Vraag & Antwoord

Beveiliging & privacy

melding van een worm

15 antwoorden
  • kreg bij het proberen invullen van een antwoord een melding van een worm hierbij een hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:07:38, on 10-5-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTClient.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AnalogX\SimpleServer\WWW\http.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Exif Initializer Ver.1.0] C:\Program Files\FUJIFILM\Exif Initializer Ver.1.0\EXIFINIT.EXE O4 - HKLM\..\Run: [\\HELENA\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P32 "\\HELENA\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1 O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE -- End of file - 10303 bytes
  • Alweer ? 1) Zet [color=green:c32cf3e6d8]TeaTimer[/color:c32cf3e6d8] van Spybot even uit tijdens de fix want hij kan veranderingen in de weg staan. - Start Spybot S&D - Ga naar het Mode menu en selecteer "Advanced Mode" - Aan de linkerkant, kies "Tools"kies [b:c32cf3e6d8]"Tools"[/b:c32cf3e6d8] (of gereedschap ) en klik op > [b:c32cf3e6d8]Resident[/b:c32cf3e6d8] - Uitvinken [color=green:c32cf3e6d8]"Resident TeaTimer[/color:c32cf3e6d8]" en en sluit Spybot S&D. - Herstart de computer. 2) Download het volgende naar je bureaublad:[url=http://home.hetnet.nl/~stefsmeenk/ResetTeaTimer.exe] ResetTeaTimer.exe[/url] Dubbelklik daarna op ResetTeaTimer.exe Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via TeaTimer terug resetten. Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:c32cf3e6d8] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [/b:c32cf3e6d8] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:c32cf3e6d8][color=red:c32cf3e6d8]MalwareBytes' Anti-Malware[/color:c32cf3e6d8][/b:c32cf3e6d8][/url] en sla het op je bureaublad op. Dubbelklik op [b:c32cf3e6d8]mbam-setup.exe[/b:c32cf3e6d8] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:c32cf3e6d8] [*:c32cf3e6d8]Update MalwareBytes' Anti-Malware [*:c32cf3e6d8]Start MalwareBytes' Anti-Malware [/list:u:c32cf3e6d8]Klik daarna op "[b:c32cf3e6d8]Voltooien[/b:c32cf3e6d8]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:c32cf3e6d8] [*:c32cf3e6d8]Zodra het programma gestart is, ga dan naar het tabblad "[b:c32cf3e6d8]Instellingen[/b:c32cf3e6d8]". [*:c32cf3e6d8]Vink hier aan: "[b:c32cf3e6d8]Sluit Internet Explorer tijdens verwijdering van malware[/b:c32cf3e6d8]". [*:c32cf3e6d8]Ga daarna naar het tabblad "[b:c32cf3e6d8]Scanner[/b:c32cf3e6d8]", kies hier voor "[b:c32cf3e6d8]Snelle Scan[/b:c32cf3e6d8]". [*:c32cf3e6d8]Druk vervolgens op "[b:c32cf3e6d8]Scannen[/b:c32cf3e6d8]" om de scan te starten. [*:c32cf3e6d8]Het scannen kan een tijdje duren, dus wees geduldig. [*:c32cf3e6d8]Wanneer de scan voltooid is, klik op [b:c32cf3e6d8]OK[/b:c32cf3e6d8], daarna "[b:c32cf3e6d8]Bekijk Resultaten[/b:c32cf3e6d8]" om de resultaten te zien. [*:c32cf3e6d8]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:c32cf3e6d8]Verwijder geselecteerde[/b:c32cf3e6d8]". [*:c32cf3e6d8]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:c32cf3e6d8]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:c32cf3e6d8]Logs[/b:c32cf3e6d8]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis.
  • deze is van mijn eigen computer wilde ergens een post plaatsen en toen was de melding van de worm ik ga nu (vanavond) op vakantie zal dit alles doen op de 20 mei (eerst een nieuwe log zonder veranderingen) hierna pas een log met veranderingen je ziet wel een post op de 20e gr arie
  • Geniet van je vakantie en sjouw niet teveel !! :wink:
  • ga er mee bezig
  • komen de delen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:37:02, on 20-5-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\WINDOWS\system32\WTClient.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AnalogX\SimpleServer\WWW\http.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Arie\Mijn documenten\download\HiJackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [\\HELENA\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P14 "\\HELENA\EPSON" /O14 "\\HELENA\EPSON" /M "Stylus D88" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [PdxRegCl] "C:\Program Files\Paradox\Programs\PdxRegCl.exe" /s /c O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Exif Initializer Ver.1.0] C:\Program Files\FUJIFILM\Exif Initializer Ver.1.0\EXIFINIT.EXE O4 - HKLM\..\Run: [\\HELENA\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P32 "\\HELENA\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: SimpleServer.WWW.lnk = C:\Program Files\AnalogX\SimpleServer\WWW\http.exe O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aadebraal.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.172.162.99:8080//activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://braalde.spaces.live.com/PhotoUpload/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B81CF520-A2A6-4F7A-887D-7F0A61225C90}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF3B365-2CFD-45DF-BDC2-98F871015220}: NameServer = 192.168.2.1 O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE -- End of file - 10477 bytes Malwarebytes' Anti-Malware 1.36 Database versie: 2156 Windows 5.1.2600 Service Pack 3 20-5-2009 8:22:59 mbam-log-2009-05-20 (08-22-59).txt Scan type: Snelle Scan Objecten gescand: 119872 Verstreken tijd: 27 minute(s), 5 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\Interface\{abcdecef-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{abcdece2-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abcdecf0-4b15-11d1-abed-709549c10000} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden)
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank is een instelling van mij
  • de fake is deleted, hoe gaat het nu ( en hoe was de vakantie ? )
  • hij lijkt zijn snelheid terug te hebben was even bij hetzelfde forum op mijn vrouw computer bezig en kreeg via een onzekere site een melding van een invoeg toepassing (welke er nidet hoort) heb de ie afgesloten, maar de computer gaat traag bij haar toch weer een hjt voor de zekerheid maken op de hare
  • Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:5451bc7fa5][color=blue:5451bc7fa5]Combofix[/color:5451bc7fa5][/b:5451bc7fa5][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:5451bc7fa5][color=Red:5451bc7fa5]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:5451bc7fa5]download Combofix opnieuw[/b:5451bc7fa5]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:5451bc7fa5][/i:5451bc7fa5][list:5451bc7fa5][*:5451bc7fa5]Dubbelklik op [b:5451bc7fa5]Combofix.exe[/b:5451bc7fa5] om het te starten. [*:5451bc7fa5][i:5451bc7fa5]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:5451bc7fa5] [*:5451bc7fa5]Klik op [b:5451bc7fa5]OK[/b:5451bc7fa5] in het "NirCmd" venstertje. [*:5451bc7fa5][i:5451bc7fa5]Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:5451bc7fa5]JA[/b:5451bc7fa5] te klikken in het "Query - Recovery Console" venster.[/i:5451bc7fa5] [*:5451bc7fa5]Klik op [b:5451bc7fa5]OK[/b:5451bc7fa5] en [b:5451bc7fa5]Ja[/b:5451bc7fa5] om automatisch de Recovery Console te laten installeren. [*:5451bc7fa5]Klik na afloop terug op [b:5451bc7fa5]Ja[/b:5451bc7fa5] om het scannen op malware te starten. [*:5451bc7fa5]Tijdens het runnen van de fix, [b:5451bc7fa5]NIET[/b:5451bc7fa5] in het venster klikken, want dit zal je pc doen vasthangen. [*:5451bc7fa5]Wanneer de fix voltooid is en na herstart, zal de log [b:5451bc7fa5]Combofix.txt[/b:5451bc7fa5] openen.[/list:u:5451bc7fa5]Post dit logje in je volgende antwoord.
  • ComboFix 09-05-19.08 - Arie 20-05-2009 20:53.4 - [color=red:bb84b0a8ec][b:bb84b0a8ec]FAT32[/b:bb84b0a8ec][/color:bb84b0a8ec]x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.959.577 [GMT 2:00] Gestart vanuit: c:\documents and settings\Arie\Mijn documenten\download\ComboFix.exe FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Arie\LOCALS~1\Temp\tmp2.tmp c:\program files\INSTALL.LOG c:\windows\Downloaded Program Files\setup.dll c:\windows\patch.exe c:\windows\system32\dumphive.exe c:\windows\system32\mdm.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))) . 2009-05-20 05:53 . 2009-05-20 05:53 -------- d-----w c:\documents and settings\Arie\Application Data\Malwarebytes 2009-05-20 05:53 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 05:53 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 05:53 . 2009-05-20 05:53 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-20 05:53 . 2009-05-20 05:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 05:52 . 2009-05-20 05:53 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-29 04:10 . 2009-04-29 04:10 -------- d--h--w c:\windows\$hf_mig$ . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-20 06:37 . 2004-08-08 17:20 2568 ----a-w c:\windows\system32\KGyGaAvL.sys 2009-05-20 06:31 . 2005-11-26 05:09 12 ----a-w c:\windows\bthservsdp.dat 2009-04-15 10:03 . 1980-01-01 05:00 517074 ----a-w c:\windows\system32\perfh013.dat 2009-04-15 10:03 . 1980-01-01 05:00 93880 ----a-w c:\windows\system32\perfc013.dat 2009-03-17 19:46 . 2004-02-14 06:23 42264 ----a-w c:\documents and settings\Arie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-09 03:19 . 2008-12-15 17:14 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:23 . 2003-02-05 14:41 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2004-08-23 18:35 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:18 . 2004-10-30 08:57 78336 ------w c:\windows\system32\ieencode.dll 2004-09-09 14:57 . 2004-09-09 14:54 4204 ----a-w c:\program files\uninstal.log 1998-09-25 19:16 . 2003-05-03 03:08 270848 ----a-w c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "SiS Tray"="c:\windows\system32\sistray.EXE" [2002-11-17 303104] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022] "LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648] "LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440] "\\HELENA\EPSON"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304] "QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568] "PdxRegCl"="c:\program files\Paradox\Programs\PdxRegCl.exe" [2004-06-14 49152] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-17 98304] "Exif Initializer Ver.1.0"="c:\program files\FUJIFILM\Exif Initializer Ver.1.0\EXIFINIT.EXE" [2001-02-21 65536] "\\HELENA\EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672] "Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-01-07 46592] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\Arie\Menu Start\Programma's\Opstarten\ SimpleServer.WWW.lnk - c:\program files\AnalogX\SimpleServer\WWW\http.exe [2006-6-25 170500] Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2004-6-7 60416] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 12:38 92008] S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [9-9-2004 13:42 15104] S3 76409eb6-9fc6-4704-9f46-63d33e70fca9;76409eb6-9fc6-4704-9f46-63d33e70fca9;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm TCP: {B81CF520-A2A6-4F7A-887D-7F0A61225C90} = 192.168.2.1 TCP: {BDF3B365-2CFD-45DF-BDC2-98F871015220} = 192.168.2.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-20 20:59 Windows 5.1.2600 Service Pack 3 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18E09523-0BB1-0E75-6B141AE958ABE9E7}\{8E8BA3D9-389B-9F43-3B5B6490B54F898E}\{0E0922CC-9ECE-C3AB-5B05A5FA1997F2CA}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,a1,da,8d, a8,bd,87,fe,2f,54,c9,11,a9,b7,a0,22,55,7a,d8,86,4a,57,cc,ae,96,6e,27,00,a0,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EEC79885-4786-49D7-ED36B6E7637E50FF}\{25B171C9-78C7-18E7-FBBA7E6592C7CB70}\{6B8ADD0A-85A7-C5B5-191A2895BD30C6E1}*] "WHRUBFTNUT3JMXQXKMKSXOBADA1"=hex:01,00,01,00,00,00,00,00,7d,86,67,30,10,5d,1c, b8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . Voltooingstijd: 2009-05-20 21:01 ComboFix-quarantined-files.txt 2009-05-20 19:01 ComboFix2.txt 2007-11-12 10:45 Pre-Run: 5.780.996.096 bytes beschikbaar Post-Run: 11.432.738.816 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 146 --- E O F --- 2009-05-13 01:03
  • Nou is dat even mooi gelukt, gaat het nu beter Arie ?
  • de mijne blijkt op moment goed te gaan nu weer die van helena hjt logje eerst Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:02:58, on 22-5-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Documents and Settings\PETRONELLA\Mijn documenten\download\hijackThis202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A1E49CF8-E624-4C4E-AB72-A8D822D20A8B}: NameServer = 192.168.2.1 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6655 bytes
  • Lijkt mij goed zo hoor. :D
  • ben ik vermoedelijk optijd geweest met sluiten laten wij het even aankijken anders meld ik me wel weer met een nieuwe log

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.