Vraag & Antwoord

3 antwoorden

Logfile of HijackThis v1.99.1
Scan saved at 21:49:25, on 27-10-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\AMD\PowerNow!\GemServ.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\73TNFLCW\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1D359F31-6328-4ED3-9408-503F707E1D21} - C:\WINNT\system32\mljjh.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\TrueCodec\isaddon.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: mljjh - C:\WINNT\system32\mljjh.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINNT\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: AMD PowerNow! ™ Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Anoniem 27 oktober 2006 19:49

Administrator - vr 27-10-2006 21:39:27,60 Service Pack 4
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))

2006-10-27 19:42 106,496 –a—— C:\WINNT\system32\tazth.dll
2006-10-27 12:02 847,872 –a—— C:\WINNT\system32\xvidcore.dll
2006-10-27 12:02 77,824 –a—— C:\WINNT\system32\mplaw7.dll
2006-10-27 12:02 77,824 –a—— C:\WINNT\system32\mplaa6.dll
2006-10-27 12:02 65,536 –a—— C:\WINNT\system32\mplapx.dll
2006-10-27 12:02 65,536 –a—— C:\WINNT\system32\mplam6.dll
2006-10-27 12:02 630,784 –a—— C:\WINNT\system32\vp7vfw.dll
2006-10-27 12:02 56,832 –a—— C:\WINNT\system32\Iyvu9_32.dll
2006-10-27 12:02 5,632 –a—— C:\WINNT\system32\ff_vfw.dll
2006-10-27 12:02 446,464 –a—— C:\WINNT\system32\vp31vfw.dll
2006-10-27 12:02 438,272 –a—— C:\WINNT\system32\vp6vfw.dll
2006-10-27 12:02 413,760 –a—— C:\WINNT\system32\msmpeg4.dll
2006-10-27 12:02 413,760 –a—— C:\WINNT\system32\DivXc32f.dll
2006-10-27 12:02 413,760 –a—— C:\WINNT\system32\DivXc32.dll
2006-10-27 12:02 39,936 –a—— C:\WINNT\system32\huffyuv.dll
2006-10-27 12:02 344,064 –a—— C:\WINNT\system32\msvcr70.dll
2006-10-27 12:02 338,432 –a—— C:\WINNT\system32\Ir41_qcx.dll
2006-10-27 12:02 286,720 –a—— C:\WINNT\system32\3ivxVfWCodec.dll
2006-10-27 12:02 2,024,448 –a—— C:\WINNT\system32\divx.dll
2006-10-27 12:02 19,968 –a—— C:\WINNT\system32\cpuinf32.dll
2006-10-27 12:02 157,696 –a—— C:\WINNT\system32\unrar.dll
2006-10-27 12:02 151,552 –a—— C:\WINNT\system32\xvidvfw.dll
2006-10-27 12:02 151,552 –a—— C:\WINNT\system32\Npindeo.dll
2006-10-27 12:02 144,384 –a—— C:\WINNT\system32\Iacenc.dll
2006-10-27 12:02 1,650,688 –a—— C:\WINNT\system32\mplva6.dll
2006-10-27 12:02 1,581,056 –a—— C:\WINNT\system32\mplvw7.dll
2006-10-27 12:02 1,552,384 –a—— C:\WINNT\system32\mplvm6.dll
2006-10-27 12:02 1,122,304 –a—— C:\WINNT\system32\mplvpx.dll
2006-10-27 12:02 1,024,000 –a—— C:\WINNT\system32\3ivx.dll
2006-10-26 19:04 528,384 C:\WINNT\system32Astro Gemini Screensaver Manager.scr
2006-10-26 11:13 118,804 –a—— C:\WINNT\system32\kfqmjylv.dll
2006-10-25 11:12 118,804 –a—— C:\WINNT\system32\viogtsqe.dll
2006-10-24 14:01 67,604 –a—— C:\WINNT\system32\jhrkykng.exe
2006-10-24 14:01 118,804 –a—— C:\WINNT\system32\quxvqvda.dll
2006-10-21 23:48 395,776 –a—— C:\WINNT\system32\libmplayer.dll
2006-10-21 23:48 34,820 –a—— C:\WINNT\system32\ffdshow.reg
2006-10-21 23:48 262,144 –a—— C:\WINNT\system32\TomsMoComp_ff.dll
2006-10-21 23:48 2,255,360 –a—— C:\WINNT\system32\libavcodec.dll
2006-10-21 23:48 112,640 –a—— C:\WINNT\system32\libmpeg2_ff.dll
2006-10-21 12:22 947,472 –a—— C:\WINNT\system32\msjava.dll
2006-10-21 12:22 46,352 –a—— C:\WINNT\setdebug.exe
2006-10-21 12:22 313,856 –a—— C:\WINNT\system32\dx3j.dll
2006-10-21 12:22 286,992 –a—— C:\WINNT\system32\vmhelper.dll
2006-10-21 12:22 21,264 –a—— C:\WINNT\system32\msjdbc10.dll
2006-10-21 12:22 172,304 –a—— C:\WINNT\system32\jview.exe
2006-10-21 12:22 171,792 –a—— C:\WINNT\system32\wjview.exe
2006-10-21 12:22 171,280 –a—— C:\WINNT\system32\jit.dll
2006-10-21 12:22 154,384 –a—— C:\WINNT\system32\msawt.dll
2006-10-21 12:22 15,120 –a—— C:\WINNT\system32\jdbgmgr.exe
2006-10-21 12:22 139,536 –a—— C:\WINNT\system32\javaee.dll
2006-10-21 12:22 113 –a—— C:\WINNT\system32\zonedon.reg
2006-10-21 12:22 113 –a—— C:\WINNT\system32\zonedoff.reg
2006-10-21 12:21 63,248 –a—— C:\WINNT\system32\javaprxy.dll
2006-10-21 12:21 49,424 –a—— C:\WINNT\system32\clspack.exe
2006-10-21 12:21 404,752 –a—— C:\WINNT\system32\javart.dll
2006-10-21 12:21 187,152 –a—— C:\WINNT\system32\javacypt.dll
2006-10-02 16:53 45,525 –a—— C:\WINNT\system32\tddgdhlf.dll
2006-10-01 13:19 45,525 –a—— C:\WINNT\system32\iukiejvn.dll
2006-09-30 22:15 58,952 –a—— C:\WINNT\system32\MsgPlusLoader.dll
2006-09-30 15:32 30,768 –a—— C:\WINNT\system32\drivers\disk.sys
2006-09-30 15:32 21,552 –a—— C:\WINNT\system32\drivers\USBSTOR.SYS
2006-09-29 17:32 73,748 –a—— C:\WINNT\system32\tuqvjlln.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-27 21:38 ——– d——– C:\Program Files\Hitman Pro
2006-10-27 21:18 ——– d——– C:\Program Files\SpywareBlaster
2006-10-27 21:16 ——– d-a—— C:\Program Files\Spyware Doctor
2006-10-27 20:41 ——– d——– C:\Program Files\3D Spooky Halloween Screensaver
2006-10-27 19:42 ——– d——– C:\Program Files\TrueCodec
2006-10-27 14:00 ——– d-a—— C:\Program Files\ewido anti-spyware 4.0
2006-10-27 12:19 ——– d——– C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2006-10-27 12:02 ——– d——– C:\Program Files\K-Lite Codec Pack
2006-10-27 11:09 ——– d——– C:\Program Files\Google
2006-10-26 19:46 ——– d——– C:\Documents and Settings\Administrator\Application Data\Starware316
2006-10-26 19:04 ——– d——– C:\Program Files\Astro Gemini Software
2006-10-26 19:02 ——– d——– C:\Program Files\Starware316
2006-10-26 11:13 1243189 —hs—- C:\WINNT\system32\hjjlm.bak2
2006-10-23 19:34 ——– d——– C:\Program Files\QuickTime
2006-10-22 15:18 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-10-22 15:16 ——– d——– C:\Program Files\eMule
2006-10-22 15:15 ——– d——– C:\Program Files\IrfanView
2006-10-21 23:48 ——– d——– C:\Program Files\Cucusoft
2006-10-21 23:44 ——– d——– C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2006-10-21 23:02 ——– d—s—- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-10-21 21:56 ——– d——– C:\Program Files\WinAVIVideoConverter
2006-10-21 13:43 ——– d——– C:\Documents and Settings\Administrator\Application Data\Skype
2006-10-21 12:28 ——– d——– C:\Program Files\Common Files\System
2006-10-21 12:24 ——– d——– C:\Program Files\NetMeeting
2006-10-21 12:22 ——– d-a—— C:\Program Files\Common Files\Microsoft Shared
2006-10-21 12:22 ——– d-a—— C:\Program Files\Common Files
2006-10-21 12:22 ——– d–h—– C:\Program Files\Uninstall Information
2006-10-21 12:22 ——– d——– C:\Program Files\Windows Media Player
2006-10-21 12:22 ——– d——– C:\Program Files\Outlook Express
2006-10-21 12:22 ——– d——– C:\Program Files\Internet Explorer
2006-10-20 12:09 ——– d——– C:\Program Files\LitexMedia
2006-10-19 13:27 ——– d——– C:\Program Files\Common Files\Adaptec Shared
2006-10-18 16:14 ——– d——– C:\Program Files\EasyCleaner
2006-10-01 16:52 ——– d——– C:\Program Files\LimeWire
2006-09-30 22:17 ——– d——– C:\Program Files\PacificPoker
2006-09-30 19:56 ——– d——– C:\Program Files\Java
2006-09-30 19:53 ——– d——– C:\Program Files\Common Files\Java
2006-09-29 17:33 778656 –a—— C:\WINNT\system32\drivers\avg7core.sys
2006-09-28 17:28 ——– d——– C:\Documents and Settings\Administrator\Application Data\Google
2006-09-25 20:08 143380 –a—— C:\WINNT\system32\lbjdjskr.exe
2006-09-24 18:13 51072 –a—— C:\WINNT\system32\drivers\ikhlayer.sys
2006-09-23 13:13 ——– d——– C:\Documents and Settings\Administrator\Application Data\BearShare
2006-09-12 13:48 1713536 –a—— C:\WINNT\system32\NTKRNLPA.EXE
2006-09-12 13:48 1690880 –a—— C:\WINNT\system32\NTOSKRNL.EXE
2006-09-06 06:58 1110528 –a—— C:\WINNT\system32\msxml3.dll
2006-08-28 10:44 530192 –a—— C:\WINNT\system32\comctl32.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"LoadQM"="loadqm.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SoundMan"="SOUNDMAN.EXE"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,00,00,00,00,d4,02,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Program Files\\TrueCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Program Files\\TrueCodec\\pmsngr.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Completion time: Fri 2006-10-27 21:40:37.01
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

Anoniem 27 oktober 2006 19:50

Wil je eerst HITMANPRO even verwijderen met alle componenten aub die kan de fix in de weg zitten.

Start HJT opnieuw en doe een systemscan only, vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked.

[b:8d9d99ef5d]O2 - BHO: (no name) - {1D359F31-6328-4ED3-9408-503F707E1D21} - C:\WINNT\system32\mljjh.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\TrueCodec\isaddon.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab[/b:8d9d99ef5d]

[b:8d9d99ef5d]1.[/b:8d9d99ef5d] Download SmitfraudFix (van[b:8d9d99ef5d]S!Ri[/b:8d9d99ef5d]), en pak het uit op je bureaublad.

[b:8d9d99ef5d]2.[/b:8d9d99ef5d] Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
Dit, omdat de rest van de fix in veilige modus is en je hier dus niet meer kan terugzoeken.

[b:8d9d99ef5d]3.[/b:8d9d99ef5d] Start op in

[b:8d9d99ef5d]4.[/b:8d9d99ef5d] Open de map [b:8d9d99ef5d]smitfraudfix[/b:8d9d99ef5d] en dubbelklik op [b:8d9d99ef5d]smitfraudfix.cmd[/b:8d9d99ef5d]
[list:8d9d99ef5d]* Kies optie #2 - [b:8d9d99ef5d]Clean[/b:8d9d99ef5d] door[b:8d9d99ef5d]2[/b:8d9d99ef5d] te typen, en druk op "[b:8d9d99ef5d]Enter[/b:8d9d99ef5d]" om de
geïnfecteerde bestanden te verwijderen.

[i:8d9d99ef5d]Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?"[/i:8d9d99ef5d]
* Antwoord "yes" door [b:8d9d99ef5d]y[/b:8d9d99ef5d] te typen en druk op "Enter".
(Als je pc daarna niet herstart, start hem dan handmatig terug op in normale modus)

[i:8d9d99ef5d]Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.[/i:8d9d99ef5d]
* Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.[/list:u:8d9d99ef5d]
[i:8d9d99ef5d]Er zal een tekstbestandje openen met de resultaten van de fix. [/i:8d9d99ef5d]

[b:8d9d99ef5d]5.[/b:8d9d99ef5d] Post de inhoud van dit bestandje in je volgende antwoord,
samen met een Hijackthis-logje. (Je kan het rapport ook vinden in c:\rapport.txt)

Doe ook nog even

Download [b:8d9d99ef5d] naar je Bureaublad:[list:8d9d99ef5d][*:8d9d99ef5d]Dubbelklik [b:8d9d99ef5d]drweb-cureit.exe[/b:8d9d99ef5d] Klik op udate
[*:8d9d99ef5d]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
[*:8d9d99ef5d]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
klik de [b:8d9d99ef5d]Yes to all[/b:8d9d99ef5d] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
[*:8d9d99ef5d]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen.
[*:8d9d99ef5d]Selecteer hier [b:8d9d99ef5d]alle drives[/b:8d9d99ef5d]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
[*:8d9d99ef5d]Klik daarna de [b:8d9d99ef5d]groene pijl[/b:8d9d99ef5d] rechts om de scan te starten.
[*:8d9d99ef5d]Klik [b:8d9d99ef5d]Yes to all[/b:8d9d99ef5d] wanneer er gevraagd wordt om cure of move uit te voeren.
[*:8d9d99ef5d]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:8d9d99ef5d]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:8d9d99ef5d]
[*:8d9d99ef5d]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:8d9d99ef5d]Move incurable[/b:8d9d99ef5d] zoals je hier ziet:
[img:8d9d99ef5d]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:8d9d99ef5d]
Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
[*:8d9d99ef5d]Nadat de scan gedaan is, in het menu bovenaan, klik [b:8d9d99ef5d]File[/b:8d9d99ef5d] en kies [b:8d9d99ef5d]Save report List[/b:8d9d99ef5d]. Bewaar het op je Bureaublad.
[*:8d9d99ef5d]Sluit daarna Dr.Web Cureit.
[*:8d9d99ef5d][b:8d9d99ef5d]Herstart[/b:8d9d99ef5d] je computer!! [i:8d9d99ef5d]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:8d9d99ef5d].
[*:8d9d99ef5d]Na het herstarten, [b:8d9d99ef5d]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:8d9d99ef5d].
[/list:u:8d9d99ef5d]

Negeer popups over Buy of 50% korting

Aub nieuw HJT logje en het logje van Dr.web plus het rapport

Succes
J

Anoniem 28 oktober 2006 12:46

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.