Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

weer de smitfraut ? hjt logje

None
20 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:09:11, on 12-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\winter.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O4 - Startup: infos.exe
    O4 - Global Startup: autos.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 8639 bytes
  • en weer van de zelfde site af

    ben er moderator en zou er op moeten kunnen

    helaas is het daarvoor voor goed voorbij
  • Dag Sjouwer,

    Download SmitfraudFix (by S!Ri) en plaats het op je bureaublad.
    Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
    Sluit alle open vensters.
    Start Hijackthis en vink de volgende items aan:

    [b:4e83b06954]O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1[/b:4e83b06954]
    Klik daarna op "Fix checked" en sluit HijackThis.

    Zoek daarna via verkenner naar volgende mappen/bestanden en verwijder deze indien nog aanwezig:

    Dubbelklik op smitfraudfix.exe.
    Kies optie #2 - Clean door [b:4e83b06954]2[/b:4e83b06954] te typen en druk dan op "Enter".

    Wanneer de volgende vraag gesteld: "Registry cleaning - Do you want to clean the registry ?"; antwoord je "Yes/ja" door [b:4e83b06954]Y[/b:4e83b06954] te typen en daarna op "Enter" te klikken. Dit zal je bureaublad terug herstellen en registersleutels die deze infectie heeft aangemaakt weer verwijderen.

    De tool zal daarna je computer opnieuw laten opstarten om de restanten te verwijderen.
    Indien de computer niet automatisch start, start je de pc zelf opnieuw in normale windowsmodus.
    Wanneer de computer opnieuw gestart is zal er een logfile open: C:\rapport.txt.
    Post de inhoud van dat logje samen met een nieuwe hijackthislog.
  • SmitFraudFix v2.252

    Scan done at 10:41:52,59, ma 12-11-2007
    Run from C:\Documents and Settings\Arie\Bureaublad\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\proper.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    hosts file corrupted !

    192.168.200.3 download.microsoft.com
    192.168.200.3 downloads.microsoft.com
    192.168.200.3 go.microsoft.com
    192.168.200.3 microsoft.com
    192.168.200.3 msdn.microsoft.com
    192.168.200.3 office.microsoft.com
    192.168.200.3 support.microsoft.com
    192.168.200.3 windowsupdate.microsoft.com
    192.168.200.3 www.microsoft.com
    192.168.200.3 pandasoftware.com
    192.168.200.3 www.pandasoftware.com

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\bronto.dll FOUND !
    C:\WINDOWS\system32\proper.exe FOUND !
    C:\WINDOWS\system32\skuns.dat FOUND !
    C:\WINDOWS\system32\winter.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arie


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arie\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\ARIE\MENUST~1\PROGRA~1\OPSTAR~1\infos.exe FOUND !
    C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\autos.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ARIE\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\system32\\skuns.dat"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    DNS Server Search Order: 192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:47:00, on 12-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\proper.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O4 - Startup: infos.exe
    O4 - Global Startup: autos.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 8727 bytes
  • Dag sjouwer,

    Je hebt de log met smitfraudfix gemaakt in normale modus, je moest deze maken in veilige modus.
    Je hebt optie 1 gebruik van Smitfraudifx, en om alles te verwijderen moet je optie 2 gebruiken.
    Herhaal de opgegeven stappen nog een keer.
  • ik probeer die tot 2 keer toe maar looppt vast op een leeg scherm en krijg nu een foiut melding van een bestand niet gevonden
  • Welke foutmelding?
    Ook in veilige modus?
  • ja in beide modus

    de smitfraud loopt door tot een leeg scherm en dan doet er niks meer wat

    het enige wat ik dan kan doen is direct power off (+- 15 min gewacht)
  • een neiwue hjt log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:58:11, on 12-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 8657 bytes
  • Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.

    Open een kladblokbestand.
    Kopieer de ondestaande code, en plak deze in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt
    [code:1:6001f139e0]
    File::
    C:\WINDOWS\system32\proper.exe
    C:\WINDOWS\system32\winter.exe
    C:\WINDOWS\system32\skuns.dat

    Registry::
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    [/code:1:6001f139e0]
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
    [img:6001f139e0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:6001f139e0]
    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • ComboFix 07-11-08.1 - Arie 2007-11-12 12:34:10.3 -
  • en hjt log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:48:56, on 12-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ATWTUSB.EXE
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88"
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
    O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch
    ="SOFTWARE\Corel\WordPerfect Suite\12"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe
    O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    End of file - 8000 bytes
  • Logje ziet er goed uit.
    Zijn er nog problemen?

    Ga naar deze website: http://www.virustotal.com/en/indexf.html
    Laat volgend bestandje scannen: C:\WINDOWS\drabste.exe
    Post het resultaat van de scan.
  • ik heb nu al een stuk of 7 stoyan of virus melding over dat bestand

    is nu nog bezig
  • Bestand drabste.exe_ ontvangen op 2007.11.11 13:32:15 (CET)
    Huidig status: Laden … In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT


    Resultaat: 15/32 (46.88%)
    Server informatie laden…
    Je bestand is in de wachtrij geplaatst, plaats: 1.
    De gemiddelde starttijd ligt tussen 37 en 52 seconden.
    Laat dit venster open tijdens het scannen.
    De scanner die je bestand aan het verwerken was is gestopt, gelieve enkele seconden te wachten terwijl we proberen je resultaat te herstellen.
    Indien u meer dan 5 minuten wachten dient U uw bestand opnieuw in te sturen.
    Je bestand word op dit moment gescand door VirusTotal,
    De resultaten worden weergegeven zodra ze beschikbaar zijn.
    Geformatteerd Resultaten afdrukken
    Je bestand is vervallen of bestaat niet.
    De dienst is momenteel gestopt, je bestand staat in de wachtrij (plaats: ) voor een onbekende tijd.

    Je kan deze pagina open houden en wachten (automatische refresh) of je kan je e-mailadres hieronder invullen en op "Aanvraag verzenden" klikken zodat je de resultaten per mail ontvangt.
    E-mail:


    Antivirus Versie Laatst geüpdatet Resultaat
    AhnLab-V3 2007.11.10.0 2007.11.09 -
    AntiVir 7.6.0.34 2007.11.09 WORM/Zhelatin.Gen
    Authentium 4.93.8 2007.11.10 -
    Avast 4.7.1074.0 2007.11.10 -
    AVG 7.5.0.503 2007.11.11 Downloader.Tibs
    BitDefender 7.2 2007.11.11 Trojan.Peed.INW
    CAT-QuickHeal 9.00 2007.11.10 -
    ClamAV 0.91.2 2007.11.11 Trojan.Peed-47
    DrWeb 4.44.0.09170 2007.11.11 Trojan.Packed.210
    eSafe 7.0.15.0 2007.11.08 Suspicious File
    eTrust-Vet 31.2.5284 2007.11.09 -
    Ewido 4.0 2007.11.11 -
    FileAdvisor 1 2007.11.11 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.10 -
    F-Secure 6.70.13030.0 2007.11.10 Email-Worm.Win32.Zhelatin.ml
    Ikarus T3.1.1.12 2007.11.11 Email-Worm.Win32.Zhelatin.ml
    Kaspersky 7.0.0.125 2007.11.11 Email-Worm.Win32.Zhelatin.ml
    McAfee 5160 2007.11.09 W32/Nuwar@MM
    Microsoft 1.3007 2007.11.11 Trojan:Win32/Tibs.EX
    NOD32v2 2652 2007.11.11 probably unknown NewHeur_PE virus
    Norman 5.80.02 2007.11.09 -
    Panda 9.0.0.4 2007.11.10 -
    Prevx1 V2 2007.11.11 -
    Rising 20.17.62.00 2007.11.11 -
    Sophos 4.23.0 2007.11.11 Mal/Dorf-F
    Sunbelt 2.2.907.0 2007.11.09 -
    Symantec 10 2007.11.11 -
    TheHacker 6.2.9.123 2007.11.10 -
    VBA32 3.12.2.4 2007.11.08 -
    VirusBuster 4.3.26:9 2007.11.10 Trojan.Tibs.Gen!Pac.132
    Webwasher-Gateway 6.0.1 2007.11.11 Worm.Zhelatin.Gen
    Extra informatie
    File size: 7530 bytes
    MD5: 92403654044a2d9fa918fbc6086458d8
    SHA1: feac1fdf3c7b13af47e054b26b50f42f6a730724
  • Dat bestandje kan je verwijderen Arie.
    Download HostsXpert: http://www.funkytoad.com/download/HostsXpert.zip
    Unzip het programma, run het, klik op "Restore micorosoft host file", klik op "OK" en sluit het programma af.


    Zijn er nog problemen?
  • via email krijg je nog een boodschap
  • het automatisch starten van de dvd / cd rom werkt niet meer

    ook van de kaart lezer wordt niet meer automatisch gestart

    waar moet ik dit weer herstellen
  • Rechtsklik op de cd/dvd drive en ga naar het tabje automatisch afspelen.
    Daar kan je de instellingen aanpassen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.