Vraag & Antwoord

Beveiliging & privacy

hyjack file

16 antwoorden
  • mijn computer doet raar en is traag heb een file erbij gezet wat te doen gr Cees Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:01:36, on 3-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\MSAC-FD1\MSSTAT.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Memory Stick Monitor.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab -- End of file - 5447 bytes
  • Weet je zeker dat je het hele logje hebt gekopieert, ik mis namelijk onderaan een heleboel regels?
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:06:26, on 4-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\MSAC-FD1\MSSTAT.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Memory Stick Monitor.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab -- End of file - 5448 bytes dit is alles wat er uit komt
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:6cd6c53ace]bureaublad[/b:6cd6c53ace] Dubbelklik op [u:6cd6c53ace]combofix.exe[/u:6cd6c53ace] Kies voor "Continue" door [b:6cd6c53ace]1[/b:6cd6c53ace] te typen gevolgd door [b:6cd6c53ace]ENTER[/b:6cd6c53ace]. Tijdens het runnen van de fix, [b:6cd6c53ace]NIET[/b:6cd6c53ace] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:6cd6c53ace]combofix.txt[/b:6cd6c53ace] openen. Bewaar dit logje. [i:6cd6c53ace]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:6cd6c53ace] Plaats in je volgende antwoord het logje van combofix ([i:6cd6c53ace]combofix.txt[/i:6cd6c53ace]) Succes! Pim
  • ComboFix 07-11-01.1 - Cees De Vries 2007-11-04 21:00:18.1 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Cees De Vries\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\#SharedObjects\5NTC5VTG\iforex.com C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\#SharedObjects\5NTC5VTG\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol . (((((((((((((((((((( Bestanden Gemaakt van 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))) . 2007-11-04 20:59 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-03 09:01 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-01 09:35 <DIR> d-------- C:\Documents and Settings\Cees De Vries\Application Data\Yahoo! 2007-11-01 09:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-11-01 09:33 <DIR> d-------- C:\Program Files\Yahoo! 2007-10-31 19:30 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2007-10-31 19:30 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2007-10-31 19:30 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2007-10-31 19:30 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2007-10-31 19:30 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2007-10-31 19:30 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2007-10-31 19:30 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2007-10-31 19:30 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2007-10-26 12:09 <DIR> d-------- C:\Program Files\Google 2007-10-15 14:58 <DIR> d-------- C:\Documents and Settings\Cees De Vries\Application Data\Leadertech 2007-10-11 12:34 <DIR> d-------- C:\Documents and Settings\Cees De Vries\DoctorWeb 2007-10-10 14:43 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-10-10 14:43 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-10-10 14:24 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-10-10 14:23 <DIR> d-------- C:\Program Files\Microsoft Works 2007-10-10 14:22 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-10-10 14:20 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-10-10 14:19 <DIR> dr-h----- C:\MSOCache 2007-10-10 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-10-09 10:57 <DIR> d-------- C:\Program Files\MSAC-FD1 2007-10-09 10:57 113,812 --------- C:\WINDOWS\system32\drivers\FPMSNT.SYS 2007-10-09 10:57 73,296 --------- C:\WINDOWS\system32\drivers\sdselect.sys 2007-10-09 10:57 26,848 --------- C:\WINDOWS\system32\drivers\sdfdc.sys 2007-10-09 10:57 21,264 --------- C:\WINDOWS\system32\drivers\SdFloppy.sys 2007-10-09 10:56 <DIR> d-------- C:\temp\bjc1000Win2kXPv150 2007-10-09 10:56 <DIR> d-------- C:\temp 2007-10-05 11:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-10-04 13:18 <DIR> d-------- C:\Program Files\MSXML 4.0 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-09 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-06 07:17 --------- d-----w C:\Program Files\Java 2007-10-03 13:28 --------- d-----w C:\Documents and Settings\Cees De Vries\Application Data\Nokia Multimedia Player 2007-10-03 09:02 --------- d-----w C:\Documents and Settings\Cees De Vries\Application Data\Nokia 2007-10-03 09:00 --------- d-----w C:\Documents and Settings\Cees De Vries\Application Data\Datalayer 2007-10-03 08:58 --------- d-----w C:\Documents and Settings\Cees De Vries\Application Data\PC Suite 2007-10-03 08:57 --------- d-----w C:\Program Files\Nokia 2007-10-03 08:56 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-10-03 08:56 --------- d-----w C:\Program Files\Common Files\Nokia 2007-10-03 08:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 10:02 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:02 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:02 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:02 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:02 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:02 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:02 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:02 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:02 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:02 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:02 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:02 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:02 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:02 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:02 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:02 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:02 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:02 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:02 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:02 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:02 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:02 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:02 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:23 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:23 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:23 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="Mixer.exe" [2002-04-30 08:23 C:\WINDOWS\mixer.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 13:45] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 14:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 10:44] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 14:49] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Memory Stick Monitor.lnk - C:\Program Files\MSAC-FD1\MSSTAT.EXE [2007-10-09 10:57:20] R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-04 21:01:50 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fdc] "ImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0" "KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0" "SDImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0" -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk] "ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0" "KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0" "SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0" . Voltooingstijd: 2007-11-04 21:02:34 . --- E O F ---
  • Scan de volgende file bij jotti: http://virusscan.jotti.org/ [b:2409727974]C:\WINDOWS\system32\drivers\FPMSNT.SYS[/b:2409727974] Post de uitslag van de scan in je volgende bericht. Herhaal dit voor: [b:2409727974]C:\WINDOWS\system32\drivers\Sdselect.sys [/b:2409727974] Kun je eens duidelijk omschrijven wat je problemen zijn? Pim :)
  • Service load: 0% 100% File: FPMSNT.SYS Status: OK MD5: b8842541c0ec22aa64148046f65a3e39 Packers detected: - Bit9 reports: No threat detected (more info) Service load: 0% 100% File: sdselect.sys Status: OK MD5: 7c4b01e60c2fd76ed7bc408b87d226c3 Packers detected: - Bit9 reports: No threat detected (more info) hij word steeds trager pim en loopt heel af en toe vast
  • Download F-Secure Blacklight: https://europe.f-secure.com/blacklight/ Plaats het op je bureaublad. Dubbelklik blbeta.exe. Klik op "I accept the agreement". Klik op "Next". Klik op "Scan" en als het programma klaar is klik je daarna op "Next". Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven. Laat nog niks hernoemen. Op je bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen) Dit is het logje dat blacklight gemaakt heeft. Post het. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner ( van Atribune)[/url] Dubbelklik op [b:659ef75766]ATF cleaner[/b:659ef75766] om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch. Klik op de knop Empty Selected. Gebruik je ook [b:659ef75766]Firefox[/b:659ef75766] als browser: Klik op tabblad "Firefox", plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit verwijdert het vinkje bij "Firefox saved passwords") Klik op de knop Empty Selected. Gebruik je ook [b:659ef75766]Opera[/b:659ef75766] als browser: Klik op tabblad "Opera", plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop Empty Selected. Ga naar het tabblad "Main" en klik op de knop [b:659ef75766]Exit[/b:659ef75766] om het programma af te sluiten. Pim :)
  • Download F-Secure Blacklight waar ik krijg die link niet open om te downloaden
  • Ik zie het probleem, gebruik onderstaande tool even. Download [b:f5f25268a9][url=http://www.gmer.net/gmer.zip]Gmer[/url][/b:f5f25268a9] en plaats het op je [b:f5f25268a9]bureaublad.[/b:f5f25268a9] - Unzip het > open de map gmer > dubbelklik op [b:f5f25268a9]gmer.exe[/b:f5f25268a9]. - Ga naar het tabblad [u:f5f25268a9]Rootkit[/u:f5f25268a9] en klik op de [u:f5f25268a9]Scan[/u:f5f25268a9] knop. [i:f5f25268a9](Als een rootkit actief is, kan het zijn dat Gmer zal vragen om een scan uit te voeren. Sta dit toe.)[/i:f5f25268a9] - Als de scan klaar is klik je op de knop [u:f5f25268a9]Copy[/u:f5f25268a9]. - Via CTRL+V kan je de volledige inhoud van het gmerlogje in je volgende post plakken.
  • GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-11-08 07:42:58 Windows 5.1.2600 Service Pack 2 ---- User code sections - GMER 1.0.13 ---- .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1500] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 448CF2C1 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 44A6030F C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44A60290 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44A602D4 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 44A6021C C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 44A60256 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 44A6034A C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 448F1676 C:\WINDOWS\system32\IEFRAME.dll ---- User IAT/EAT - GMER 1.0.13 ---- IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll ---- EOF - GMER 1.0.13 ----
  • :D
  • Start hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan: [b:3c32dcd7ea] O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [/b:3c32dcd7ea] Sluit alle openstaande vensters en klik op Fix checked. Hoe werkt alles inmiddels? :) Pim
  • Hoi Pim Hij is al weer stukken beter als hij was hier nog even een nieuw hyjack file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:26, on 8-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\MSAC-FD1\MSSTAT.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Memory Stick Monitor.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab -- End of file - 5164 bytes
  • Ziet er goed uit :) Verwijder Combofix: Ga naar start --> uitvoeren en typ: [b:1f6a3bcef0]Combofix /u[/b:1f6a3bcef0] Bevestig met ok. Lees deze beveiligingstips ook nog eens door: http://users.telenet.be/marcvn/spyware/1564073.htm Pim
  • ok pim is werwijdert wederom weer bedankt

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.