Vraag & Antwoord

Beveiliging & privacy

msn-virus

15 antwoorden
  • goeiedag ik heb helaas ook een msn virusje, ondanks dat ik er geen een heb aangeklikt oid. mijn vrienden krijgen af en toe een bericht van me waarin het volgende staat: Wow I finally found a way to lose weight and is inexpensive. Try 5 dollars and I lost 9 pounds in 15 days. Check it out also, I hope it can help you too ik hoop dat iemand iets kan vinden! heb meerdere malen gescand met avg en adaware maar niets te vinden! bij voorbaat dank dennis! hieronder een hjt logje: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 9:55:35, on 23-3-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\chimpie\Documents\dennis\beveiliging\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: *.hyves.nl O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-nl.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228467101907&h=cf9948a44cfaf8cc3af6fac0228a6793/&filename=jinstall-6u11-windows-i586-jc.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10596 bytes
  • Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:0a9de80230]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab[/b:0a9de80230] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:0a9de80230][color=red:0a9de80230]MalwareBytes' Anti-Malware[/color:0a9de80230][/b:0a9de80230][/url] en sla het op je bureaublad op. Dubbelklik op [b:0a9de80230]mbam-setup.exe[/b:0a9de80230] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:0a9de80230] [*:0a9de80230]Update MalwareBytes' Anti-Malware [*:0a9de80230]Start MalwareBytes' Anti-Malware [/list:u:0a9de80230]Klik daarna op "[b:0a9de80230]Voltooien[/b:0a9de80230]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:0a9de80230] [*:0a9de80230]Zodra het programma gestart is, ga dan naar het tabblad "[b:0a9de80230]Instellingen[/b:0a9de80230]". [*:0a9de80230]Vink hier aan: "[b:0a9de80230]Sluit Internet Explorer tijdens verwijdering van malware[/b:0a9de80230]". [*:0a9de80230]Ga daarna naar het tabblad "[b:0a9de80230]Scanner[/b:0a9de80230]", kies hier voor "[b:0a9de80230]Snelle Scan[/b:0a9de80230]". [*:0a9de80230]Druk vervolgens op "[b:0a9de80230]Scannen[/b:0a9de80230]" om de scan te starten. [*:0a9de80230]Het scannen kan een tijdje duren, dus wees geduldig. [*:0a9de80230]Wanneer de scan voltooid is, klik op [b:0a9de80230]OK[/b:0a9de80230], daarna "[b:0a9de80230]Bekijk Resultaten[/b:0a9de80230]" om de resultaten te zien. [*:0a9de80230]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:0a9de80230]Verwijder geselecteerde[/b:0a9de80230]". [*:0a9de80230]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:0a9de80230]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:0a9de80230]Logs[/b:0a9de80230]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis
  • oke onwijs bedankt. heb alles doorlopen, hierbij het resultaat: log malwarebytes: Malwarebytes' Anti-Malware 1.34 Database versie: 1890 Windows 6.0.6001 Service Pack 1 24-3-2009 13:21:16 mbam-log-2009-03-24 (13-21-16).txt Scan type: Snelle Scan Objecten gescand: 63712 Verstreken tijd: 5 minute(s), 13 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 20 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) log hjt: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 13:31:54, on 24-3-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\chimpie\Documents\dennis\beveiliging\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: *.hyves.nl O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-nl.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228467101907&h=cf9948a44cfaf8cc3af6fac0228a6793/&filename=jinstall-6u11-windows-i586-jc.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10537 bytes
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:d285698950][color=blue:d285698950]Combofix[/color:d285698950][/b:d285698950][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:d285698950][color=Red:d285698950]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:d285698950]download Combofix opnieuw[/b:d285698950]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:d285698950][/i:d285698950][list:d285698950][*:d285698950]Dubbelklik op [b:d285698950]Combofix.exe[/b:d285698950] om het te starten. [*:d285698950][i:d285698950]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:d285698950] [*:d285698950]Klik op [b:d285698950]OK[/b:d285698950] in het "NirCmd" venstertje. [*:d285698950]Klik na afloop terug op [b:d285698950]Ja[/b:d285698950] om het scannen op malware te starten. [*:d285698950]Tijdens het runnen van de fix, [b:d285698950]NIET[/b:d285698950] in het venster klikken, want dit zal je pc doen vasthangen. [*:d285698950]Wanneer de fix voltooid is en na herstart, zal de log [b:d285698950]Combofix.txt[/b:d285698950] openen.[/list:u:d285698950]Post dit logje in je volgende antwoord
  • hierbij, ik hoop dat het goed is gegaan, hij gaf wel aan dat er nog iets aan antivirus liep maar dat kreeg ik niet uit, hij gaf wel zelf aan dat combofix door zou gaan.. ComboFix 09-03-23.01 - chimpie 2009-03-24 22:27:31.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1013.343 [GMT 1:00] Gestart vanuit: c:\users\chimpie\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *enabled* * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\x64 . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))) . 2009-03-24 11:54 . 2009-03-24 11:54 <DIR> d-------- c:\users\chimpie\AppData\Roaming\Malwarebytes 2009-03-24 11:54 . 2009-03-24 11:54 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-03-24 11:54 . 2009-03-24 11:54 <DIR> d-------- c:\programdata\Malwarebytes 2009-03-24 11:54 . 2009-03-24 11:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-24 11:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-03-24 11:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-03-20 09:07 . 2009-03-20 09:07 <DIR> d-------- c:\windows\LastGood 2009-03-17 09:50 . 2009-03-17 09:50 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-17 09:50 . 2009-03-17 09:50 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-17 09:50 . 2009-03-17 09:50 <DIR> d-------- c:\program files\iTunes 2009-03-17 09:50 . 2009-03-17 09:50 <DIR> d-------- c:\program files\iPod 2009-03-17 09:50 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2009-03-17 09:50 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2009-03-17 09:48 . 2009-03-17 09:48 <DIR> d-------- c:\program files\QuickTime 2009-03-16 09:57 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-03-16 09:57 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-03-16 09:57 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-03-16 09:57 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-03-16 09:57 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-03-16 09:57 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-03-16 09:56 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-03-16 09:56 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-03-16 09:46 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-03-16 09:46 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-03-16 09:46 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-03-16 09:46 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-03-16 09:46 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-03-12 09:48 . 2009-03-04 11:26 15,688 --a------ c:\windows\System32\lsdelete.exe 2009-03-11 05:19 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-11 05:19 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 05:19 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-11 05:19 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-11 05:19 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-11 05:19 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-05 23:59 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\System32\usbaaplrc.dll 2009-03-05 23:59 . 2009-03-05 23:59 36,864 --a------ c:\windows\System32\drivers\usbaapl.sys 2009-03-04 11:26 . 2009-03-04 11:26 64,160 --a------ c:\windows\System32\drivers\Lbd.sys 2009-03-04 10:59 . 2009-03-04 10:59 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-04 10:59 . 2009-03-04 10:59 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-04 10:37 . 2009-03-24 13:27 <DIR> d-------- c:\users\chimpie\Tracing 2009-03-04 10:36 . 2009-03-04 10:36 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-03-04 10:36 . 2009-03-04 10:36 <DIR> d-------- c:\program files\Microsoft 2009-03-04 10:35 . 2009-03-04 10:36 <DIR> d-------- c:\program files\Windows Live 2009-03-04 10:28 . 2009-03-04 10:28 <DIR> d-------- c:\program files\Common Files\Windows Live . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-17 08:50 --------- d-----w c:\program files\Common Files\Apple 2009-03-16 09:38 --------- d-----w c:\program files\Windows Mail 2009-03-16 08:46 --------- d-----w c:\programdata\Microsoft Help 2009-03-06 15:12 21,256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe 2009-03-05 10:29 16,648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe 2009-03-04 09:58 --------- d-----w c:\program files\Lavasoft 2009-02-27 18:30 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-17 17:26 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-17 17:25 --------- d-----w c:\program files\Hewlett-Packard 2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll 2009-02-04 09:26 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-04 09:26 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2009-02-04 09:26 --------- d-----w c:\programdata\avg8 2009-02-03 20:02 --------- d-----w c:\users\chimpie\AppData\Roaming\Hewlett-Packard 2009-02-03 19:40 --------- d-----w c:\users\chimpie\AppData\Roaming\InstallShield 2009-02-03 19:34 --------- d-----w c:\programdata\Hewlett-Packard 2009-01-30 16:24 14,600 ----a-w c:\windows\Help\OEM\scripts\HC_InstallHPHC.exe 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2008-06-20 11:20 174 --sha-w c:\program files\desktop.ini 2007-05-28 10:46 224 ----a-w c:\users\chimpie\AppData\Roaming\wklnhst.dat 2008-01-20 23:23 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-20 23:23 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-20 23:23 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-11-08 19:56 22 --sha-w c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "LaCie Backup"="c:\program files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 2596864] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-04 515416] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1B8079E3-0B1E-4582-9427-3CDE175F9C3E}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP "{D71F37DC-2720-4078-A46F-EEA2A4508A22}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP "{20F82E45-AB04-482B-B437-D7765756BB71}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{5176FBCB-F6FA-479A-8778-11F9E6051739}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0B19A04F-9D73-44DB-A8F8-EDEFF04E6D3B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{6845A9ED-F858-4ADF-AF7F-19C4FC53FC69}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{64B474D1-E6CE-4425-81E1-192688861706}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{282DFBB6-FC37-41BF-B4F2-FED8D0A1FEAA}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{E62346CC-868E-4D2F-BD65-DEF2CBF30240}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil "{6E731FF4-7095-4F27-B2D5-7350FE2D0C81}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{23A65998-3A27-4217-BC03-851AF49524D5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{6EE39AA6-0788-42BF-B2FF-37256CEA6B38}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{0AA6BF01-FAAE-4CD9-94A2-164D4602CB00}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{BA606E5F-206A-4D54-837F-3679B368B9BE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C3530A5A-EF1C-4DF8-8B80-121A5802CA05}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{B90A30AF-3739-4BEC-96FB-44966B511FFA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F0158878-8215-4FF8-AA53-B9C47491F7C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-04 64160] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-05-27 325128] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-27 298264] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96ff23d8-363a-11dd-aeac-001b2403b819}] \shell\AutoRun\command - G:\ImageTools.exe . Inhoud van de 'Gedeelde Taken' map 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-04 11:26] 2009-03-24 c:\windows\Tasks\User_Feed_Synchronization-{BEC0F0A7-CC2A-4DEE-AFA2-9F2F1E9B5782}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: hyves.nl Trusted Zone: www.nu.nl DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 22:31:53 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-03-24 22:34:10 ComboFix-quarantined-files.txt 2009-03-24 21:34:07 Pre-Run: 61.958.479.872 bytes beschikbaar Post-Run: 62,140,919,808 bytes beschikbaar 203 --- E O F --- 2009-03-16 09:15:56
  • het volgende heb ik overigens NIET gezien: Klik op OK in het "NirCmd" venstertje. Klik na afloop terug op Ja om het scannen op malware te starten. dit is niet gebeurt, hij is direct gaan scannen, er volgde een log.txt en dit heb ik gepost. bvd mvg Dennis!
  • Dat is geen probleem, verder zie ik niks meer in je log zijn er nog problemen?
  • op zich niet, ik weet niet of ik dat virus nog uitzend, alleem mijn email werkt op dit moment even niet ik weet neit of dit tijdelijk is en / of aan orange ligt, en de boel is er niet sneller op geworden, integendeel eigenlijk.. traag is het juiste woord terwijl ik daar eigenlijk geen last van had.. nogmaals bedankt voor de hulp trouwens! Dennis!
  • Dit is mij nog niet overkomen maar de helft van mijn klas wel. 2 computers waren helemaal kapot en moesten opnieuw geinstalleerd worden. De mail wordt automatisch rondgestuurd als je dit virus hebt.
  • Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] [url=http://www.majorgeeks.com/ATF_Cleaner_d4949.html](mirror)[/url](gemaakt door Atribune) Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken. Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad Main, plaats je een vinkje bij Select All. Klik op de knop Empty Selected. Het volgende doen als je ook FireFox als browser hebt: Klik op tabblad Firefox, plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. (dit haalt het vinkje weer weg bij Firefox saved passwords) Klik op de knop Empty Selected. Het volgende doen als je ook Opera als browser hebt: Klik op tabblad Opera, plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No. Klik op de knop Empty Selected. Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.[/list]3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:1818234381]ComboFix /U[/b:1818234381] typen en op enter drukken!!) - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel". - Zet een vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Windows vraagt of je dat zeker weet. - Klik "Ja". - Klik "OK". - Start de pc opnieuw op. - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel. - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?" - Klik "Ja". - Verwijder het vinkje voor "Systeemherstel uitschakelen". - Klik "Toepassen". - Klik "OK". - Start de pc opnieuw op - Er is nu een nieuw schoon herstel punt aangemaakt Het lijkt me onwaarschijnlijk dat je computer trager is geworden omdat je het virus hebt verwijdert. Het kan verbeelding zijn, maar het kan ook zijn dat er iets was wat jouw computer heeft vertraagd ik verzeker je er in iedergeval van dat het niet door mijn instructies komt. Misschien dat je computer sneller gaat na deze laatste instructies.
  • beste helpers, ik heb tot op heden geen melding meer gehad van vrienden die die msn-virusjes van mij ontvingen dus ik heb goede hoop dat het over is. nogmaals hartelijk bedankt allemaal! groeten Dennis!
  • Graag gedaan
  • Jawel, na 2 virusvrije dagen stuur ik wederom van die msn berichtjes door, dit keer over oprah winfrey en afvallen ofzo.. En uiteraard heb ik niets geaccepteerd of aangeklikt. Heb wel enorm problemen gehad met itunes dat elke keer direct vastliep wanneer ik het opende of muziek wilde importeren. Zou er een lek in itunes kunnen zitten oid? Ik word er wel echt helemaal gek van voel me nogal lullig, iedereen krijgt die dingen van mij.. Terwijl ik door jullie er helemaal vanaf was! Hier voor de zekerheid nog maar even een HJT log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:49:12, on 2-4-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\chimpie\Documents\dennis\beveiliging\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=PRESARIO&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.2 .lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: *.hyves.nl O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldnl-nl.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.233.221.236:8081/activex/AMC.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9032 bytes
  • heb overigens inmiddels windows live verwijderd.. nieuw wachtwoord aangemaakt voor account, messenger opnieuw geinstalleerd. msn meldde zich vanzelf weer aan na afmelden, mijn accountnaam wijzigde zomaar. vandaar opnieuw geinstalleerd en nieuw ww.. mvg dennis
  • Logje is schoon. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:daece98ab9][color=blue:daece98ab9]Combofix[/color:daece98ab9][/b:daece98ab9][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:daece98ab9][color=Red:daece98ab9]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:daece98ab9]download Combofix opnieuw[/b:daece98ab9]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:daece98ab9][/i:daece98ab9][list:daece98ab9][*:daece98ab9]Dubbelklik op [b:daece98ab9]Combofix.exe[/b:daece98ab9] om het te starten. [*:daece98ab9][i:daece98ab9]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:daece98ab9] [*:daece98ab9]Klik op [b:daece98ab9]OK[/b:daece98ab9] in het "NirCmd" venstertje. [*:daece98ab9]Klik na afloop terug op [b:daece98ab9]Ja[/b:daece98ab9] om het scannen op malware te starten. [*:daece98ab9]Tijdens het runnen van de fix, [b:daece98ab9]NIET[/b:daece98ab9] in het venster klikken, want dit zal je pc doen vasthangen. [*:daece98ab9]Wanneer de fix voltooid is en na herstart, zal de log [b:daece98ab9]Combofix.txt[/b:daece98ab9] openen.[/list:u:daece98ab9]Post dit logje in je volgende antwoord

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.