Vraag & Antwoord

Beveiliging & privacy

snel hijacklog controleren???

Anoniem
smeenk
7 antwoorden
  • Logfile of HijackThis v1.99.1
    Scan saved at 19:28:31, on 5-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    C:\WINDOWS\system32\SerExt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\NavNT\vptray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32
    ?svc32.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\DOCUME~1\Nel\MIJNDO~1\YSTEM~1\ping.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\WinAce\WinAce.exe
    C:\Documents and Settings\Nel\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.issf-shooting.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.issf-shooting.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {DB9DE7B5-0D7F-0285-2335-2ED74F0D66BE} - C:\WINDOWS\system32\mup.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5A004A38-FB8C-D52B-ADB2-F66DD440B699} - C:\WINDOWS\system32\msfm.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {DB9DE7B5-0D7F-0285-2335-2ED74F0D66BE} - C:\WINDOWS\system32\mup.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
    O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
    O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
    O4 - HKLM\..\Run: [Windows media service] crsss.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [SerExt] SerExt.exe /unplug
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
    O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
    O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
    O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
    O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
    O4 - HKCU\..\Run: [Nzxgshg] C:\WINDOWS\system32
    ?svc32.exe
    O4 - HKCU\..\Run: [Trdc] "C:\DOCUME~1\Nel\MIJNDO~1\YSTEM~1\ping.exe" -vt mtx
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
    O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{133CDF89-F158-4361-AC38-52FC4B9EF90B}: NameServer = 90.0.0.2
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    zou iemand hem zo nsel mogelijk kunnen controleren…? Bijvoorbaat dank.

  • Plaats eerst HijackThis even in een eigen map, bijvoorbeeld: C:\HijackThis
    Dit in veband met de backups van het programma die in de temp-map verloren kunnen gaan.

    Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    [b:7cf9deab44]R3 - URLSearchHook: (no name) - {DB9DE7B5-0D7F-0285-2335-2ED74F0D66BE} - C:\WINDOWS\system32\mup.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {5A004A38-FB8C-D52B-ADB2-F66DD440B699} - C:\WINDOWS\system32\msfm.dll (file missing)
    O4 - HKLM\..\Run: [Window Monitor] winmon32.exe
    O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
    O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
    O4 - HKLM\..\Run: [Windows media service] crsss.exe
    O4 - HKLM\..\Run: [SerExt] SerExt.exe /unplug
    O4 - HKLM\..\RunServices: [Window Monitor] winmon32.exe
    O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
    O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
    O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
    O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
    O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
    O4 - HKCU\..\Run: [Nzxgshg] C:\WINDOWS\system32
    ?svc32.exe
    O4 - HKCU\..\Run: [Trdc] "C:\DOCUME~1\Nel\MIJNDO~1\YSTEM~1\ping.exe" -vt mtx
    O16 - DPF: {018A066F-584A-422F-AC4C-0B1F5FE5C040} - http://advnt01.com/dialer/olanda_ver3.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab [/b:7cf9deab44]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.


    Download [b:7cf9deab44]Combofix[/b:7cf9deab44] naar je Bureaublad.
    Dubbelklik [b:7cf9deab44]Combofix.exe[/b:7cf9deab44]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:7cf9deab44]NIET[/b:7cf9deab44] in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log [b:7cf9deab44]combofix.txt[/b:7cf9deab44] openen.
    Plaats deze log in je volgende post tesamen met een nieuw logje van Hijackthis.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • [code:1:be502ddc22]Nel - 06-12-05 20:48:06,60 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Nel\Bureaublad"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\wtscc.exe

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Nel\Mijn documenten\YSTEM~1
    C:\QooBox\Purity\Documents and Settings\Nel\Mijn documenten\YSTEM~1\ping.exe
    C:\QooBox\Purity\Documents and Settings\Nel\Mijn documenten\YSTEM~1\YSTEM~1
    C:\QooBox\Purity\Program Files\APPATC~1
    C:\QooBox\Purity\Program Files\CROSOF~1
    C:\QooBox\Purity\Program Files\PPATCH~1
    C:\QooBox\Purity\Program Files\PPPATC~1
    C:\QooBox\Purity\Program Files\Common Files\PPPATC~1
    C:\QooBox\Purity\Program Files\Common Files\RACLE~1
    C:\QooBox\Purity\WINDOWS\system32\MANTEC~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-11-05 to 2006-12-05 ))))))))))))))))))))))))))))))))))


    2006-12-05 20:39 <DIR> d——– C:\Program Files\hijackthis
    2006-12-05 19:52 <DIR> d——– C:\Program Files\Lavasoft
    2006-12-05 19:47 <DIR> d——– C:\WINDOWS\WBEM
    2006-12-05 19:47 <DIR> d——– C:\WINDOWS\system32
    l-nl
    2006-12-05 19:45 <DIR> d–h-c— C:\WINDOWS\ie7
    2006-12-05 19:41 121,856 ——— C:\WINDOWS\system32\xmllite.dll
    2006-12-05 19:37 <DIR> d——– C:\Program Files\Windows Defender
    2006-11-30 17:45 58,880 –a—— C:\WINDOWS\system32\mup.dll
    2006-11-19 20:14 <DIR> d——– C:\Program Files\MSXML 4.0
    2006-11-07 21:03 6,049,280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50,688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458,752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 180,736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 03:26 13,312 –a—— C:\WINDOWS\system32\ieudinit.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-05 20:48 ——– d——– C:\Program Files\Common Files
    2006-12-05 20:29 ——– d——– C:\Program Files\SpywareBlaster
    2006-12-05 20:29 ——– d——– C:\Program Files\Hitman Pro
    2006-12-05 20:05 ——– d——– C:\Program Files\Internet Explorer
    2006-12-05 19:52 ——– d——– C:\Documents and Settings\Nel\Application Data\Lavasoft
    2006-12-05 19:50 ——– d——– C:\Program Files\Spybot - Search & Destroy
    2006-12-05 19:37 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-11-28 21:58 190464 -r-hs—- C:\WINDOWS\system32
    ?svc32.exe
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-29 08:26 ——– d——– C:\Documents and Settings\Nel\Application Data\WinAntiSpyware 2006
    2006-10-27 21:46 ——– d——– C:\Documents and Settings\Nel\Application Data\Google
    2006-10-23 16:31 ——– d——– C:\Documents and Settings\Nel\Application Data\Adobe
    2006-10-23 16:09 ——– d——– C:\Program Files\Google
    2006-10-23 10:17 ——– d——– C:\Program Files\Symantec
    2006-10-23 10:17 ——– d——– C:\Program Files\NavNT
    2006-10-23 10:17 ——– d——– C:\Program Files\Common Files\Symantec Shared
    2006-10-23 09:56 ——– d——– C:\Program Files\betw
    2006-10-17 12:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32
    wprovau.dll
    2006-09-13 06:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
    2006-09-06 16:43 22752 –a—— C:\WINDOWS\system32\spupdsvc.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
    "Window Monitor"="winmon32.exe"
    "Windows Monitor"="winmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "HTpatch"="C:\\WINDOWS\\htpatch.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "PCMService"="C:\\Program Files\\Medion Home CinemaXL\\PowerCinema\\PCMService.exe"
    "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
    "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
    "PRISMSVR.EXE"="\"C:\\Program Files\\Thomson SpeedTouch\\SpeedTouch 121g Wireless USB Monitor\\PRISMSVR.EXE\" /APPLY"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "vptray"="C:\\Program Files\\NavNT\\vptray.exe"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Window Monitor"="winmon32.exe"
    "Win32 Configuration"="videosd32.exe"
    "Windows Monitor"="winmon.exe"
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
    "Window Monitor"="winmon32.exe"
    "Windows Monitor"="winmon.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Window Monitor"="winmon32.exe"
    "Win32 Configuration"="videosd32.exe"
    "Windows Monitor"="winmon.exe"
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
    "Window Monitor"="winmon32.exe"
    "Windows Monitor"="winmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoInstrumentation"=dword:00000001
    "NoToolbarCustomize"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Call Tray.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Call Tray.lnk"
    "backup"="C:\\WINDOWS\\pss\\Call Tray.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Gigaset\\CAPI\\Tools\\CALLTRAY.exe "
    "item"="Call Tray"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Dit"
    "hkey"="HKLM"
    "command"="Dit.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtuikvw]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="wuukimcf"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\wuukimcf.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RAMIdle"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Customizer XP\\RAMIdle.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SerExt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SerExt"
    "hkey"="HKLM"
    "command"="SerExt.exe /unplug "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VOBRegCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VOBREGCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winampa"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106572293.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 06-12-05 20:49:21.60
    C:\ComboFix.txt … 06-12-05 20:49[/code:1:be502ddc22]


    [code:1:be502ddc22]Logfile of HijackThis v1.99.1
    Scan saved at 20:58:43, on 5-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\DOBE~1\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.issf-shooting.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {DB9DE7B5-0D7F-0285-2335-2ED74F0D66BE} - C:\WINDOWS\system32\mup.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
    O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{133CDF89-F158-4361-AC38-52FC4B9EF90B}: NameServer = 90.0.0.2
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[/code:1:be502ddc22]

    Ik heb op deze computer nu ook internet explorer 7 en windows defender geplaatst.

    Nu heeft die windows defender ook wat gevonden zostraks en verwijderd maar nu kreeg ik net weer een melding (na alle dingen die u zij) dat het programma er weer was en dan die niet helemaal verwijderd kon worden.

    De naam va nhet programma is: Clickscpring.puritySCAN


    Ik hoop dat julie mij kunnen helpen, het is niet mijn eigen computer maar doe het voor mijn buurvrouw.. :wink:


  • 1) Open een kladblokbestand.
    2) Kopieer onderstaande code in dit kladblokbestand.
    3) Ga naar Bestand - Opslaan als.
    -Bij "Opslaan in" kies je: Bureaublad
    -Bij "Bestandsnaam" zet je: fix.reg
    -Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    -Klik op de knop Opslaan.[code:1:f3393a936a]REGEDIT4

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
    "Window Monitor"=-
    "Windows Monitor"=-

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Window Monitor"=-
    "Win32 Configuration"=-
    "Windows Monitor"=-

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
    "Window Monitor"=-
    "Windows Monitor"=-

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "Window Monitor"=-
    "Win32 Configuration"=-
    "Windows Monitor"=-

    [-HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtuikvw] [/code:1:f3393a936a]4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

    Ga naar: Start - Uitvoeren en geef daar met behulp van kopieeren en plakken het volgende commando in:
    [b:f3393a936a]"C:\Documents and Settings\Nel\Bureaublad\Combofix.exe" /v mup[/b:f3393a936a]
    Bevestig dit met OK.
    Combofix zal openen, post na de herstart het nieuwe logje van Combofix tesamen met een nieuw logje van HijackThis ;)
  • En hier de 2 nieuwe logjes

    [code:1:787c9002a6]Logfile of HijackThis v1.99.1
    Scan saved at 17:58:14, on 6-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.issf-shooting.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Trdc] "C:\WINDOWS\DOBE~1\iexplore.exe" -vt ndrv
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{133CDF89-F158-4361-AC38-52FC4B9EF90B}: NameServer = 90.0.0.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[/code:1:787c9002a6]

    en!

    [code:1:787c9002a6]Nel - 06-12-06 17:52:06,64 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Nel\Bureaublad"
    Command switches used :: /v mup

    (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\mup.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Nel\Mijn documenten\YSTEM~1
    C:\QooBox\Purity\Documents and Settings\Nel\Mijn documenten\YSTEM~1\ping.exe
    C:\QooBox\Purity\Documents and Settings\Nel\Mijn documenten\YSTEM~1\YSTEM~1
    C:\QooBox\Purity\Program Files\APPATC~1
    C:\QooBox\Purity\Program Files\CROSOF~1
    C:\QooBox\Purity\Program Files\PPATCH~1
    C:\QooBox\Purity\Program Files\PPPATC~1
    C:\QooBox\Purity\Program Files\Common Files\PPPATC~1
    C:\QooBox\Purity\Program Files\Common Files\RACLE~1
    C:\QooBox\Purity\WINDOWS\DOBE~1
    C:\QooBox\Purity\WINDOWS\DOBE~1\DOBE~1
    C:\QooBox\Purity\WINDOWS\DOBE~1\iexplore.exe
    C:\QooBox\Purity\WINDOWS\system32\MANTEC~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))


    2006-12-05 21:45 <DIR> d——– C:\Documents and Settings\Nel\Contacts
    2006-12-05 21:44 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
    2006-12-05 21:44 <DIR> d——– C:\Program Files\MSN Messenger
    2006-12-05 20:39 <DIR> d——– C:\Program Files\hijackthis
    2006-12-05 19:52 <DIR> d——– C:\Program Files\Lavasoft
    2006-12-05 19:47 <DIR> d——– C:\WINDOWS\WBEM
    2006-12-05 19:47 <DIR> d——– C:\WINDOWS\system32
    l-nl
    2006-12-05 19:45 <DIR> d–h-c— C:\WINDOWS\ie7
    2006-12-05 19:41 121,856 ——— C:\WINDOWS\system32\xmllite.dll
    2006-12-05 19:37 <DIR> d——– C:\Program Files\Windows Defender
    2006-11-19 20:14 <DIR> d——– C:\Program Files\MSXML 4.0
    2006-11-07 21:03 6,049,280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50,688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458,752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 180,736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 03:26 13,312 –a—— C:\WINDOWS\system32\ieudinit.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-05 21:44 ——– d—s—- C:\Documents and Settings\Nel\Application Data\Microsoft
    2006-12-05 20:48 ——– d——– C:\Program Files\Common Files
    2006-12-05 20:29 ——– d——– C:\Program Files\SpywareBlaster
    2006-12-05 20:29 ——– d——– C:\Program Files\Hitman Pro
    2006-12-05 20:05 ——– d——– C:\Program Files\Internet Explorer
    2006-12-05 19:52 ——– d——– C:\Documents and Settings\Nel\Application Data\Lavasoft
    2006-12-05 19:50 ——– d——– C:\Program Files\Spybot - Search & Destroy
    2006-12-05 19:37 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-11-28 21:58 190464 -r-hs—- C:\WINDOWS\system32
    ?svc32.exe
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-29 08:26 ——– d——– C:\Documents and Settings\Nel\Application Data\WinAntiSpyware 2006
    2006-10-27 21:46 ——– d——– C:\Documents and Settings\Nel\Application Data\Google
    2006-10-23 16:31 ——– d——– C:\Documents and Settings\Nel\Application Data\Adobe
    2006-10-23 16:09 ——– d——– C:\Program Files\Google
    2006-10-23 10:17 ——– d——– C:\Program Files\Symantec
    2006-10-23 10:17 ——– d——– C:\Program Files\NavNT
    2006-10-23 10:17 ——– d——– C:\Program Files\Common Files\Symantec Shared
    2006-10-23 09:56 ——– d——– C:\Program Files\betw
    2006-10-17 12:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32
    wprovau.dll
    2006-09-13 06:07 1084416 –a—— C:\WINDOWS\system32\msxml3.dll
    2006-09-06 16:43 22752 –a—— C:\WINDOWS\system32\spupdsvc.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "Trdc"="\"C:\\WINDOWS\\DOBE~1\\iexplore.exe\" -vt ndrv"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "HTpatch"="C:\\WINDOWS\\htpatch.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "PCMService"="C:\\Program Files\\Medion Home CinemaXL\\PowerCinema\\PCMService.exe"
    "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
    "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
    "PRISMSVR.EXE"="\"C:\\Program Files\\Thomson SpeedTouch\\SpeedTouch 121g Wireless USB Monitor\\PRISMSVR.EXE\" /APPLY"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "vptray"="C:\\Program Files\\NavNT\\vptray.exe"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoInstrumentation"=dword:00000001
    "NoToolbarCustomize"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Call Tray.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Call Tray.lnk"
    "backup"="C:\\WINDOWS\\pss\\Call Tray.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Gigaset\\CAPI\\Tools\\CALLTRAY.exe "
    "item"="Call Tray"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Dit"
    "hkey"="HKLM"
    "command"="Dit.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RAMIdle"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Customizer XP\\RAMIdle.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SerExt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SerExt"
    "hkey"="HKLM"
    "command"="SerExt.exe /unplug "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VOBRegCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VOBREGCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winampa"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1106572293.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 06-12-06 17:54:58.26
    C:\ComboFix.txt … 06-12-06 17:54
    C:\ComboFix2.txt … 06-12-05 20:49[/code:1:787c9002a6]

    succes!


  • Verwijder deze map:
    C:\[b:73796f1d10]QooBox[/b:73796f1d10]\

    Doe daarna de volgende stappen:

    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:73796f1d10]Select All[/b:73796f1d10].
    Klik op de knop [b:73796f1d10]Empty Selected[/b:73796f1d10].

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:73796f1d10]Select All[/b:73796f1d10].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:73796f1d10]Empty Selected[/b:73796f1d10].

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij [b:73796f1d10]Select All[/b:73796f1d10].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:73796f1d10]Empty Selected[/b:73796f1d10].
    Ga naar het tabblad "Main" en klik op de knop [b:73796f1d10]Exit[/b:73796f1d10] om het programma af te sluiten

    2. Download [b:73796f1d10]Dr.Web CureIt[/b:73796f1d10] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:73796f1d10]drweb-cureit.exe[/b:73796f1d10] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:73796f1d10]Options[/b:73796f1d10] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:73796f1d10]groene pijl[/b:73796f1d10] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:73796f1d10]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:73796f1d10]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:73796f1d10]Move incurable[/b:73796f1d10] zoals je zal zien in volgende afbeelding:
    [img:73796f1d10]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:73796f1d10]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:73796f1d10]file[/b:73796f1d10] en kies [b:73796f1d10]save report list[/b:73796f1d10]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:73796f1d10]Herstart[/b:73796f1d10] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis ;)
  • [code:1:7ee28fddbd]A0027332.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP269 Adware.ValueAd Incurable.Moved.
    A0028260.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP288 Trojan.Fakealert Deleted.
    A0028278.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP288 Trojan.Fakealert Deleted.
    A0028282.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP288 Trojan.Fakealert Deleted.
    A0028319.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP288 Trojan.Fakealert Deleted.
    A0028321.exe\data001 C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP288\A0028321.exe Trojan.DownLoader.10963
    A0028321.exe\data002 C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP288\A0028321.exe Trojan.DownLoader.10963
    A0028321.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP288 Archive contains infected objects Moved.
    A0028336.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP289 Trojan.Fakealert Deleted.
    A0028351.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP289 Trojan.DownLoader.13909 Deleted.
    A0028352.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP289 Trojan.DownLoader.13909 Deleted.
    A0028356.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP289 Trojan.DownLoader.10963 Deleted.
    A0029194.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP313 Trojan.DownLoader.10963 Deleted.
    A0029200.exe C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP313 Trojan.DownLoader.10963 Deleted.
    A0029429.dll C:\System Volume Information\_restore{85CEDD62-35CC-4944-9DCD-6077EE28611D}\RP320 Adware.ClickSpring Incurable.Moved.
    TFTP3840 C:\WINDOWS\system32 Win32.HLLW.MyBot.based Deleted.[/code:1:7ee28fddbd]

    en

    [code:1:7ee28fddbd]Logfile of HijackThis v1.99.1
    Scan saved at 20:02:18, on 13-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.issf-shooting.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Trdc] "C:\WINDOWS\DOBE~1\iexplore.exe" -vt ndrv
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{133CDF89-F158-4361-AC38-52FC4B9EF90B}: NameServer = 90.0.0.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[/code:1:7ee28fddbd]


    Sorry dat het wat langer geduurd heeft, mijn buren waren er een paar avonden niet vandaar. :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord