~1\NAVW32.exe
    2007-09-02 19:01:46 D:\WINDOWS\Tasks\Symantec NetDetect.job - D:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-03 10:09:22
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes …

    scanning hidden autostart entries …

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    EPSON PictureMate = D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /M "PictureMate" /EF "HKCU"????????????.???_{??,????????????????a?w?????????????????????????????????????b?w?????????????%??8???????????h??w????????????z??w????????????)??|???????

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-09-03 10:09:48
    D:\ComboFix-quarantined-files.txt … 2007-09-03 10:09

    — E O F —
  • Hai,

    Mag ik nog om een nieuw HJT logje vragen en vertel even hoe het gaat.
  • Dank voor het controleren! Op zich loopt computer soepel (dus geen vreemde pop-ups, vertragingen e.d.). Onderstaand mijn verse logje.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:47:11, on 16-9-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    D:\Program Files\Norton Internet Security\NISUM.EXE
    D:\Program Files\Common Files\Symantec Shared\ccApp.exe
    D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    D:\WINDOWS\system32\hphmon03.exe
    D:\Program Files\iRiver\HSeries\iHPDetect.exe
    D:\Program Files\Ahead\InCD\InCD.exe
    D:\Program Files\USBToolbox\ResModify.EXE
    D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
    D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Norton Internet Security\ccPxySvc.exe
    D:\Program Files\Norton AntiVirus
    avapsvc.exe
    D:\WINDOWS\system32\ssoftsrv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    D:\WINDOWS\system32\HPHipm09.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Mozilla Thunderbird\thunderbird.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.startpagina.nl/"); (D:\Documents and Settings\JORIS\Application Data\Mozilla\Profiles\default\b5u0cs9z.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\JORIS\Application Data\Mozilla\Profiles\default\b5u0cs9z.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] D:\WINDOWS\system32\hphmon03.exe
    O4 - HKLM\..\Run: [iHP-100] D:\Program Files\iRiver\HSeries\iHPDetect.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [EPSON PictureMate] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
    O4 - HKLM\..\Run: [EPSON PictureMate (Kopie 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P27 "EPSON PictureMate (Kopie 1)" /O5 "LPT1:" /M "PictureMate"
    O4 - HKLM\..\Run: [ResModify] D:\Program Files\USBToolbox\ResModify.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON PictureMate] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /M "PictureMate" /EF "HKCU"
    O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.EXE
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.EXE
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPxySvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: Pml Driver - HP - D:\WINDOWS\system32\HPHipm09.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Cryptainer service (ssoftservice) - Cypherix - D:\WINDOWS\SYSTEM32\ssoftsrv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


    End of file - 7813 bytes
  • ziet er goed uit zo.
    Leeg je Temp-mappen (Let op : de mappen leegmaken, niet verwijderen !!):


    Open de verkenner ("Mijn Computer") en kies [b:2cd1284bce]Extra[/b:2cd1284bce] -> [b:2cd1284bce]Mapopties…[/b:2cd1284bce]
    Controleer onder [b:2cd1284bce]Weergave[/b:2cd1284bce] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    C:\Windows\[b:2cd1284bce]Temp [/b:2cd1284bce]
    C:\Documents and Settings\<user>\Local Settings\[b:2cd1284bce]Temp [/b:2cd1284bce]
    C:\Documents and Settings\<user>\Local Settings\[b:2cd1284bce]Temporary Internet Files [/b:2cd1284bce]
    C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files\[b:2cd1284bce]content.ie5 [/b:2cd1284bce]
    [b:2cd1284bce]<user> staat hier voor je profielnaam !! [/b:2cd1284bce]
    [i:2cd1284bce]Als de laatste map niet wordt weergegeven, ga dan naar de map Temporary Internet Files en type er [b:2cd1284bce]\content.ie5[/b:2cd1284bce] achter in de adresbalk en klik enter. [/i:2cd1284bce]

    Maak je prullenbak leeg.


    Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

    Hier nog wat tips. Beveiligings Tips

    Overbodige opstartitems verwijderen

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.