Vraag & Antwoord

Beveiliging & privacy

Hijack log /probelemen met opstarten en .exe bestanden/

2 antwoorden
  • He, Zoals ik al in een andere topic melden bij windows dat ik .exe bestanden niet kon openen en bij opstarten verscheen er dit: [URL=http://imageshack.us][img:3db60993ca]http://img463.imageshack.us/img463/3366/pb030584nc3.jpg[/img:3db60993ca][/URL] Hierna kwam je wel gewoon door op OK te klikken bij de gebruikersaccounts. Ben er inmiddels achter gekomen dat het een virus of iets dergelijks is. Ik het met de Hijack al paar dingen hersteld. Ook een comboxfixlogje heb ik. Alleen het lukt me niet om RemoveActivVideoXObject te doen. Ik krijg bij het scannen dit: [URL=http://imageshack.us][img:3db60993ca]http://img103.imageshack.us/img103/3213/2222gn4.jpg[/img:3db60993ca][/URL] Hier alvast hetComboxfixlogje: combofix 07-11-01.1 - eigenaar 2007-11-04 15:28:57.1 - ntfsx86 gestart vanuit: [color=teal:3db60993ca]h:\documents and settings\eigenaar\bureaublad\muziek\[/color:3db60993ca][color=blue:3db60993ca]combofix.exe[/color:3db60993ca] * nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( bestanden gemaakt van 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))) . 2007-11-04 15:27 51,200 --a------ [color=teal:3db60993ca]h:\windows\[/color:3db60993ca][color=blue:3db60993ca]nircmd.exe[/color:3db60993ca] 2007-11-04 15:22 <dir> dr-h----- h:\documents and settings\eigenaar\onlangs geopend 2007-11-04 15:18 374,727 --a------ h:\windows\system32\rvaxo.bat 2007-11-04 15:18 69,632 --a------ [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]remove.exe[/color:3db60993ca] 2007-11-04 15:18 16,384 --a------ [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]restart.exe[/color:3db60993ca] 2007-11-04 01:36 <dir> d-------- h:\program files\trojan remover 2007-11-04 01:36 <dir> d-------- h:\documents and settings\eigenaar\application data\simply super software 2007-11-04 01:36 <dir> d-------- h:\documents and settings\all users\application data\simply super software 2007-11-04 01:36 162,304 --a------ [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]ztvunrar36.dll[/color:3db60993ca] 2007-11-04 01:36 153,088 --a------ [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]unrar3.dll[/color:3db60993ca] 2007-11-04 01:36 77,312 --a------ [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]ztvunace26.dll[/color:3db60993ca] 2007-11-04 01:36 75,264 --a------ [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]unacev2.dll[/color:3db60993ca] 2007-11-04 01:36 69,632 --a------ [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]ztvcabinet.dll[/color:3db60993ca] 2007-11-04 01:27 28,672 --a------ [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]co_mon.sys[/color:3db60993ca] 2007-11-03 21:53 <dir> d-a------ h:\documents and settings\all users\application data\temp 2007-11-03 21:53 626,688 --a------ [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]msvcr80.dll[/color:3db60993ca] 2007-11-03 00:13 <dir> d-------- h:\windows\pss 2007-10-27 13:40 <dir> d-------- h:\documents and settings\all users\application data\winzip 2007-10-13 17:01 <dir> d-------- h:\documents and settings\eigenaar\application data\filezilla 2007-10-10 11:25 584,192 -----c--- [color=teal:3db60993ca]h:\windows\system32\dllcache\[/color:3db60993ca][color=blue:3db60993ca]rpcrt4.dll[/color:3db60993ca] 2007-10-10 10:27 <dir> d-------- h:\n360_backup . ((((((((((((((((((((((((((((((((((((((( find3m rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-04 14:26 --------- d-----w h:\documents and settings\eigenaar\application data\orbit 2007-11-04 14:22 --------- d-----w h:\documents and settings\all users\application data\spybot - search & destroy 2007-11-04 14:14 --------- d-----w h:\documents and settings\all users\application data\symantec 2007-11-04 00:39 --------- d-----w h:\program files\common files\symantec shared 2007-11-03 15:00 --------- d-----w h:\documents and settings\eigenaar\application data\limewire 2007-10-26 23:58 --------- d-----w h:\program files\bitcomet 2007-10-25 23:06 --------- d-----w h:\program files\web page maker v2 2007-10-08 21:19 --------- d-----w h:\documents and settings\all users\application data\messenger plus! 2007-10-06 13:34 --------- d-----w h:\program files\limewire 2007-10-03 21:26 805 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]symevent.inf[/color:3db60993ca] 2007-10-03 21:26 123,952 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]symevent.sys[/color:3db60993ca] 2007-10-03 21:26 10,740 ----a-w h:\windows\system32\drivers\symevent.cat 2007-10-03 21:26 --------- d-----w h:\program files\symantec 2007-10-02 16:29 685,816 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]sptd.sys[/color:3db60993ca] 2007-10-02 14:57 --------- d-----w h:\program files\windows live 2007-10-02 14:57 --------- d-----w h:\program files\msn messenger 2007-10-02 14:57 --------- d-----w h:\program files\messenger plus! live 2007-09-29 23:42 12,400 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]secdrv.sys[/color:3db60993ca] 2007-09-29 23:40 --------- d-----w h:\program files\ubi soft 2007-09-29 23:27 --------- d--h--w h:\program files\installshield installation information 2007-09-29 23:27 --------- d-----w h:\program files\common files\installshield 2007-09-24 15:57 --------- d-----w h:\program files\orbitdownloader 2007-09-22 11:16 --------- d-----w h:\documents and settings\all users\application data\skype 2007-09-19 21:09 --------- d-----w h:\program files\quicktime 2007-09-18 12:44 10,662 ----a-w h:\windows\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w h:\windows\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w h:\windows\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]srtspl.inf[/color:3db60993ca] 2007-09-18 12:44 1,421 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]srtspx.inf[/color:3db60993ca] 2007-09-18 12:44 1,415 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]srtsp.inf[/color:3db60993ca] 2007-09-18 12:43 43,696 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]srtspx.sys[/color:3db60993ca] 2007-09-18 12:43 317,616 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]srtspl.sys[/color:3db60993ca] 2007-09-18 12:43 278,576 ----a-w [color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]srtsp.sys[/color:3db60993ca] 2007-09-16 01:10 --------- d-----w h:\documents and settings\all users\application data\adobe systems 2007-09-16 01:07 --------- d-----w h:\program files\common files\adobe 2007-09-16 01:06 --------- d-----w h:\program files\common files\adobe systems shared 2007-09-16 00:47 --------- d-----w h:\program files\mysql 2007-09-15 23:52 --------- d-----w h:\documents and settings\eigenaar\application data\leadertech 2007-09-12 19:35 --------- d-----w h:\program files\wolfenstein - enemy territory 2007-09-08 18:50 --------- d-----w h:\documents and settings\eigenaar\application data\voipbuster 2007-09-05 16:16 --------- d-----w h:\program files\voipbuster.com 2007-09-05 13:18 --------- d-----w h:\program files\reservoir dogs 2007-09-04 19:12 --------- d-----w h:\program files\magix 2007-09-04 13:44 --------- d-----w h:\program files\norton 360 2007-06-16 15:25 17,920 ----a-w [color=teal:3db60993ca]h:\documents and settings\eigenaar\application data\[/color:3db60993ca][color=blue:3db60993ca]gdipfontcachev1.dat[/color:3db60993ca] . ((((((((((((((((((((((((((((((((((((( reg opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [b:3db60993ca][hkey_local_machine\software\microsoft\windows\currentversion\run][/b:3db60993ca] "ccapp"=[color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccapp.exe[/color:3db60993ca] [b:3db60993ca][2007-03-14 19:10][/b:3db60993ca] [b:3db60993ca][hkey_current_user\software\microsoft\windows\currentversion\run][/b:3db60993ca] "ctfmon.exe"=[color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]ctfmon.exe[/color:3db60993ca] [b:3db60993ca][2004-08-04 09:03][/b:3db60993ca] "swg"=[color=teal:3db60993ca]h:\program files\google\googletoolbarnotifier\[/color:3db60993ca][color=blue:3db60993ca]googletoolbarnotifier.exe[/color:3db60993ca] [b:3db60993ca][2007-08-29 16:54][/b:3db60993ca] "msnmsgr"=[color=teal:3db60993ca]h:\program files\msn messenger\[/color:3db60993ca][color=blue:3db60993ca]msnmsgr.exe[/color:3db60993ca] [b:3db60993ca][2007-01-19 11:54][/b:3db60993ca] h:\documents and settings\eigenaar\menu start\programma's\opstarten\ adobe gamma.lnk - [color=teal:3db60993ca]h:\program files\common files\adobe\calibration\[/color:3db60993ca][color=blue:3db60993ca]adobe gamma loader.exe[/color:3db60993ca] [b:3db60993ca][2005-03-16 18:16:50][/b:3db60993ca] onenote 2007 schermopname en snel starten.lnk - [color=teal:3db60993ca]h:\program files\microsoft office\office12\[/color:3db60993ca][color=blue:3db60993ca]onenotem.exe[/color:3db60993ca] [b:3db60993ca][2006-10-26 19:24:54][/b:3db60993ca] h:\documents and settings\all users\menu start\programma's\opstarten\ microsoft office.lnk - [color=teal:3db60993ca]h:\program files\microsoft office\office10\[/color:3db60993ca][color=blue:3db60993ca]osa.exe[/color:3db60993ca] [b:3db60993ca][2001-02-13 09:01:04][/b:3db60993ca] nu.nl nieuwslezer.lnk - [color=teal:3db60993ca]h:\program files\nu.nl nieuwslezer\[/color:3db60993ca][color=blue:3db60993ca]nunwslzr.exe[/color:3db60993ca] [b:3db60993ca][2006-11-10 11:30:02][/b:3db60993ca] r1 octivflexconnect;octiv flexconnect;[color=teal:3db60993ca]h:\windows\system32\drivers\[/color:3db60993ca][color=blue:3db60993ca]flxkmd.sys[/color:3db60993ca] *newly created service* - comhost . inhoud van de 'gedeelde taken' map "2007-10-29 16:03:00 [color=teal:3db60993ca]h:\windows\tasks\[/color:3db60993ca][color=blue:3db60993ca]applesoftwareupdate.job[/color:3db60993ca] . ************************************************************************** catchme 0.3.1250 w2k/xp/vista - rootkit/stealth malware detector by gmer, [u:3db60993ca][noparse]http://www.gmer.net[/noparse][/u:3db60993ca] rootkit scan 2007-11-04 15:35:32 windows 5.1.2600 service pack 2 ntfs scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . voltooingstijd: 2007-11-04 15:36:57 - machine was rebooted . --- e o f --- Hier ook het Hijack logje: Logfile of HijackThis v1.99.1 Scan saved at 16:02:23, on 4-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) [b:3db60993ca]Running processes:[/b:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]smss.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]winlogon.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]services.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]lsass.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]svchost.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]svchost.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccsvchst.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccproxy.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\[/color:3db60993ca][color=blue:3db60993ca]explorer.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]spoolsv.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]crypserv.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\mysql\mysql server 5.0\bin\[/color:3db60993ca][color=blue:3db60993ca]mysqld-nt.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\symantec\liveupdate\[/color:3db60993ca][color=blue:3db60993ca]aluschedulersvc.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccapp.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]ctfmon.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\google\googletoolbarnotifier\[/color:3db60993ca][color=blue:3db60993ca]googletoolbarnotifier.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\msn messenger\[/color:3db60993ca][color=blue:3db60993ca]msnmsgr.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]svchost.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\nu.nl nieuwslezer\[/color:3db60993ca][color=blue:3db60993ca]nunwslzr.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\internet explorer\[/color:3db60993ca][color=blue:3db60993ca]iexplore.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\program files\adobe\adobe photoshop cs2\[/color:3db60993ca][color=blue:3db60993ca]photoshop.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]svchost.exe[/color:3db60993ca] h:\docume~1\eigenaar\locals~1\temp\adobelm_cleanup.0001 [color=teal:3db60993ca]h:\program files\common files\adobe systems shared\service\[/color:3db60993ca][color=blue:3db60993ca]adobelmsvc.exe[/color:3db60993ca] h:\docume~1\eigenaar\locals~1\temp\adobelm_cleanup.0001 [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]notepad.exe[/color:3db60993ca] [color=teal:3db60993ca]h:\documents and settings\eigenaar\mijn documenten\[/color:3db60993ca][color=blue:3db60993ca]hijackthis.exe[/color:3db60993ca] [color=silver:3db60993ca]r1 -[/color:3db60993ca] [color=brown:3db60993ca]hkcu\software\microsoft\internet connection wizard[/color:3db60993ca],shellnext = [u:3db60993ca][noparse]http://windowsupdate.microsoft.com/[/noparse][/u:3db60993ca] [color=silver:3db60993ca]r0 -[/color:3db60993ca] [color=brown:3db60993ca]hkcu\software\microsoft\internet explorer\toolbar[/color:3db60993ca],linksfoldername = koppelingen [color=silver:3db60993ca]o2 -[/color:3db60993ca] [color=brown:3db60993ca]bho[/color:3db60993ca]: btorbit.com - [color=orange:3db60993ca]{000123b4-9b42-4900-b3f7-f4b073efc214}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\orbitdownloader\[/color:3db60993ca][color=blue:3db60993ca]orbitcth.dll[/color:3db60993ca] [color=silver:3db60993ca]o2 -[/color:3db60993ca] [color=brown:3db60993ca]bho[/color:3db60993ca]: adobe pdf reader help bij koppelingen - [color=orange:3db60993ca]{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\common files\adobe\acrobat\activex\[/color:3db60993ca][color=blue:3db60993ca]acroiehelper.dll[/color:3db60993ca] [color=silver:3db60993ca]o2 -[/color:3db60993ca] [color=brown:3db60993ca]bho[/color:3db60993ca]: (no name) - [color=orange:3db60993ca]{1e8a6170-7264-4d0f-beae-d42a53123c75}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\common files\symantec shared\coshared\browser\1.5\[/color:3db60993ca][color=blue:3db60993ca]nppbho.dll[/color:3db60993ca] [color=silver:3db60993ca]o2 -[/color:3db60993ca] [color=brown:3db60993ca]bho[/color:3db60993ca]: spybot-s&d ie protection - [color=orange:3db60993ca]{53707962-6f74-2d53-2644-206d7942484f}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\spybot~1\[/color:3db60993ca][color=blue:3db60993ca]sdhelper.dll[/color:3db60993ca] [color=silver:3db60993ca]o2 -[/color:3db60993ca] [color=brown:3db60993ca]bho[/color:3db60993ca]: ssvhelper class - [color=orange:3db60993ca]{761497bb-d6f0-462c-b6eb-d4daf1d92d43}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\java\jre1.6.0_02\bin\[/color:3db60993ca][color=blue:3db60993ca]ssv.dll[/color:3db60993ca] [color=silver:3db60993ca]o2 -[/color:3db60993ca] [color=brown:3db60993ca]bho[/color:3db60993ca]: (no name) - [color=orange:3db60993ca]{7e853d72-626a-48ec-a868-ba8d5e23e045}[/color:3db60993ca] - (no file) [color=silver:3db60993ca]o2 -[/color:3db60993ca] [color=brown:3db60993ca]bho[/color:3db60993ca]: google toolbar helper - [color=orange:3db60993ca]{aa58ed58-01dd-4d91-8333-cf10577473f7}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\google\[/color:3db60993ca][color=blue:3db60993ca]googletoolbar2.dll[/color:3db60993ca] [color=silver:3db60993ca]o2 -[/color:3db60993ca] [color=brown:3db60993ca]bho[/color:3db60993ca]: google toolbar notifier bho - [color=orange:3db60993ca]{af69de43-7d58-4638-b6fa-ce66b5ad205d}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\google\googletoolbarnotifier\2.0.301.7164\[/color:3db60993ca][color=blue:3db60993ca]swg.dll[/color:3db60993ca] [color=silver:3db60993ca]o3 -[/color:3db60993ca] [color=brown:3db60993ca]toolbar[/color:3db60993ca]: visa norton-verktygsfältet - [color=orange:3db60993ca]{90222687-f593-4738-b738-fbee9c7b26df}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\common files\symantec shared\coshared\browser\1.5\[/color:3db60993ca][color=blue:3db60993ca]uibho.dll[/color:3db60993ca] [color=silver:3db60993ca]o3 -[/color:3db60993ca] [color=brown:3db60993ca]toolbar[/color:3db60993ca]: &google - [color=orange:3db60993ca]{2318c2b1-4965-11d4-9b18-009027a5cd4f}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\google\[/color:3db60993ca][color=blue:3db60993ca]googletoolbar2.dll[/color:3db60993ca] [color=silver:3db60993ca]o4 -[/color:3db60993ca] [color=brown:3db60993ca]hklm\..\run[/color:3db60993ca]: [b:3db60993ca][ccapp][/b:3db60993ca] [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccapp.exe[/color:3db60993ca] [color=silver:3db60993ca]o4 -[/color:3db60993ca] [color=brown:3db60993ca]hkcu\..\run[/color:3db60993ca]: [b:3db60993ca][ctfmon.exe][/b:3db60993ca] [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]ctfmon.exe[/color:3db60993ca] [color=silver:3db60993ca]o4 -[/color:3db60993ca] [color=brown:3db60993ca]hkcu\..\run[/color:3db60993ca]: [b:3db60993ca][swg][/b:3db60993ca] [color=teal:3db60993ca]h:\program files\google\googletoolbarnotifier\[/color:3db60993ca][color=blue:3db60993ca]googletoolbarnotifier.exe[/color:3db60993ca] [color=silver:3db60993ca]o4 -[/color:3db60993ca] [color=brown:3db60993ca]hkcu\..\run[/color:3db60993ca]: [b:3db60993ca][msnmsgr][/b:3db60993ca] [color=teal:3db60993ca]h:\program files\msn messenger\[/color:3db60993ca][color=blue:3db60993ca]msnmsgr.exe[/color:3db60993ca] /background [color=silver:3db60993ca]o4 -[/color:3db60993ca] [color=brown:3db60993ca]startup[/color:3db60993ca]: adobe gamma.lnk = [color=teal:3db60993ca]h:\program files\common files\adobe\calibration\[/color:3db60993ca][color=blue:3db60993ca]adobe gamma loader.exe[/color:3db60993ca] [color=silver:3db60993ca]o4 -[/color:3db60993ca] [color=brown:3db60993ca]startup[/color:3db60993ca]: onenote 2007 schermopname en snel starten.lnk = [color=teal:3db60993ca]h:\program files\microsoft office\office12\[/color:3db60993ca][color=blue:3db60993ca]onenotem.exe[/color:3db60993ca] [color=silver:3db60993ca]o4 -[/color:3db60993ca] [color=brown:3db60993ca]global startup[/color:3db60993ca]: microsoft office.lnk = [color=teal:3db60993ca]h:\program files\microsoft office\office10\[/color:3db60993ca][color=blue:3db60993ca]osa.exe[/color:3db60993ca] [color=silver:3db60993ca]o4 -[/color:3db60993ca] [color=brown:3db60993ca]global startup[/color:3db60993ca]: nu.nl nieuwslezer.lnk = [color=teal:3db60993ca]h:\program files\nu.nl nieuwslezer\[/color:3db60993ca][color=blue:3db60993ca]nunwslzr.exe[/color:3db60993ca] [color=silver:3db60993ca]o8 -[/color:3db60993ca] [color=brown:3db60993ca]extra context menu item[/color:3db60993ca]: &download by orbit - res://[color=teal:3db60993ca]h:\program files\orbitdownloader\[/color:3db60993ca][color=blue:3db60993ca]orbitmxt.dll[/color:3db60993ca]/201 [color=silver:3db60993ca]o8 -[/color:3db60993ca] [color=brown:3db60993ca]extra context menu item[/color:3db60993ca]: &grab video by orbit - res://[color=teal:3db60993ca]h:\program files\orbitdownloader\[/color:3db60993ca][color=blue:3db60993ca]orbitmxt.dll[/color:3db60993ca]/204 [color=silver:3db60993ca]o8 -[/color:3db60993ca] [color=brown:3db60993ca]extra context menu item[/color:3db60993ca]: do&wnload selected by orbit - res://[color=teal:3db60993ca]h:\program files\orbitdownloader\[/color:3db60993ca][color=blue:3db60993ca]orbitmxt.dll[/color:3db60993ca]/203 [color=silver:3db60993ca]o8 -[/color:3db60993ca] [color=brown:3db60993ca]extra context menu item[/color:3db60993ca]: down&load all by orbit - res://[color=teal:3db60993ca]h:\program files\orbitdownloader\[/color:3db60993ca][color=blue:3db60993ca]orbitmxt.dll[/color:3db60993ca]/202 [color=silver:3db60993ca]o8 -[/color:3db60993ca] [color=brown:3db60993ca]extra context menu item[/color:3db60993ca]: e&xporteren naar microsoft excel - res://[color=teal:3db60993ca]h:\progra~1\micros~2\office12\[/color:3db60993ca][color=blue:3db60993ca]excel.exe[/color:3db60993ca]/3000 [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra button[/color:3db60993ca]: (no name) - [color=orange:3db60993ca]{08b0e5c0-4fcb-11cf-aaa5-00401c608501}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\java\jre1.6.0_02\bin\[/color:3db60993ca][color=blue:3db60993ca]ssv.dll[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra 'tools' menuitem[/color:3db60993ca]: sun java console - [color=orange:3db60993ca]{08b0e5c0-4fcb-11cf-aaa5-00401c608501}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\java\jre1.6.0_02\bin\[/color:3db60993ca][color=blue:3db60993ca]ssv.dll[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra button[/color:3db60993ca]: verzenden naar onenote - [color=orange:3db60993ca]{2670000a-7350-4f3c-8081-5663ee0c6c49}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\micros~2\office12\[/color:3db60993ca][color=blue:3db60993ca]onbttnie.dll[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra 'tools' menuitem[/color:3db60993ca]: verz&enden naar onenote - [color=orange:3db60993ca]{2670000a-7350-4f3c-8081-5663ee0c6c49}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\micros~2\office12\[/color:3db60993ca][color=blue:3db60993ca]onbttnie.dll[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra button[/color:3db60993ca]: research - [color=orange:3db60993ca]{92780b25-18cc-41c8-b9be-3c9c571a8263}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\micros~2\office12\[/color:3db60993ca][color=blue:3db60993ca]refiebar.dll[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra button[/color:3db60993ca]: (no name) - [color=orange:3db60993ca]{dfb852a3-47f8-48c4-a200-58cab36fd2a2}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\spybot~1\[/color:3db60993ca][color=blue:3db60993ca]sdhelper.dll[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra 'tools' menuitem[/color:3db60993ca]: spybot - search & destroy configuration - [color=orange:3db60993ca]{dfb852a3-47f8-48c4-a200-58cab36fd2a2}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\spybot~1\[/color:3db60993ca][color=blue:3db60993ca]sdhelper.dll[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra button[/color:3db60993ca]: (no name) - [color=orange:3db60993ca]{e2e2dd38-d088-4134-82b7-f2ba38496583}[/color:3db60993ca] - [color=teal:3db60993ca]%windir%\network diagnostic\[/color:3db60993ca][color=blue:3db60993ca]xpnetdiag.exe[/color:3db60993ca] [color=red:3db60993ca](file missing)[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra 'tools' menuitem[/color:3db60993ca]: @xpsp3res.dll,-20001 - [color=orange:3db60993ca]{e2e2dd38-d088-4134-82b7-f2ba38496583}[/color:3db60993ca] - [color=teal:3db60993ca]%windir%\network diagnostic\[/color:3db60993ca][color=blue:3db60993ca]xpnetdiag.exe[/color:3db60993ca] [color=red:3db60993ca](file missing)[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra button[/color:3db60993ca]: messenger - [color=orange:3db60993ca]{fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\messenger\[/color:3db60993ca][color=blue:3db60993ca]msmsgs.exe[/color:3db60993ca] [color=silver:3db60993ca]o9 -[/color:3db60993ca] [color=brown:3db60993ca]extra 'tools' menuitem[/color:3db60993ca]: windows messenger - [color=orange:3db60993ca]{fb5f1910-f110-11d2-bb9e-00c04f795683}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\messenger\[/color:3db60993ca][color=blue:3db60993ca]msmsgs.exe[/color:3db60993ca] [color=silver:3db60993ca]o11 -[/color:3db60993ca] [color=brown:3db60993ca]options group[/color:3db60993ca]: [b:3db60993ca][international][/b:3db60993ca] international* [color=silver:3db60993ca]o16 -[/color:3db60993ca] [color=brown:3db60993ca]dpf[/color:3db60993ca]: [color=orange:3db60993ca]{2bc66f54-93a8-11d3-beb6-00105aa9b6ae}[/color:3db60993ca] (symantec antivirus scanner) - [u:3db60993ca][noparse]http://security.symantec.com/sscv6/sharedcontent/vc/bin/avsniff.cab[/noparse][/u:3db60993ca] [color=silver:3db60993ca]o16 -[/color:3db60993ca] [color=brown:3db60993ca]dpf[/color:3db60993ca]: [color=orange:3db60993ca]{6414512b-b978-451d-a0d8-fcfdf33e833c}[/color:3db60993ca] (wuwebcontrol class) - [u:3db60993ca][noparse]http://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1181226234393[/noparse][/u:3db60993ca] [color=silver:3db60993ca]o16 -[/color:3db60993ca] [color=brown:3db60993ca]dpf[/color:3db60993ca]: [color=orange:3db60993ca]{644e432f-49d3-41a1-8dd5-e099162eeec5}[/color:3db60993ca] (symantec rufsi utility class) - [u:3db60993ca][noparse]http://security.symantec.com/sscv6/sharedcontent/common/bin/cabsa.cab[/noparse][/u:3db60993ca] [color=silver:3db60993ca]o16 -[/color:3db60993ca] [color=brown:3db60993ca]dpf[/color:3db60993ca]: [color=orange:3db60993ca]{c5e28b9d-0a68-4b50-94e9-e8f6b4697514}[/color:3db60993ca] (nsvplayx control) - [u:3db60993ca][noparse]http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab[/noparse][/u:3db60993ca] [color=silver:3db60993ca]o16 -[/color:3db60993ca] [color=brown:3db60993ca]dpf[/color:3db60993ca]: [color=orange:3db60993ca]{d27cdb6e-ae6d-11cf-96b8-444553540000}[/color:3db60993ca] (shockwave flash object) - [u:3db60993ca][noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse][/u:3db60993ca] [color=silver:3db60993ca]o16 -[/color:3db60993ca] [color=brown:3db60993ca]dpf[/color:3db60993ca]: [color=orange:3db60993ca]{e55fd215-a32e-43fe-a777-a7e8f165f551}[/color:3db60993ca] (flatcast viewer 4.15) - [u:3db60993ca][noparse]http://www.flatcast.info/objects/npfv415.dll[/noparse][/u:3db60993ca] [color=silver:3db60993ca]o16 -[/color:3db60993ca] [color=brown:3db60993ca]dpf[/color:3db60993ca]: [color=orange:3db60993ca]{f58e1cef-a068-4c15-ba5e-587caf3ee8c6}[/color:3db60993ca] (msn chat control 4.5) - [u:3db60993ca][noparse]http://www.cupidoschat.com/main/bin/cab/msnchat45.cab[/noparse][/u:3db60993ca] [color=silver:3db60993ca]o17 -[/color:3db60993ca] [color=brown:3db60993ca]hklm\system\ccs\services\tcpip\..\[color=orange]{027b49ae-4a4a-4166-8b2a-fd8b9d736722}[/color:3db60993ca][/color]: nameserver = 192.168.125.4,156.168.125.3 [color=silver:3db60993ca]o17 -[/color:3db60993ca] [color=brown:3db60993ca]hklm\system\cs1\services\tcpip\..\[color=orange]{027b49ae-4a4a-4166-8b2a-fd8b9d736722}[/color:3db60993ca][/color]: nameserver = 192.168.125.4,156.168.125.3 [color=silver:3db60993ca]o18 -[/color:3db60993ca] [color=brown:3db60993ca]protocol[/color:3db60993ca]: livecall - [color=orange:3db60993ca]{828030a1-22c1-4009-854f-8e305202313f}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\msnmes~1\[/color:3db60993ca][color=blue:3db60993ca]msgrap~1.dll[/color:3db60993ca] [color=silver:3db60993ca]o18 -[/color:3db60993ca] [color=brown:3db60993ca]protocol[/color:3db60993ca]: ms-help - [color=orange:3db60993ca]{314111c7-a502-11d2-bbca-00c04f8ec294}[/color:3db60993ca] - [color=teal:3db60993ca]h:\program files\common files\microsoft shared\help\[/color:3db60993ca][color=blue:3db60993ca]hxds.dll[/color:3db60993ca] [color=silver:3db60993ca]o18 -[/color:3db60993ca] [color=brown:3db60993ca]protocol[/color:3db60993ca]: msnim - [color=orange:3db60993ca]{828030a1-22c1-4009-854f-8e305202313f}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\msnmes~1\[/color:3db60993ca][color=blue:3db60993ca]msgrap~1.dll[/color:3db60993ca] [color=silver:3db60993ca]o18 -[/color:3db60993ca] [color=brown:3db60993ca]filter hijack[/color:3db60993ca]: text/xml - [color=orange:3db60993ca]{807563e5-5146-11d5-a672-00b0d022e945}[/color:3db60993ca] - [color=teal:3db60993ca]h:\progra~1\common~1\micros~1\office12\[/color:3db60993ca][color=blue:3db60993ca]msoxmlmf.dll[/color:3db60993ca] [color=silver:3db60993ca]o20 -[/color:3db60993ca] [color=brown:3db60993ca]winlogon notify[/color:3db60993ca]: wgalogon - [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]wgalogon.dll[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: adobe lm service - adobe systems - [color=teal:3db60993ca]h:\program files\common files\adobe systems shared\service\[/color:3db60993ca][color=blue:3db60993ca]adobelmsvc.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: symantec event manager (ccevtmgr) - unknown owner - [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccsvchst.exe[/color:3db60993ca] /h cccommon [color=red:3db60993ca](file missing)[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: symantec network proxy (ccproxy) - symantec corporation - [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccproxy.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: symantec settings manager (ccsetmgr) - unknown owner - [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccsvchst.exe[/color:3db60993ca] /h cccommon [color=red:3db60993ca](file missing)[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: symantec lic netconnect service (cltnetcnservice) - unknown owner - [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccsvchst.exe[/color:3db60993ca] /h cccommon [color=red:3db60993ca](file missing)[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: com host (comhost) - symantec corporation - [color=teal:3db60993ca]h:\program files\common files\symantec shared\vascanner\[/color:3db60993ca][color=blue:3db60993ca]comhost.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: crypkey license - kenonic controls ltd. - [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]crypserv.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: google updater service (gusvc) - google - [color=teal:3db60993ca]h:\program files\google\common\google updater\[/color:3db60993ca][color=blue:3db60993ca]googleupdaterservice.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: installdriver table manager (idrivert) - macrovision corporation - [color=teal:3db60993ca]h:\program files\common files\installshield\driver\11\intel 32\[/color:3db60993ca][color=blue:3db60993ca]idrivert.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: ipod-service (ipod service) - apple inc. - [color=teal:3db60993ca]h:\program files\ipod\bin\[/color:3db60993ca][color=blue:3db60993ca]ipodservice.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: liveupdate - symantec corporation - [color=teal:3db60993ca]h:\progra~1\symantec\liveup~1\[/color:3db60993ca][color=blue:3db60993ca]lucoms~1.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: liveupdate notice service ex (liveupdate notice ex) - unknown owner - [color=teal:3db60993ca]h:\program files\common files\symantec shared\[/color:3db60993ca][color=blue:3db60993ca]ccsvchst.exe[/color:3db60993ca] /h cccommon [color=red:3db60993ca](file missing)[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: liveupdate notice service - unknown owner - [color=teal:3db60993ca]h:\program files\common files\symantec shared\pif\[color=orange]{b8e1dd85-8582-4c61-b58f-2f227fca9a08}[/color:3db60993ca]\[/color][color=blue:3db60993ca]pifsvc.exe[/color:3db60993ca] /m [color=teal:3db60993ca]h:\program files\common files\symantec shared\pif\[color=orange]{b8e1dd85-8582-4c61-b58f-2f227fca9a08}[/color:3db60993ca]\[/color][color=blue:3db60993ca]pifeng.dll[/color:3db60993ca] [color=red:3db60993ca](file missing)[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: mysql - unknown owner - [color=teal:3db60993ca]h:\[/color:3db60993ca][color=blue:3db60993ca]program.exe[/color:3db60993ca] [color=red:3db60993ca](file missing)[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: nvidia driver helper service (nvsvc) - nvidia corporation - [color=teal:3db60993ca]h:\windows\system32\[/color:3db60993ca][color=blue:3db60993ca]nvsvc32.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: planner voor automatische liveupdate - symantec corporation - [color=teal:3db60993ca]h:\program files\symantec\liveupdate\[/color:3db60993ca][color=blue:3db60993ca]aluschedulersvc.exe[/color:3db60993ca] [color=silver:3db60993ca]o23 -[/color:3db60993ca] [color=brown:3db60993ca]service[/color:3db60993ca]: symantec core lc - symantec corporation - [color=teal:3db60993ca]h:\program files\common files\symantec shared\ccpd-lc\[/color:3db60993ca][color=blue:3db60993ca]symlcsvc.exe[/color:3db60993ca] Nu alleen nog het RemoveVideoActiveXObject . Ik hoor graag van jullie. En hoop dat jullie weten waarmee ik te maken heb. En het met jullie hulp kan oplossen :D Met Vriendelijke Groet, Rutger Lieverse
  • Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]Dr.Web Cureit[/url] naar je bureaublad. [list:be405242b4] * Dubbelklik [b:be405242b4]drweb-cureit.exe[/b:be405242b4] en sta het toe om de express scan te starten. * Indien een popup verschijnt met het voorstel tot kopen/50% korting, mag je deze sluiten met het kruisje. * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de [b:be405242b4]Yes to all[/b:be405242b4] knop bij de vraag 'cure it?'. Dit is enkel een korte scan. * Kies bovenaan in het menu voor [b:be405242b4]Language/Taal[/b:be405242b4] en wijzig deze naar [b:be405242b4]Dutch (Nederlands)[/b:be405242b4] indien deze bij jou anders staat ingesteld. * Druk op [b:be405242b4]F9[/b:be405242b4] en kies daarna voor [b:be405242b4]Acties[/b:be405242b4] en stel daar het volgende in onder [b:be405242b4]Malware[/b:be405242b4] : o Adware: [b:be405242b4]Verplaats[/b:be405242b4] Dialers: [b:be405242b4]Verplaats[/b:be405242b4] Jokes: [b:be405242b4]Rapportage[/b:be405242b4] Riskware: [b:be405242b4]Rapportage[/b:be405242b4] Hacktools: [b:be405242b4]Verplaats[/b:be405242b4] Haal dan het [b:be405242b4]vinkje weg bij "Prompt bij actie"[/b:be405242b4]. Druk dan op [b:be405242b4]OK[/b:be405242b4]. * Druk op [b:be405242b4]F9[/b:be405242b4] en kies daarna voor [b:be405242b4]Scan[/b:be405242b4] en verwijder het vinkje bij [b:be405242b4]Heuristische analyse[/b:be405242b4] en klik op [b:be405242b4]OK[/b:be405242b4]. * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations). * Selecteer hier [b:be405242b4]alle stations[/b:be405242b4]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. * Klik daarna de [color=green:be405242b4]groene pijl[/color:be405242b4] rechts om de scan te starten. * Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is. * Nadat de scan gedaan is, in het menu bovenaan, klik [b:be405242b4]Bestand[/b:be405242b4] en kies [b:be405242b4]Rapportage lijst opslaan[/b:be405242b4]. Bewaar het op je Bureaublad. * Sluit daarna Dr.Web Cureit. * [b:be405242b4]Herstart[/b:be405242b4] je computer!! [i:be405242b4]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.[/i:be405242b4] * Na het herstarten, [b:be405242b4]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.[/b:be405242b4] [/list:u:be405242b4] Succes! Pim

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.