Vraag & Antwoord

Beveiliging & privacy

L?ass.exe en extreem trage pc

14 antwoorden
  • Hallo, ik zit met een probleem betreffende extreem trage pc. Het begon met dat er aangegeven werd dat er geen verbinding met het internet gemaakt kon worden. Desondanks stond er rechtsonderin wel dat er een verbinding was. Toen ik die verbinding afsloot begon het. De pc werd met elke keer afsluiten trager tot bijna vastlopen. Verder na opstarten komt Mcfee met de waarschuwing dat l?ass.exe probeert verbinding met internet te maken. Nu is mijn vraag hoe krijg ik de pc weer enigszins werkend. Mede omdat het dus alleen al heel lang duurt om een programma te starten. Zelfs een virusscan in veiligemodus was langzaam. Heeft iemand hier een idee? Ik heb hier gelezen dat er logfiles gemaakt worden met hijackthis, dat heb ik wel op andere pc maar niet op deze. ik ga proberen dat erop te zetten maar aangezien hij langzaam tot bijna vast zit weet ik niet hoe ik dat zou moeten oplossen. bij voorbaat dank.
  • Doet me denken aan de sasser worm. Maar als je windows up to date is, zou die niet meer kunnen. http://en.wikipedia.org/wiki/Sasser_worm
  • Ja maar nu is het de vraag hoe krijg ik die eraf? aangezien de pc heeeeeeeeel langzaam loopt. Ik heb ook het een en ander gelezen van m@rk, die iemand mbv bepaalde programmas ook wat liet verwijderen. Is dat het dan? Over het algemeen red ik mij prima maar dit lukt niet goed. na het opstarten is eigenlijk het enige wat ik zie een zandloper en verder heel enkelt dat ie wat doet. Ik begrijp dat een sasser nog wel wat verbinding houd met het internet en dat ik die verbinding dan nu verbroken heb? Daarna is de pc ook veel trager geworden. IK wil eigenlijk de dell pc niet formateren als het kan.
  • Als marc tools inzet is het aan de hand van een logfile of het moet overduidelijk zijn om wat voor een infectie het gaat. Probeer d.m.v. een usb stick o.i.d. Hijackthis over te zetten naar de Dell en hier een Hijackthis log te maken. Mocht het niet lukken, kan je het altijd nog in veilige modus proberen: http://users.telenet.be/marcvn/spyware/1378056.htm Pim :)
  • oke ga ik proberen. bedankt alvast.
  • Hallo, nou het heeft even geduurt maar ik heb een logfile van mijn computer. Ik heb het wel gedaan in 'veilige modus" ik weet niet of dat invloed heeft op de logfile maar ik krijg het in normale modus nog niet echt voorelkaar aangezien hij dan vastloopt. Ik hoop dat iemand mij kan helpen hiermee. [color=olive:2bf93418c1]Logfile of HijackThis v1.99.1 Scan saved at 20:49:06, on 6-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {44EEF967-19A6-3152-AB3C-6AE339E1AF9E} - C:\WINDOWS\system32\ssi.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {E0F8F841-11D9-6E23-8B5B-3CE676805994} - C:\WINDOWS\system32\koxkxv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Graphic Update] C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\msnmsgs.exe O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\system32\firewall.exe O4 - HKLM\..\Run: [Music] C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\~`}=vkv O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe O4 - HKCU\..\Run: [Swrm] "C:\DOCUME~1\ALBERT~1\MIJNDO~1\YSTEM~1\svchost.exe" -vt yazb O4 - HKCU\..\Run: [Eszay] "C:\Program Files\Common Files\?dobe\w?aclt.exe" 99001122 O4 - HKCU\..\Run: [Widsj] "C:\Program Files\Common Files\??sembly\s?rvices.exe" O4 - HKCU\..\Run: [Qitstadd] C:\WINDOWS\system32\F?nts\l?ass.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?c7461e45378b41f4bbed4551bad63911 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?c7461e45378b41f4bbed4551bad63911 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001411 (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe[/color:2bf93418c1]
  • Voer stap 2 uit in veilige modus zoals beschreven. Stap 3 liefst in normale modus, indien dit niet lukt, laat hem in veilige modus draaien. Daarna Hijackthislog maken in normale modus, mocht dit niet lukken, doe het dan in veilige modus. 1. Je gebruikt een oude versie van Hijackthis. Verwijder deze en gebruik vanaf nu de nieuwe: http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe 2. Download [url=http://downloads.andymanchesta.com/RemovalTools/SDFix.zip]SDFix[/url] naar je [b:047c04fd73]Bureaublad[/b:047c04fd73]. Dubbelklik om te openen, selecteer alle bestanden en pak ze uit naar een eigen map met de naam [u:047c04fd73]SDFix[/u:047c04fd73]. Start je computer op in [url=http://users.telenet.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Open de map SDfix en dubbelklik op [b:047c04fd73]runthis.bat[/b:047c04fd73] om de tool te starten. Computer laten herstarten wanneer dit gevraagd wordt. SDfix loopt verder en opent na afloop een rapportje! Post dit rapport in je volgende antwoord. 3. Download [b:047c04fd73][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url][/b:047c04fd73] naar je [b:047c04fd73]bureaublad[/b:047c04fd73] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:047c04fd73]download Combofix opnieuw[/b:047c04fd73]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:047c04fd73]combofix.exe[/u:047c04fd73] Kies voor "Continue" door [b:047c04fd73]1[/b:047c04fd73] te typen gevolgd door [b:047c04fd73]ENTER[/b:047c04fd73]. Tijdens het runnen van de fix, [b:047c04fd73]NIET[/b:047c04fd73] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:047c04fd73]combofix.txt[/b:047c04fd73] openen. [i:047c04fd73]Plaats in je volgende antwoord het logje van combofix ([i]combofix.txt[/i:047c04fd73]) tesamen met een vers Hijackthis log en het logje van SDfix.[/i] Succes! Pim :D
  • Bedankt pim voor de informatie tot zover. Ik heb alles uitgevoerd en hier komen de logfiles: [color=olive:2937f0a931]Logfile SDFIX SDFix: Version 1.117 Run by Albert Microsoft Windows XP [versie 5.1.2600] Running From: C:\sdfix\SDFix Safe Mode: Checking Services: Name: COM+ Messages runtime COM+ Messages runtime Path: COM+ Messages - Deleted runtime - Deleted COM+ Messages - Deleted runtime - Deleted Infected ip6fw.sys Found! ip6fw.sys File Locations: "C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 04-08-2004 12:00 "C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 04-08-2004 12:00 Infected File Listed Below: C:\WINDOWS\system32\drivers\ip6fw.sys Trojan File copied to Backups Folder Attempting to replace ip6fw.sys with original version... Original ip6fw.sys Restored Infected ip6fw.sys Found! ip6fw.sys File Locations: "C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 04-08-2004 12:00 "C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 04-08-2004 12:00 "C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 04-08-2004 12:00 "C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 04-08-2004 12:00 Infected File Listed Below: C:\WINDOWS\system32\drivers\ip6fw.sys Trojan File copied to Backups Folder Attempting to replace ip6fw.sys with original version... Original ip6fw.sys Restored Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Service ini910p - Deleted after Reboot Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\.exe - Deleted C:\BMKFT.EXE - Deleted C:\HCQNFIN.EXE - Deleted C:\HNAWJXOS.EXE - Deleted C:\ITAMBWYL.EXE - Deleted C:\UKSDWNC.EXE - Deleted C:\DOCUME~1\ALBERT~1\PAQGEE.EXE - Deleted C:\WINDOWS\system32\.exe - Deleted C:\BMKFT.EXE - Deleted C:\HCQNFIN.EXE - Deleted C:\HNAWJXOS.EXE - Deleted C:\ITAMBWYL.EXE - Deleted C:\UKSDWNC.EXE - Deleted C:\DOCUME~1\ALBERT~1\PAQGEE.EXE - Deleted C:\DOCUME~1\ALBERT~1\PAQGEE.EXE - Deleted C:\DOCUME~1\ALBERT~1\PAQGEE.EXE - Deleted C:\Program Files\Ipwindows\pop154.tmp - Deleted C:\Program Files\Ipwindows\pop1E6.tmp - Deleted C:\Program Files\Ipwindows\pop39.tmp - Deleted C:\Program Files\Ipwindows\pop4C.tmp - Deleted C:\Program Files\Ipwindows\pop83.tmp - Deleted C:\Program Files\Ipwindows\pop9E.tmp - Deleted C:\Program Files\Ipwindows\popAB.tmp - Deleted C:\Program Files\Ipwindows\popBD.tmp - Deleted C:\Program Files\Ipwindows\popFC.tmp - Deleted C:\Program Files\Ipwindows\Uninst.exe - Deleted C:\spbot.log.txt - Deleted C:\WINDOWS\system32\.exe - Deleted C:\WINDOWS\system32\1_exception.nls - Deleted C:\WINDOWS\system32\firewall.exe - Deleted C:\WINDOWS\system32\unsvchosts.lzma - Deleted C:\WINDOWS\system32\drivers\ini910p.sys - Deleted Could Not Remove C:\WINDOWS\Temp\startdrv.exe Folder C:\Program Files\Ipwindows - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 12:38:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ctl_w32.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ctl_w32.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ctl_w32] "ImagePath"="\SystemRoot\system32\drivers\ctl_w32.sys" "Type"=dword:00000001 "ErrorControl"=dword:00000001 "Start"=dword:00000001 "DependOnGroup"="File System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT] "EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll" "CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s0"=dword:0be0dd42 "s1"=dword:3faeca73 "s2"=dword:d88a5c56 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:28,58,1c,1a,46,6c,fa,38,07,13,b5,21,fe,93,a2,9d,57,c8,55,70,ff,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000001 "khjeh"=hex:f1,06,25,7c,94,bf,32,50,9d,b9,dc,c1,e1,cd,4a,3f,4c,60,70,9d,5b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ed,15,3e,e5,ba,b8,b2,fe,65,93,6b,41,7b,38,77,53,13,.. "khjeh"=hex:c5,62,74,68,0b,26,42,fa,fb,b0,31,6a,b8,a3,ed,56,be,21,be,cd,bb,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:c8,dc,90,82,29,df,64,09,a9,77,f0,17,e9,83,43,a9,d4,d8,2f,86,44,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\ctl_w32.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\ctl_w32.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ctl_w32] "ImagePath"="\SystemRoot\system32\drivers\ctl_w32.sys" "Type"=dword:00000001 "ErrorControl"=dword:00000001 "Start"=dword:00000001 "DependOnGroup"="File System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:28,58,1c,1a,46,6c,fa,38,07,13,b5,21,fe,93,a2,9d,57,c8,55,70,ff,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000001 "khjeh"=hex:f1,06,25,7c,94,bf,32,50,9d,b9,dc,c1,e1,cd,4a,3f,4c,60,70,9d,5b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ed,15,3e,e5,ba,b8,b2,fe,65,93,6b,41,7b,38,77,53,13,.. "khjeh"=hex:c5,62,74,68,0b,26,42,fa,fb,b0,31,6a,b8,a3,ed,56,be,21,be,cd,bb,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:c8,dc,90,82,29,df,64,09,a9,77,f0,17,e9,83,43,a9,d4,d8,2f,86,44,.. scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\ctl_w32.sys 34816 bytes executable C:\Documents and Settings\Albert&Coby\Local Settings\Application Data\Microsoft\Messenger\rob_vansleen@hotmail.com\SharingMetadata\marjoleiin.xx@hotmail.com\DFSR\Staging\CS{350255FE-597D-7030-4053-7098DC008929}\01\10-{350255FE-597D-7030-4053-7098DC008929}-v1-{449C51E4-FD03-4060-93AD-9B863EFF41AD}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 1 hidden files: 2 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\DOCUME~1\\ALBERT~1\\LOCALS~1\\Temp\\msnmsgs.exe"="C:\\DOCUME~1\\ALBERT~1\\LOCALS~1\\Temp\\msnmsgs.exe:*:Enabled:Graphic Update" "C:\\DOCUME~1\\ALBERT~1\\LOCALS~1\\Temp\\~`}=vkv"="C:\\DOCUME~1\\ALBERT~1\\LOCALS~1\\Temp\\~`}=vkv:*:Enabled:Music" "C:\\WINDOWS\\system32\\firewall.exe"="C:\\WINDOWS\\system32\\firewall.exe:*:Disabled:firewall" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- C:\WINDOWS\Temp\startdrv.exe Found File Backups: - C:\sdfix\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 11 Jul 2007 5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe" Sat 24 Nov 2007 104 ..SHR --- "C:\WINDOWS\system32\D797469022.sys" Sat 24 Nov 2007 5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Mon 1 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 1 Nov 2007 230,400 ..SHR --- "C:\WINDOWS\system32\F?nts\l?ass.exe" Tue 3 Jan 2006 26,624 A..H. --- "C:\Documents and Settings\Albert&Coby\Mijn documenten\Prijslijsten\~WRL0004.tmp" Wed 27 Dec 2006 70,144 ..SHR --- "C:\Documents and Settings\Albert&Coby\Mijn documenten\?ystem\svchost.exe" Sun 20 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6ffbed0407a315e9775fdcc40c4385ad\BITE.tmp" Mon 1 May 2006 4,348 A..H. --- "C:\Documents and Settings\Albert&Coby\Mijn documenten\Mijn muziek\Back-up van licentie\drmv1key.bak" Tue 26 Dec 2006 20 A..H. --- "C:\Documents and Settings\Albert&Coby\Mijn documenten\Mijn muziek\Back-up van licentie\drmv1lic.bak" Sun 15 Oct 2006 400 A.SH. --- "C:\Documents and Settings\Albert&Coby\Mijn documenten\Mijn muziek\Back-up van licentie\drmv2key.bak" Sun 13 Jun 2004 4,348 A..H. --- "C:\Documents and Settings\Albert&Coby\Mijn documenten\Mijn muziek\License Backup\drmv1key.bak" Thu 5 Jan 2006 20 A..H. --- "C:\Documents and Settings\Albert&Coby\Mijn documenten\Mijn muziek\License Backup\drmv1lic.bak" Thu 15 Sep 2005 488 A.SH. --- "C:\Documents and Settings\Albert&Coby\Mijn documenten\Mijn muziek\License Backup\drmv2key.bak" Finished! [/color:2937f0a931] [size=18:2937f0a931][color=darkblue:2937f0a931]Daarna de Combofix gedraaid:[/color:2937f0a931][/size:2937f0a931] ComboFix 07-12-07.3 - Albert&Coby 2007-12-09 12:57:20.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.372 [GMT 0:00] Gestart vanuit: C:\Documents and Settings\Albert&Coby\Mijn documenten\dump\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Albert&Coby\Application Data\ASEMBL~1 C:\Documents and Settings\Albert&Coby\Application Data\CROSOF~1.NET C:\Documents and Settings\Albert&Coby\Application Data\CURITY~1 C:\Documents and Settings\Albert&Coby\Application Data\MANTEC~1 C:\Documents and Settings\Albert&Coby\Application Data\PPPATC~1 C:\Documents and Settings\Albert&Coby\Application Data\RACLE~1 C:\Documents and Settings\Albert&Coby\Application Data\SCURIT~1 C:\Documents and Settings\Albert&Coby\Application Data\SEMBLY~1 C:\Documents and Settings\Albert&Coby\Application Data\SKS~1 C:\Documents and Settings\Albert&Coby\Application Data\SSEMBL~1 C:\Documents and Settings\Albert&Coby\Application Data\WNSXS~1 C:\Documents and Settings\Albert&Coby\Menu Start\Programma's\Outerinfo C:\Documents and Settings\Albert&Coby\Menu Start\Programma's\Outerinfo\Terms.lnk C:\Documents and Settings\Albert&Coby\Menu Start\Programma's\Outerinfo\Uninstall.lnk C:\Documents and Settings\Albert&Coby\Mijn documenten\ASEMBL~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\ASKS~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\CROSOF~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\DOBE~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\DOBE~2 C:\Documents and Settings\Albert&Coby\Mijn documenten\ICROSO~1.NET C:\Documents and Settings\Albert&Coby\Mijn documenten\MANTEC~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\MCROSO~1.NET C:\Documents and Settings\Albert&Coby\Mijn documenten\PPPATC~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\RACLE~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\SMBOLS~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\SSEMBL~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\WNSXS~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\YMANTE~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\YSTEM~1 C:\Documents and Settings\Albert&Coby\Mijn documenten\YSTEM~1\?ystem\ C:\Documents and Settings\Albert&Coby\Mijn documenten\YSTEM~1\svchost.exe C:\Program Files\asks~1 C:\Program Files\Common Files\{3015A~1 C:\Program Files\Common Files\{3015A~2 C:\Program Files\Common Files\{3015A~2\toolbardll.lzma C:\Program Files\Common Files\{3015A~2\UnInstall.exe C:\Program Files\Common Files\{F015A~1 C:\Program Files\Common Files\{F015A~2 C:\Program Files\Common Files\{F015A~3 C:\Program Files\Common Files\curity~1 C:\Program Files\Common Files\dobe~1 C:\Program Files\Common Files\dobe~2 C:\Program Files\Common Files\ecurit~1 C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\icroso~1 C:\Program Files\Common Files\sembly~1 C:\Program Files\Common Files\smbols~1 C:\Program Files\Common Files\stem32~1 C:\Program Files\Common Files\uninstall information C:\Program Files\crosof~1 C:\Program Files\dobe~1 C:\Program Files\ecurit~1 C:\Program Files\ipwins C:\Program Files\ipwins\pop1C.tmp C:\Program Files\ipwins\pop24E.tmp C:\Program Files\ipwins\pop3B9.tmp C:\Program Files\ipwins\pop43.tmp C:\Program Files\ipwins\Uninst.exe C:\Program Files\mantec~1 C:\Program Files\mcroso~1 C:\Program Files\mcroso~1.net C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\OiUninstaller.exe C:\Program Files\outerinfo\outerinfo.ico C:\Program Files\outerinfo\Terms.rtf C:\Program Files\pedevice C:\Program Files\pedevice\communication.xml C:\Program Files\pedevice\Domain.Watchlist.txt C:\Program Files\pedevice\Downloader.exe C:\Program Files\pedevice\pae-options.xml C:\Program Files\pedevice\pae_url.xml C:\Program Files\pedevice\PeDev.dll C:\Program Files\pedevice\PeDev.exe C:\Program Files\pedevice\pedevPS.dll C:\Program Files\pedevice\Preparation.dll C:\Program Files\pedevice\search.watchlist.txt C:\Program Files\pedevice\statistic.xml C:\Program Files\pedevice\tmp\tmp.html C:\Program Files\pedevice\watchlist.xml C:\Program Files\racle~1 C:\Program Files\sks~1 C:\Program Files\sks~2 C:\Program Files\sstem3~1 C:\Program Files\stem32~1 C:\Program Files\tsks~1 C:\Program Files\wnsxs~1 C:\Program Files\ymante~1 C:\Program Files\ymbols~1 C:\WINDOWS\asembl~1 C:\WINDOWS\asks~1 C:\WINDOWS\dobe~1 C:\WINDOWS\fnts~1 C:\WINDOWS\fnts~2 C:\WINDOWS\icroso~1 C:\WINDOWS\icroso~1.net C:\WINDOWS\mantec~1 C:\WINDOWS\racle~1 C:\WINDOWS\racle~2 C:\WINDOWS\smbols~1 C:\WINDOWS\sstem~1 C:\WINDOWS\sstem3~1 C:\WINDOWS\stem32~1 C:\WINDOWS\system32\asks~1 C:\WINDOWS\system32\dobe~1 C:\WINDOWS\system32\drivers\ctl_w32.sys C:\WINDOWS\system32\fnts~1 C:\WINDOWS\system32\fnts~1\l?ass.exe C:\WINDOWS\system32\icroso~1 C:\WINDOWS\system32\icroso~1.net C:\WINDOWS\system32\koxkxv.dll C:\WINDOWS\system32\mantec~1 C:\WINDOWS\system32\ppatch~1 C:\WINDOWS\system32\sembly~1 C:\WINDOWS\system32\stem32~1 C:\WINDOWS\system32\wapiicomsv32.exe C:\WINDOWS\system32\wapisvtr.exe C:\WINDOWS\system32\ystem~1 C:\WINDOWS\ymante~1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CTL_W32 -------\LEGACY_RUNTIME (((((((((((((((((((( Bestanden Gemaakt van 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))) . 2007-12-09 13:11 . 2007-12-09 13:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-09 13:11 . 2007-12-09 13:11 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-09 12:03 . 2007-12-09 12:03 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-06 19:04 . 2007-12-06 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2007-12-06 19:04 . <DIR> C:\Documents and Settings\Albert2007-12-06 19:04 <DIR> Coby\Application Data\iolo 2007-12-06 19:00 . 2007-12-06 19:04 <DIR> d-------- C:\Nieuwe map 2007-12-01 18:14 . 2007-12-01 18:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-06 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2007-12-06 19:18 --------- d-----w C:\Documents and Settings\Albert&Coby\Application Data\OpenOffice.org2 2007-12-06 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-06 19:04 --------- d-----w C:\Documents and Settings\Albert&Coby\Application Data\iolo 2007-12-04 23:09 --------- d-----w C:\Program Files\Hitman Pro 2007-12-04 23:09 --------- d-----w C:\Documents and Settings\Albert&Coby\Application Data\Lavasoft 2007-12-04 22:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-30 21:32 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-11 17:49 --------- d-----w C:\Documents and Settings\Albert&Coby\Application Data\AdobeUM 2007-11-08 15:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AdobeUM 2007-10-31 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-31 19:58 --------- d-----w C:\Program Files\SAMSUNG 2007-10-16 20:50 --------- d-----w C:\Program Files\LimeWire 2007-06-19 17:30 36,320 -c--a-w C:\Documents and Settings\Albert&Coby\Application Data\GDIPFONTCACHEV1.DAT 2006-06-28 13:20 34,344 -c--a-w C:\Documents and Settings\Mart\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44EEF967-19A6-3152-AB3C-6AE339E1AF9E}] C:\WINDOWS\system32\ssi.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Swrm"="C:\DOCUME~1\ALBERT~1\MIJNDO~1\YSTEM~1\svchost.exe" [] "Eszay"="C:\Program Files\Common Files\?dobe\w?aclt.exe" [] "Widsj"="C:\Program Files\Common Files\??sembly\s?rvices.exe" [] "Qitstadd"="C:\WINDOWS\system32\F?nts\l?ass.exe" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 11:06] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 14:05] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 23:15] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00] C:\Documents and Settings\Albert&Coby\Menu Start\Programma's\Opstarten\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] S1 ctl_w32;ctl_w32;C:\WINDOWS\system32\drivers\ctl_w32.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\autorun.exe . Inhoud van de 'Gedeelde Taken' map "2007-11-28 11:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-08 17:00:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 13:11:18 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-12-09 13:12:40 - machine was rebooted . --- E O F --- [size=18:2937f0a931]En daarna nog een keer Hijackthis:[/size:2937f0a931] [color=olive:2937f0a931]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:14:05, on 9-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Albert&Coby\Mijn documenten\dump\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {44EEF967-19A6-3152-AB3C-6AE339E1AF9E} - C:\WINDOWS\system32\ssi.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [Swrm] "C:\DOCUME~1\ALBERT~1\MIJNDO~1\YSTEM~1\svchost.exe" -vt yazb O4 - HKCU\..\Run: [Eszay] "C:\Program Files\Common Files\?dobe\w?aclt.exe" 99001122 O4 - HKCU\..\Run: [Widsj] "C:\Program Files\Common Files\??sembly\s?rvices.exe" O4 - HKCU\..\Run: [Qitstadd] C:\WINDOWS\system32\F?nts\l?ass.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?c7461e45378b41f4bbed4551bad63911 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?c7461e45378b41f4bbed4551bad63911 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7843 bytes[/color:2937f0a931] Ik hoop dat het zo goedgegaan is en hoor graag weer van jullie
  • 1. Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit. - Start Spybot - Ga naar Mode > selecteer Advanced Mode - Ga naar Tools en klik op het Resident-icoon in de lijst - Haal het vinkje weg bij Resident TeaTimer en klik OK - Herstart de computer - Download vervolgens [url=http://downloads.subratam.org/ResetTeaTimer.bat]ResetTeaTimer.bat[/url] naar je Bureaublad. Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen. 2.Start Hijackthis, kies voor [i:f0f79c6ea5]'Do a system scan only'[/i:f0f79c6ea5] en vink onderstaande regels aan: [b:f0f79c6ea5] O2 - BHO: (no name) - {44EEF967-19A6-3152-AB3C-6AE339E1AF9E} - C:\WINDOWS\system32\ssi.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [Swrm] "C:\DOCUME~1\ALBERT~1\MIJNDO~1\YSTEM~1\svchost.exe" -vt yazb O4 - HKCU\..\Run: [Eszay] "C:\Program Files\Common Files\?dobe\w?aclt.exe" 99001122 O4 - HKCU\..\Run: [Widsj] "C:\Program Files\Common Files\??sembly\s?rvices.exe" O4 - HKCU\..\Run: [Qitstadd] C:\WINDOWS\system32\F?nts\l?ass.exe [/b:f0f79c6ea5] Sluit nu [u:f0f79c6ea5]alle[/u:f0f79c6ea5] openstaande vensters, behalve Hijackthis en klik op [b:f0f79c6ea5]Fix Checked[/b:f0f79c6ea5]. 3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:f0f79c6ea5] Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44EEF967-19A6-3152-AB3C-6AE339E1AF9E}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Swrm"=- "Eszay"=- "Widsj"=- "Qitstadd"=- Driver:: ctl_w32 [/b:f0f79c6ea5] Sla dit op op je Bureaublad als [b:f0f79c6ea5]CFScript.txt[/b:f0f79c6ea5] Sleep [b:f0f79c6ea5]CFScript.txt[/b:f0f79c6ea5] in [b:f0f79c6ea5]ComboFix.exe[/b:f0f79c6ea5] zoals getoond in onderstaand voorbeeld : [img:f0f79c6ea5]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:f0f79c6ea5] Dit zal [b:f0f79c6ea5]ComboFix[/b:f0f79c6ea5] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:f0f79c6ea5]Combofix.txt[/b:f0f79c6ea5] in je volgende antwoord samen met een nieuw HijackThislogje.
  • Hierbij weer een bericht van mij, alles uitgevoerd zoals beschreven en hieronder de 2 logfiles: [b:c162c20ea8][size=18:c162c20ea8]Combofix:[/size:c162c20ea8] [/b:c162c20ea8] [color=olive:c162c20ea8]ComboFix 07-12-07.3 - Albert&Coby 2007-12-10 20:40:05.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.276 [GMT 0:00] Gestart vanuit: C:\Documents and Settings\Albert&Coby\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Albert&Coby\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))) . 2007-12-09 13:11 . 2007-12-10 20:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-09 13:11 . 2007-12-09 13:11 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-09 12:03 . 2007-12-09 12:03 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-06 19:04 . 2007-12-06 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2007-12-06 19:04 . <DIR> C:\Documents and Settings\Albert2007-12-06 19:04 <DIR> Coby\Application Data\iolo 2007-12-06 19:00 . 2007-12-06 19:04 <DIR> d-------- C:\Nieuwe map 2007-12-01 18:14 . 2007-12-01 18:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-10 20:19 --------- d-----w C:\Documents and Settings\Albert&Coby\Application Data\OpenOffice.org2 2007-12-06 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2007-12-06 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-06 19:04 --------- d-----w C:\Documents and Settings\Albert&Coby\Application Data\iolo 2007-12-04 23:09 --------- d-----w C:\Program Files\Hitman Pro 2007-12-04 23:09 --------- d-----w C:\Documents and Settings\Albert&Coby\Application Data\Lavasoft 2007-12-04 22:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-30 21:32 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-11 17:49 --------- d-----w C:\Documents and Settings\Albert&Coby\Application Data\AdobeUM 2007-11-08 15:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AdobeUM 2007-10-31 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-31 19:58 --------- d-----w C:\Program Files\SAMSUNG 2007-10-16 20:50 --------- d-----w C:\Program Files\LimeWire 2007-06-19 17:30 36,320 -c--a-w C:\Documents and Settings\Albert&Coby\Application Data\GDIPFONTCACHEV1.DAT 2006-06-28 13:20 34,344 -c--a-w C:\Documents and Settings\Mart\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 11:06] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 14:05] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 23:15] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00] C:\Documents and Settings\Albert&Coby\Menu Start\Programma's\Opstarten\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\autorun.exe . Inhoud van de 'Gedeelde Taken' map "2007-11-28 11:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-09 21:00:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-10 20:44:18 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-12-10 20:45:46 - machine was rebooted C:\ComboFix2.txt ... 2007-12-09 13:12 . --- E O F ---[/color:c162c20ea8] [size=18:c162c20ea8]En de Hijacklogfile:[/size:c162c20ea8] [color=olive:c162c20ea8]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:48:12, on 10-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Albert&Coby\Mijn documenten\dump\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?c7461e45378b41f4bbed4551bad63911 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?c7461e45378b41f4bbed4551bad63911 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7154 bytes [size=12:c162c20ea8][/size:c162c20ea8][/color:c162c20ea8] Ik hoor graag van u alvast bedankt.
  • Ga naar start --> uitvoeren en typ daar: [b:4efae95611]Combofix /u[/b:4efae95611] Dit zal Combofix doen verwijderen en er wordt een nieuw systeemherstelpunt aangemaakt. Verwijder onderstaande map: C:\[b:4efae95611]SDfix[/b:4efae95611] Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner ( van Atribune)[/url] Dubbelklik op [b:4efae95611]ATF cleaner[/b:4efae95611] om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch. Klik op de knop Empty Selected. Gebruik je ook [b:4efae95611]Firefox[/b:4efae95611] als browser: Klik op tabblad "Firefox", plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit verwijdert het vinkje bij "Firefox saved passwords") Klik op de knop Empty Selected. Gebruik je ook [b:4efae95611]Opera[/b:4efae95611] als browser: Klik op tabblad "Opera", plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop Empty Selected. Ga naar het tabblad "Main" en klik op de knop [b:4efae95611]Exit[/b:4efae95611] om het programma af te sluiten. Hoe is het inmiddels met je problemen? Pim :)
  • Hallo, de computer loopt in iedergeval weer op behoorlijke snelheid. Alleen moet ik nog proberen hem weer op internet te krijgen via @home. Daar is alles mee begonnen. Ik heb de laatste dingen ook uitgevoerd en de computer voorzien van een goede virusscanner en windows defender (dacht dat dat wel genoeg is). Ik wil jou pim bedanken voor de hulp erg prettig dat er altijd mensen zijn die in nood willen helpen. bedankt. Tot dusver heb ik mij altijd gered met computers maar dit ging mij boven de pet... (gelukkig heb ik meer verstand van landbouwminiaturen ;-) ) gr.Willem www.landbouwminiaturen.info
  • Graag gedaan hoor Willem :wink: Mocht je niet uit je internet probleem raken, kun je die altijd elders voorleggen op het forum. :wink: Misschien kan je dit ook nog eens doorlezen, nog wat beveiligingstips: http://users.telenet.be/marcvn/spyware/1564073.htm Pim :)
  • Ga ik doen, bedankt.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.