Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hyjack file

Anoniem
None
16 antwoorden
  • mijn computer doet raar en is traag heb een file erbij gezet wat te doen

    gr Cees

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:01:36, on 3-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\MSAC-FD1\MSSTAT.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Memory Stick Monitor.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02
    esources/MSNPUpld.cab


    End of file - 5447 bytes
  • Weet je zeker dat je het hele logje hebt gekopieert, ik mis namelijk onderaan een heleboel regels?
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:06:26, on 4-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\MSAC-FD1\MSSTAT.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Memory Stick Monitor.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02
    esources/MSNPUpld.cab


    End of file - 5448 bytes


    dit is alles wat er uit komt
  • Download Combofix naar je [b:6cd6c53ace]bureaublad[/b:6cd6c53ace]

    Dubbelklik op [u:6cd6c53ace]combofix.exe[/u:6cd6c53ace]
    Kies voor "Continue" door [b:6cd6c53ace]1[/b:6cd6c53ace] te typen gevolgd door [b:6cd6c53ace]ENTER[/b:6cd6c53ace].
    Tijdens het runnen van de fix, [b:6cd6c53ace]NIET[/b:6cd6c53ace] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:6cd6c53ace]combofix.txt[/b:6cd6c53ace] openen. Bewaar dit logje.

    [i:6cd6c53ace]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:6cd6c53ace]

    Plaats in je volgende antwoord het logje van combofix ([i:6cd6c53ace]combofix.txt[/i:6cd6c53ace])

    Succes!

    Pim
  • ComboFix 07-11-01.1 - Cees De Vries 2007-11-04 21:00:18.1 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Cees De Vries\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\#SharedObjects\5NTC5VTG\iforex.com
    C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\#SharedObjects\5NTC5VTG\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-04 to 2007-11-04 ))))))))))))))))))))))))))))))
    .

    2007-11-04 20:59 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-03 09:01 <DIR> d——– C:\Program Files\Trend Micro
    2007-11-01 09:35 <DIR> d——– C:\Documents and Settings\Cees De Vries\Application Data\Yahoo!
    2007-11-01 09:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-11-01 09:33 <DIR> d——– C:\Program Files\Yahoo!
    2007-10-31 19:30 462,848 –a—— C:\WINDOWS\system32\ltkrn13n.dll
    2007-10-31 19:30 450,560 –a—— C:\WINDOWS\system32\ltimg13n.dll
    2007-10-31 19:30 401,408 –a—— C:\WINDOWS\system32\lfcmp13n.dll
    2007-10-31 19:30 299,008 –a—— C:\WINDOWS\system32\ltdis13n.dll
    2007-10-31 19:30 206,336 –a—— C:\WINDOWS\system32\ltefx13n.dll
    2007-10-31 19:30 163,840 –a—— C:\WINDOWS\system32\ltfil13n.dll
    2007-10-31 19:30 69,632 –a—— C:\WINDOWS\system32\lfgif13n.dll
    2007-10-31 19:30 57,344 –a—— C:\WINDOWS\system32\lfbmp13n.dll
    2007-10-26 12:09 <DIR> d——– C:\Program Files\Google
    2007-10-15 14:58 <DIR> d——– C:\Documents and Settings\Cees De Vries\Application Data\Leadertech
    2007-10-11 12:34 <DIR> d——– C:\Documents and Settings\Cees De Vries\DoctorWeb
    2007-10-10 14:43 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
    2007-10-10 14:43 207,736 –a—— C:\WINDOWS\system32\muweb.dll
    2007-10-10 14:24 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
    2007-10-10 14:23 <DIR> d——– C:\Program Files\Microsoft Works
    2007-10-10 14:22 <DIR> d——– C:\Program Files\Microsoft.NET
    2007-10-10 14:20 <DIR> d——– C:\WINDOWS\SHELLNEW
    2007-10-10 14:19 <DIR> dr-h—– C:\MSOCache
    2007-10-10 14:19 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-10-09 10:57 <DIR> d——– C:\Program Files\MSAC-FD1
    2007-10-09 10:57 113,812 ——— C:\WINDOWS\system32\drivers\FPMSNT.SYS
    2007-10-09 10:57 73,296 ——— C:\WINDOWS\system32\drivers\sdselect.sys
    2007-10-09 10:57 26,848 ——— C:\WINDOWS\system32\drivers\sdfdc.sys
    2007-10-09 10:57 21,264 ——— C:\WINDOWS\system32\drivers\SdFloppy.sys
    2007-10-09 10:56 <DIR> d——– C:\temp\bjc1000Win2kXPv150
    2007-10-09 10:56 <DIR> d——– C:\temp
    2007-10-05 11:21 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
    2007-10-04 13:18 <DIR> d——– C:\Program Files\MSXML 4.0

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 09:57 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-10-06 07:17 ——— d—–w C:\Program Files\Java
    2007-10-03 13:28 ——— d—–w C:\Documents and Settings\Cees De Vries\Application Data\Nokia Multimedia Player
    2007-10-03 09:02 ——— d—–w C:\Documents and Settings\Cees De Vries\Application Data\Nokia
    2007-10-03 09:00 ——— d—–w C:\Documents and Settings\Cees De Vries\Application Data\Datalayer
    2007-10-03 08:58 ——— d—–w C:\Documents and Settings\Cees De Vries\Application Data\PC Suite
    2007-10-03 08:57 ——— d—–w C:\Program Files\Nokia
    2007-10-03 08:56 ——— d—–w C:\Program Files\Common Files\PCSuite
    2007-10-03 08:56 ——— d—–w C:\Program Files\Common Files\Nokia
    2007-10-03 08:56 ——— d—–w C:\Program Files\Common Files\InstallShield
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:02 824,832 —-a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:02 671,232 —-a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:02 63,488 ——w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:02 6,058,496 ——w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:02 52,224 ——w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:02 477,696 —-a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:02 459,264 ——w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:02 44,544 —-a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:02 384,512 —-a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:02 383,488 ——w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:02 3,584,512 —-a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:02 27,648 —-a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:02 267,776 ——w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:02 232,960 —-a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:02 230,400 —-a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:02 214,528 —-a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:02 193,024 —-a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:02 153,088 —-a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:02 132,608 —-a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:02 124,928 —-a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:02 105,984 —-a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:02 102,400 —-a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:02 1,152,000 —-a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:23 63,488 —-a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:23 625,152 —-a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:23 13,824 ——w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 —-a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C-Media Mixer"="Mixer.exe" [2002-04-30 08:23 C:\WINDOWS\mixer.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 13:45]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 14:29]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 10:44]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 14:49]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Memory Stick Monitor.lnk - C:\Program Files\MSAC-FD1\MSSTAT.EXE [2007-10-09 10:57:20]

    R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys
    R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-04 21:01:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fdc]
    "ImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
    "KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
    "SDImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk]
    "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
    "KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
    "SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
    .
    Voltooingstijd: 2007-11-04 21:02:34
    .
    — E O F —
  • Scan de volgende file bij jotti: http://virusscan.jotti.org/
    [b:2409727974]C:\WINDOWS\system32\drivers\FPMSNT.SYS[/b:2409727974]

    Post de uitslag van de scan in je volgende bericht.

    Herhaal dit voor:
    [b:2409727974]C:\WINDOWS\system32\drivers\Sdselect.sys [/b:2409727974]

    Kun je eens duidelijk omschrijven wat je problemen zijn?

    Pim :)
  • Service load: 0% 100%

    File: FPMSNT.SYS
    Status: OK
    MD5: b8842541c0ec22aa64148046f65a3e39
    Packers detected: -
    Bit9 reports: No threat detected (more info)


    Service load: 0% 100%

    File: sdselect.sys
    Status: OK
    MD5: 7c4b01e60c2fd76ed7bc408b87d226c3
    Packers detected: -
    Bit9 reports: No threat detected (more info)

    hij word steeds trager pim en loopt heel af en toe vast
  • Download F-Secure Blacklight: https://europe.f-secure.com/blacklight/
    Plaats het op je bureaublad.
    Dubbelklik blbeta.exe.
    Klik op "I accept the agreement".
    Klik op "Next".
    Klik op "Scan" en als het programma klaar is klik je daarna op "Next".
    Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
    Laat nog niks hernoemen.
    Op je bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen)
    Dit is het logje dat blacklight gemaakt heeft. Post het.

    Download ATF Cleaner ( van Atribune)

    Dubbelklik op [b:659ef75766]ATF cleaner[/b:659ef75766] om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
    Klik op de knop Empty Selected.

    Gebruik je ook [b:659ef75766]Firefox[/b:659ef75766] als browser:

    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords";)
    Klik op de knop Empty Selected.

    Gebruik je ook [b:659ef75766]Opera[/b:659ef75766] als browser:

    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.

    Ga naar het tabblad "Main" en klik op de knop [b:659ef75766]Exit[/b:659ef75766] om het programma af te sluiten.



    Pim :)
  • Download F-Secure Blacklight

    waar ik krijg die link niet open om te downloaden
  • Ik zie het probleem, gebruik onderstaande tool even.

    Download [b:f5f25268a9]Gmer[/b:f5f25268a9] en plaats het op je [b:f5f25268a9]bureaublad.[/b:f5f25268a9]
    - Unzip het > open de map gmer > dubbelklik op [b:f5f25268a9]gmer.exe[/b:f5f25268a9].
    - Ga naar het tabblad [u:f5f25268a9]Rootkit[/u:f5f25268a9] en klik op de [u:f5f25268a9]Scan[/u:f5f25268a9] knop.
    [i:f5f25268a9](Als een rootkit actief is, kan het zijn dat Gmer zal vragen om een scan uit te voeren. Sta dit toe.)[/i:f5f25268a9]
    - Als de scan klaar is klik je op de knop [u:f5f25268a9]Copy[/u:f5f25268a9].
    - Via CTRL+V kan je de volledige inhoud van het gmerlogje in je volgende post plakken.
  • GMER 1.0.13.12551 - http://www.gmer.net
    Rootkit scan 2007-11-08 07:42:58
    Windows 5.1.2600 Service Pack 2


    —- User code sections - GMER 1.0.13 —-

    .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1500] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 448CF2C1 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 44A6030F C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44A60290 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44A602D4 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 44A6021C C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 44A60256 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 44A6034A C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 448F1676 C:\WINDOWS\system32\IEFRAME.dll

    —- User IAT/EAT - GMER 1.0.13 —-

    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll

    —- EOF - GMER 1.0.13 —-
  • :D
  • Start hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:3c32dcd7ea]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [/b:3c32dcd7ea]

    Sluit alle openstaande vensters en klik op Fix checked.

    Hoe werkt alles inmiddels? :)

    Pim
  • Hoi Pim

    Hij is al weer stukken beter als hij was hier nog even een nieuw hyjack file

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:07:26, on 8-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\MSAC-FD1\MSSTAT.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Memory Stick Monitor.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02
    esources/MSNPUpld.cab


    End of file - 5164 bytes
  • Ziet er goed uit :)

    Verwijder Combofix:
    Ga naar start –> uitvoeren en typ:
    [b:1f6a3bcef0]Combofix /u[/b:1f6a3bcef0]

    Bevestig met ok.

    Lees deze beveiligingstips ook nog eens door:
    http://users.telenet.be/marcvn/spyware/1564073.htm

    Pim
  • ok pim is werwijdert wederom weer bedankt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.