Vraag & Antwoord

Beveiliging & privacy

weer de smitfraut ? hjt logje

20 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:09:11, on 12-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\ATWTUSB.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\AnalogX\SimpleServer\WWW\http.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\winter.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch /r="SOFTWARE\Corel\WordPerfect Suite\12" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe O4 - Startup: infos.exe O4 - Global Startup: autos.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1 O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8639 bytes
  • en weer van de zelfde site af ben er moderator en zou er op moeten kunnen helaas is het daarvoor voor goed voorbij
  • Dag Sjouwer, Download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.exe]SmitfraudFix[/url] (by S!Ri) en plaats het op je bureaublad. Start de computer op in veilige modus. Hoe je dit doet kan je [url=http://users.telenet.be/marcvn/spyware/1378056.htm]hier[/url] lezen. Sluit alle open vensters. Start Hijackthis en vink de volgende items aan: [b:4e83b06954]O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1[/b:4e83b06954] Klik daarna op "Fix checked" en sluit HijackThis. Zoek daarna via verkenner naar volgende mappen/bestanden en verwijder deze indien nog aanwezig: Dubbelklik op smitfraudfix.exe. Kies optie #2 - Clean door [b:4e83b06954]2[/b:4e83b06954] te typen en druk dan op "Enter". Wanneer de volgende vraag gesteld: "Registry cleaning - Do you want to clean the registry ?"; antwoord je "Yes/ja" door [b:4e83b06954]Y[/b:4e83b06954] te typen en daarna op "Enter" te klikken. Dit zal je bureaublad terug herstellen en registersleutels die deze infectie heeft aangemaakt weer verwijderen. De tool zal daarna je computer opnieuw laten opstarten om de restanten te verwijderen. Indien de computer niet automatisch start, start je de pc zelf opnieuw in normale windowsmodus. Wanneer de computer opnieuw gestart is zal er een logfile open: C:\rapport.txt. Post de inhoud van dat logje samen met een nieuwe hijackthislog.
  • SmitFraudFix v2.252 Scan done at 10:41:52,59, ma 12-11-2007 Run from C:\Documents and Settings\Arie\Bureaublad\SmitfraudFix OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\proper.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ATWTUSB.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\AnalogX\SimpleServer\WWW\http.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! 192.168.200.3 download.microsoft.com 192.168.200.3 downloads.microsoft.com 192.168.200.3 go.microsoft.com 192.168.200.3 microsoft.com 192.168.200.3 msdn.microsoft.com 192.168.200.3 office.microsoft.com 192.168.200.3 support.microsoft.com 192.168.200.3 windowsupdate.microsoft.com 192.168.200.3 www.microsoft.com 192.168.200.3 pandasoftware.com 192.168.200.3 www.pandasoftware.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\bronto.dll FOUND ! C:\WINDOWS\system32\proper.exe FOUND ! C:\WINDOWS\system32\skuns.dat FOUND ! C:\WINDOWS\system32\winter.exe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arie »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arie\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ARIE\MENUST~1\PROGRA~1\OPSTAR~1\infos.exe FOUND ! C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\autos.exe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ARIE\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\system32\\skuns.dat" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC DNS Server Search Order: 192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:47:00, on 12-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\proper.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ATWTUSB.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\AnalogX\SimpleServer\WWW\http.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch /r="SOFTWARE\Corel\WordPerfect Suite\12" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe O4 - Startup: infos.exe O4 - Global Startup: autos.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1 O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8727 bytes
  • Dag sjouwer, Je hebt de log met smitfraudfix gemaakt in normale modus, je moest deze maken in veilige modus. Je hebt optie 1 gebruik van Smitfraudifx, en om alles te verwijderen moet je optie 2 gebruiken. Herhaal de opgegeven stappen nog een keer.
  • ik probeer die tot 2 keer toe maar looppt vast op een leeg scherm en krijg nu een foiut melding van een bestand niet gevonden
  • Welke foutmelding? Ook in veilige modus?
  • ja in beide modus de smitfraud loopt door tot een leeg scherm en dan doet er niks meer wat het enige wat ik dan kan doen is direct power off (+- 15 min gewacht)
  • een neiwue hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:11, on 12-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\ATWTUSB.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\AnalogX\SimpleServer\WWW\http.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing) O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch /r="SOFTWARE\Corel\WordPerfect Suite\12" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1 O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8657 bytes
  • Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Plaats het op je bureaublad. Open een kladblokbestand. Kopieer de ondestaande code, en plak deze in het kladblokbestand. Sla het kladblokbestand op als CFScript.txt [code:1:6001f139e0] File:: C:\WINDOWS\system32\proper.exe C:\WINDOWS\system32\winter.exe C:\WINDOWS\system32\skuns.dat Registry:: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" [/code:1:6001f139e0] Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe [img:6001f139e0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:6001f139e0] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • ComboFix 07-11-08.1 - Arie 2007-11-12 12:34:10.3 - [color=red:d355032eb5][b:d355032eb5]FAT32[/b:d355032eb5][/color:d355032eb5]x86 Gestart vanuit: C:\Documents and Settings\Arie\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Arie\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE C:\WINDOWS\system32\proper.exe C:\WINDOWS\system32\skuns.dat C:\WINDOWS\system32\winter.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\skuns.dat C:\WINDOWS\WINDOWS C:\WINDOWS\xlavba8.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_XLAVBA8 -------\xlavba8 (((((((((((((((((((( Bestanden Gemaakt van 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))) . 2007-11-12 10:53 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-12 10:53 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-12 10:53 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-12 10:53 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-12 10:53 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-12 07:10 7,530 --a------ C:\WINDOWS\drabste.exe 2007-10-27 17:33 <DIR> d-------- C:\Documents and Settings\Arie\Application Data\InstallShield 2007-10-20 17:56 <DIR> d-------- C:\Program Files\I-QBot . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-12 10:29 4,550 ----a-w C:\WINDOWS\system32\tmp.reg 2007-10-01 18:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel 2007-09-27 14:19 --------- d-----w C:\Program Files\MyPhotoFun 2007-09-27 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\MyPhotoFun 2007-09-27 13:48 --------- d-----w C:\Documents and Settings\Arie\Application Data\U3 2007-09-24 21:11 --------- d-----w C:\Program Files\Common Files\xing shared 2007-09-16 15:02 --------- d-----w C:\Documents and Settings\Arie\Application Data\TomTom 2007-09-16 15:01 --------- d-----w C:\Program Files\TomTom HOME 2 2007-09-16 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom 2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 07:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 11:02 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 11:02 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 11:02 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 11:02 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 11:02 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 11:02 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 11:02 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 11:02 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 11:02 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 11:02 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 11:02 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 11:02 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 11:02 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 11:02 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 11:02 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 11:02 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 11:02 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 11:02 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 11:02 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 11:02 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 11:02 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 11:02 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 11:02 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 11:23 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 11:23 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 11:23 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 08:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2004-11-30 17:00 9,783 ----a-w C:\WINDOWS\Media\Geluidsschema.reg 2004-09-09 15:57 4,204 ----a-w C:\Program Files\uninstal.log 2003-05-03 04:08 655 ----a-w C:\Program Files\INSTALL.LOG 1998-09-25 20:16 270,848 ----a-w C:\Program Files\UNWISE.EXE 2006-09-14 19:16:48 8 --sh--r C:\WINDOWS\system32\4DB7925071.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [] "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2002-11-17 17:36] "SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [] "SoundMan"="SOUNDMAN.EXE" [2003-01-07 19:09 C:\WINDOWS\SOUNDMAN.EXE] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50] "atwtusb"="FuncKey.DLL" [2002-04-18 14:10 C:\WINDOWS\system32\Funckey.dll] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl] "\\HELENA\EPSON"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.exe" [2005-01-27 05:00] "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 05:21] "PdxRegCl"="C:\Program Files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 16:57] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-17 18:36] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "c:_program files_wordperfe3a"="C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe" [] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 15:28] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\Arie\Menu Start\Programma's\Opstarten\ SimpleServer.WWW.lnk - C:\Program Files\AnalogX\SimpleServer\WWW\http.exe [2006-06-25 13:03:34] Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [2004-06-07 16:20:04] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu] C:\Program Files\Wanadoo\NL\Mnu\igomnu.exe /S:T [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PenLock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions S2 PIEUsb;Pacific Image Electronics USB Scanner;C:\WINDOWS\system32\Drivers\usbscan.sys S3 76409eb6-9fc6-4704-9f46-63d33e70fca9;76409eb6-9fc6-4704-9f46-63d33e70fca9;\??\D:\Player\cds300.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb225740-6cf7-11dc-b399-000c76147c59}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-12 12:43:20 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "\\\\HELENA\\EPSON"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIABE.EXE /P14 \"\\\\HELENA\\EPSON\" /O14 \"\\\\HELENA\\EPSON\" /M \"Stylus D88\"" . Voltooingstijd: 2007-11-12 12:45:04 - machine was rebooted . --- E O F ---
  • en hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:56, on 12-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ATWTUSB.EXE C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\AnalogX\SimpleServer\WWW\http.exe C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [c:_program files_wordperfe3a] C:\Program Files\WordPerfect Office 12\Programs\CorUpd.exe /Watch /r="SOFTWARE\Corel\WordPerfect Suite\12" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1 O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 8000 bytes
  • Logje ziet er goed uit. Zijn er nog problemen? Ga naar deze website: http://www.virustotal.com/en/indexf.html Laat volgend bestandje scannen: C:\WINDOWS\drabste.exe Post het resultaat van de scan.
  • ik heb nu al een stuk of 7 stoyan of virus melding over dat bestand is nu nog bezig
  • Bestand drabste.exe_ ontvangen op 2007.11.11 13:32:15 (CET) Huidig status: Laden ... In wachtrij Wachtende Aan het scannen Einde NIET GEVONDEN GESTOPT Resultaat: 15/32 (46.88%) Server informatie laden... Je bestand is in de wachtrij geplaatst, plaats: 1. De gemiddelde starttijd ligt tussen 37 en 52 seconden. Laat dit venster open tijdens het scannen. De scanner die je bestand aan het verwerken was is gestopt, gelieve enkele seconden te wachten terwijl we proberen je resultaat te herstellen. Indien u meer dan 5 minuten wachten dient U uw bestand opnieuw in te sturen. Je bestand word op dit moment gescand door VirusTotal, De resultaten worden weergegeven zodra ze beschikbaar zijn. Geformatteerd Resultaten afdrukken Je bestand is vervallen of bestaat niet. De dienst is momenteel gestopt, je bestand staat in de wachtrij (plaats: ) voor een onbekende tijd. Je kan deze pagina open houden en wachten (automatische refresh) of je kan je e-mailadres hieronder invullen en op "Aanvraag verzenden" klikken zodat je de resultaten per mail ontvangt. E-mail: Antivirus Versie Laatst geüpdatet Resultaat AhnLab-V3 2007.11.10.0 2007.11.09 - AntiVir 7.6.0.34 2007.11.09 WORM/Zhelatin.Gen Authentium 4.93.8 2007.11.10 - Avast 4.7.1074.0 2007.11.10 - AVG 7.5.0.503 2007.11.11 Downloader.Tibs BitDefender 7.2 2007.11.11 Trojan.Peed.INW CAT-QuickHeal 9.00 2007.11.10 - ClamAV 0.91.2 2007.11.11 Trojan.Peed-47 DrWeb 4.44.0.09170 2007.11.11 Trojan.Packed.210 eSafe 7.0.15.0 2007.11.08 Suspicious File eTrust-Vet 31.2.5284 2007.11.09 - Ewido 4.0 2007.11.11 - FileAdvisor 1 2007.11.11 - Fortinet 3.11.0.0 2007.10.19 - F-Prot 4.4.2.54 2007.11.10 - F-Secure 6.70.13030.0 2007.11.10 Email-Worm.Win32.Zhelatin.ml Ikarus T3.1.1.12 2007.11.11 Email-Worm.Win32.Zhelatin.ml Kaspersky 7.0.0.125 2007.11.11 Email-Worm.Win32.Zhelatin.ml McAfee 5160 2007.11.09 W32/Nuwar@MM Microsoft 1.3007 2007.11.11 Trojan:Win32/Tibs.EX NOD32v2 2652 2007.11.11 probably unknown NewHeur_PE virus Norman 5.80.02 2007.11.09 - Panda 9.0.0.4 2007.11.10 - Prevx1 V2 2007.11.11 - Rising 20.17.62.00 2007.11.11 - Sophos 4.23.0 2007.11.11 Mal/Dorf-F Sunbelt 2.2.907.0 2007.11.09 - Symantec 10 2007.11.11 - TheHacker 6.2.9.123 2007.11.10 - VBA32 3.12.2.4 2007.11.08 - VirusBuster 4.3.26:9 2007.11.10 Trojan.Tibs.Gen!Pac.132 Webwasher-Gateway 6.0.1 2007.11.11 Worm.Zhelatin.Gen Extra informatie File size: 7530 bytes MD5: 92403654044a2d9fa918fbc6086458d8 SHA1: feac1fdf3c7b13af47e054b26b50f42f6a730724
  • Dat bestandje kan je verwijderen Arie. Download HostsXpert: http://www.funkytoad.com/download/HostsXpert.zip Unzip het programma, run het, klik op "Restore micorosoft host file", klik op "OK" en sluit het programma af. Zijn er nog problemen?
  • via email krijg je nog een boodschap
  • het automatisch starten van de dvd / cd rom werkt niet meer ook van de kaart lezer wordt niet meer automatisch gestart waar moet ik dit weer herstellen
  • Rechtsklik op de cd/dvd drive en ga naar het tabje automatisch afspelen. Daar kan je de instellingen aanpassen.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.