Vraag & Antwoord

Beveiliging & privacy

Hijack this log

4 antwoorden
  • Ten einde raad ben ik, PC is traag als ik weet niet wat, virusscanner geeft Virtumonde en Vundo aan, zijn er niet af te krijgen.. Register is geblokkeerd, dus daar kan ikook niks in wijzigen. Systeem loopt continue vast. Iemand zin om mijn log door te kijken en te kijken of er op deze manier wat aan te doen is? Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 18:11:00, on 17-2-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Norman\Npm\Bin\eLogsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Documents and Settings\Frank Bibo\Bureaublad\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.partyflock.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {446624E1-B767-4443-AA6E-0F355CAFD21B} - C:\WINDOWS\system32\byxuurq.dll O2 - BHO: (no name) - {6916E8B0-5327-78A9-5312-2C00CBCC8193} - C:\WINDOWS\system32\mxkpdq.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {91A7EA0D-593C-4640-A240-21F96733A52B} - \ O2 - BHO: (no name) - {9863BADA-E821-47B5-91E4-EFB56A17870F} - C:\WINDOWS\system32\ssqrq.dll O2 - BHO: {fa69adde-83e3-76ba-0d74-ee53d73e046e} - {e640e37d-35ee-47d0-ab67-3e38edda96af} - C:\WINDOWS\system32\bugqgvaw.dll (file missing) O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [dcf8786c] rundll32.exe "C:\WINDOWS\system32\weisjcns.dll",b O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: byxuurq - C:\WINDOWS\SYSTEM32\byxuurq.dll O20 - Winlogon Notify: zaadtthn - zaadtthn.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10160 bytes Grt, Frank
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:052482f972] O2 - BHO: (no name) - {446624E1-B767-4443-AA6E-0F355CAFD21B} - C:\WINDOWS\system32\byxuurq.dll O2 - BHO: (no name) - {6916E8B0-5327-78A9-5312-2C00CBCC8193} - C:\WINDOWS\system32\mxkpdq.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {91A7EA0D-593C-4640-A240-21F96733A52B} - \ O2 - BHO: (no name) - {9863BADA-E821-47B5-91E4-EFB56A17870F} - C:\WINDOWS\system32\ssqrq.dll O2 - BHO: {fa69adde-83e3-76ba-0d74-ee53d73e046e} - {e640e37d-35ee-47d0-ab67-3e38edda96af} - C:\WINDOWS\system32\bugqgvaw.dll (file missing) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [dcf8786c] rundll32.exe "C:\WINDOWS\system32\weisjcns.dll",b O20 - Winlogon Notify: byxuurq - C:\WINDOWS\SYSTEM32\byxuurq.dll O20 - Winlogon Notify: zaadtthn - zaadtthn.dll (file missing) [/b:052482f972] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:052482f972]Combofix[/b:052482f972][/url] naar je Bureaublad. Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:052482f972]download Combofix opnieuw[/b:052482f972]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:052482f972] Dubbelklik op [b:052482f972]Combofix.exe[/b:052482f972] Volg de instructies, aanvaard de disclaimer door [b:052482f972]Yes[/b:052482f972] te klikken. Tijdens het runnen van de fix, [b:052482f972]NIET[/b:052482f972] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:052482f972] Wanneer de fix voltooid is en na herstart, zal de log [b:052482f972]combofix.txt[/b:052482f972] openen. [i:052482f972]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:052482f972]
  • Combofix log: [quote:fd92ad637d] ComboFix 08-02-22.3 - Frank Bibo 2008-02-22 19:29:12.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.889 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Frank Bibo\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red:fd92ad637d][b:fd92ad637d]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:fd92ad637d][/color:fd92ad637d] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Common Files\racle~1 C:\Program Files\outlook C:\Program Files\outlook\p.zip C:\Program Files\sks~1 C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\isgTi19 C:\Temp\isgTi19\lPig.log C:\WINDOWS\cookies.ini C:\WINDOWS\system32\cmd.com C:\WINDOWS\system32\dp1 C:\WINDOWS\system32\eisvnegq.ini C:\WINDOWS\system32\feq9 C:\WINDOWS\system32\kzjfforf.dllbox C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\nGpxx07 C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\ping.com C:\WINDOWS\system32\qrqss.ini C:\WINDOWS\system32\qrqss.ini2 C:\WINDOWS\system32\regedit.com C:\WINDOWS\system32\sncjsiew.ini C:\WINDOWS\system32\ssqrq.dll C:\WINDOWS\system32\taskkill.com C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\tracert.com C:\WINDOWS\system32\winlogo.exe C:\WINDOWS\system32\zaadtthn.dllbox . (((((((((((((((((((( Bestanden Gemaakt van 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))) . 2008-02-17 17:05 . 2008-02-17 17:05 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-17 16:56 . 2008-02-17 16:56 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-02-17 16:55 . 2008-02-17 17:35 <DIR> d-------- C:\Program Files\Hitman Pro 2008-02-17 16:08 . 2006-06-21 12:29 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-02-17 16:08 . 2006-06-21 12:36 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-02-17 16:08 . 2006-06-21 14:23 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-02-17 16:08 . 2006-06-21 12:36 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten 2008-02-17 16:08 . 2006-06-21 14:23 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-02-17 16:08 . 2006-06-21 12:36 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten 2008-02-17 16:08 . 2006-06-21 14:23 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-02-17 16:08 . 2006-06-21 13:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2008-02-17 15:35 . 2008-02-22 20:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-17 15:34 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-17 15:34 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-17 15:34 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-17 15:34 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-17 15:33 . 2008-02-17 16:33 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-17 15:33 . 2008-02-17 15:33 <DIR> d-------- C:\Documents and Settings\Frank Bibo\Application Data\PC Tools 2008-02-09 21:07 . 2008-02-09 21:07 8 --a------ C:\WINDOWS\system32\dcf86ae2 2008-02-08 14:21 . 2008-02-08 14:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Menu Start 2008-02-08 13:38 . 2007-09-06 09:45 19,000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-02-08 13:26 . 2008-02-22 20:07 <DIR> d-------- C:\Program Files\Norman 2008-02-08 12:29 . 2008-02-08 12:29 <DIR> d-------- C:\Program Files\ReFX JunoX2 2008-02-06 20:01 . 2008-02-22 19:31 <DIR> d-------- C:\Temp 2008-02-06 20:01 . 2008-02-06 20:01 224,242 --a------ C:\WINDOWS\system32\gh.exe 2008-02-06 20:01 . 2008-02-06 20:01 38,400 --a------ C:\WINDOWS\system32\byxuurq.dll 2008-02-06 20:00 . 2008-02-06 20:00 <DIR> d--hs---- C:\Documents and Settings\Frank Bibo\Complete 2008-02-06 19:51 . 2004-01-23 05:09 952,832 --a------ C:\WINDOWS\system\mmcl70u.dll 2008-02-06 19:41 . 2004-05-13 16:05 964,608 --a------ C:\WINDOWS\system32\mfc70u.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-08 17:20 --------- d-----w C:\Program Files\Electronic Parts Catalogue 2008-02-08 17:20 --------- d-----w C:\Program Files\BitTorrent 2008-02-08 13:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-08 13:14 --------- d-----w C:\Program Files\Symantec 2008-02-08 13:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-02-08 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-08 11:32 --------- d-----w C:\Program Files\LimeWire 2008-02-08 11:29 --------- d-----w C:\Program Files\Steinberg 2008-02-08 11:29 --------- d-----w C:\Program Files\Pro-53 2008-01-21 20:37 --------- d-----w C:\Documents and Settings\Frank Bibo\Application Data\Image Zone Express 2008-01-07 21:28 --------- d-----w C:\Program Files\Winamp 2007-12-22 13:51 --------- d-----w C:\Program Files\Belastingdienst 2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ------w C:\WINDOWS\system32\oleaut32.dll 2007-03-30 17:04 7,807,139 ----a-w C:\Program Files\PlasmaPong.exe 2007-03-13 21:07 19,994,184 ----a-w C:\Documents and Settings\Frank Bibo\QuickTimeInstaller.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{446624E1-B767-4443-AA6E-0F355CAFD21B}] 2008-02-06 20:01 38400 --a------ C:\WINDOWS\system32\byxuurq.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 21:36 1207080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 14:34 16143872 C:\WINDOWS\RTHDCPL.EXE] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056] "PRISMSVR.EXE"="C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe" [2004-07-02 15:27 295001] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376] "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00 385024] "Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ SpeedTouch 121g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [2004-09-23 17:36:28 303104] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{446624E1-B767-4443-AA6E-0F355CAFD21B}"= C:\WINDOWS\system32\byxuurq.dll [2008-02-06 20:01 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuurq] byxuurq.dll 2008-02-06 20:01 38400 C:\WINDOWS\system32\byxuurq.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqrq.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "sdCoreService"=2 (0x2) "sdAuxService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019 "C:\\Documents and Settings\\Frank Bibo\\Local Settings\\Temp\\WZSE0.TMP\\stInstall.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\MSN Messenger\\msncall.exe"= "D:\\driver\\stInstall.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Internet Explorer\\iexplore.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501G.sys [2005-11-16 10:21] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45] R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-22 20:11:17 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Norman\Npm\Bin\eLogsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\Program Files\MSN Messenger\usnsvc.exe . ************************************************************************** . Voltooingstijd: 2008-02-22 20:16:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-22 19:16:40 . 2008-02-18 21:39:45 --- E O F --- [/quote:fd92ad637d] Hijack log: [quote:fd92ad637d] Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:20:53, on 22-2-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\eLogsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Norman\Npm\bin\ZLH.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Frank Bibo\Bureaublad\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.partyflock.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {446624E1-B767-4443-AA6E-0F355CAFD21B} - C:\WINDOWS\system32\byxuurq.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://partyflock.nl/components/ImageUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: byxuurq - C:\WINDOWS\SYSTEM32\byxuurq.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8647 bytes [/quote:fd92ad637d] Hopen dat jullie er wijzer uit worden dan ik.. --edit-- Ik kan mijn register weer in, de pc lijkt wat in snelheid toegenomen en het Vundo ding is nog niet tevoorschijn gekomen. Virtumonde is er nog wel :(
  • Klopt hij is nog niet helemaal weg. Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:7cff401b32][b:7cff401b32][color=blue:7cff401b32] File:: C:\WINDOWS\system32\byxuurq.dll C:\WINDOWS\system32\dcf86ae2 Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{446624E1-B767-4443-AA6E-0F355CAFD21B}] [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{446624E1-B767-4443-AA6E-0F355CAFD21B}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuurq] [HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 [/color:7cff401b32][/b:7cff401b32] [/list:u:7cff401b32]Sla dit op op je Bureaublad als [b:7cff401b32]CFScript.txt[/b:7cff401b32]. Sleep [b:7cff401b32]CFScript.txt[/b:7cff401b32] in [b:7cff401b32]ComboFix.exe[/b:7cff401b32] zoals getoond in onderstaand voorbeeld : [img:7cff401b32]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img:7cff401b32] Dit zal [b:7cff401b32]ComboFix[/b:7cff401b32] doen herstarten. Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van [b:7cff401b32]Combofix.txt[/b:7cff401b32] in je volgende antwoord.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.