Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijackthis log explorer start niet

Anoniem
pimvandenderen
6 antwoorden
  • Mijn explorer.exe start wel op, maar wordt gelijk weer afgesloten, ook als ik dit via taakbeheer doet

    hierbij een hackthis log, kan er iemand kijken of er wat mis is, ben bang voor een virus of iets dergelijks

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:30:23, on 30-10-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\xampp\apache\bin\apache.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\xampp\apache\bin\apache.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Downloads\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kliksafe.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;*.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
    od32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178542306374
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


    End of file - 6487 bytes


  • Je logje ziet er schoon uit, doe het volgende eens:

    Download Combofix naar je Bureaublad.
    [list:f156263277]
    Dubbelklik [b:f156263277]Combofix.exe[/b:f156263277]
    Volg de instructies, aanvaard de disclaimer door "[b:f156263277]1[/b:f156263277]" te typen en te bevestigen via "[b:f156263277]Enter[/b:f156263277]".
    Tijdens het runnen van de fix, [b:f156263277]NIET[/b:f156263277] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:f156263277]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:f156263277]Plaats deze log in je volgende post[/i:f156263277]

    [b:f156263277]Note:[/b:f156263277] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

    Succes!

    Pim
  • Hoi, kreeg de log al voor de restart, stond dit in, probleem is alleen nog niet opgelost:

    ComboFix 07-10-30.5 - Hendrik 2007-10-30 15:50:04.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.450 [GMT 1:00]
    Gestart vanuit: D:\Downloads\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))
    .

    2007-10-30 15:49 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-10-30 10:30 <DIR> d–h—– C:\Documents and Settings\Administrator\Sjablonen
    2007-10-30 10:30 <DIR> d–h—– C:\Documents and Settings\Administrator\Onlangs geopend
    2007-10-30 10:30 <DIR> d–h—– C:\Documents and Settings\Administrator\Netwerkprinteromgeving
    2007-10-30 10:30 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten
    2007-10-30 10:30 <DIR> dr——- C:\Documents and Settings\Administrator\Menu Start
    2007-10-30 10:30 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten
    2007-10-30 10:30 <DIR> d——– C:\Documents and Settings\Administrator\Bureaublad
    2007-10-30 10:26 1,036,800 –a–c— C:\WINDOWS\system32\dllcache\explorer.exe
    2007-10-30 10:26 1,036,800 –a—— C:\WINDOWS\explorer.exe
    2007-10-26 13:40 <DIR> d–h—– C:\WINDOWS\system32\GroupPolicy
    2007-10-25 19:51 552 –a—— C:\WINDOWS\system32\d3d8caps.dat
    2007-10-23 20:17 <DIR> d——– C:\Program Files\TuneUp Utilities 2007
    2007-10-23 20:17 24,072 –a—— C:\WINDOWS\system32\uxtuneup.dll
    2007-10-23 20:08 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\Thinstall
    2007-10-19 09:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-10-19 08:53 <DIR> d——– C:\Program Files\Bonjour
    2007-10-19 08:41 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
    2007-10-11 10:20 <DIR> d——– C:\Documents and Settings\Hendrik\.eclipse
    2007-10-10 22:10 582,656 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-08 21:37 <DIR> dr-h—– C:\Documents and Settings\Hendrik\Onlangs geopend
    2007-10-08 21:36 <DIR> d——– C:\Program Files\ToniArts
    2007-09-28 17:08 156,992 –a—— C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-28 17:07 3,596,288 –a—— C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 17:07 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-09-28 17:07 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
    2007-09-28 17:07 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll
    2007-09-27 13:42 <DIR> d——– C:\Program Files\Microsoft
    2007-09-26 10:58 <DIR> d——– C:\Program Files\PRAKVAAR
    2007-09-18 20:20 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Protexis
    2007-09-18 20:20 80 -r-hs—- C:\WINDOWS\system32\E574519813.dll
    2007-09-18 20:09 <DIR> d——– C:\Documents and Settings\Hendrik\WINDOWS
    2007-09-18 14:06 52,184 –ah—– C:\WINDOWS\system32\mlfcache.dat
    2007-09-17 15:31 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\Ahead
    2007-09-17 15:28 <DIR> d——– C:\Program Files\Nero
    2007-09-17 15:28 <DIR> d——– C:\Program Files\Common Files\Ahead
    2007-09-07 10:22 <DIR> d——– C:\TMP
    2007-09-06 20:25 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\TortoiseSVN
    2007-09-04 17:37 <DIR> d——– C:\Program Files\TortoiseSVN
    2007-09-04 08:57 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\Apple Computer
    2007-09-03 20:09 <DIR> d——– C:\Program Files\Google
    2007-09-03 12:21 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\Subversion
    2007-09-03 12:19 <DIR> d——– C:\Documents and Settings\Hendrik\workspace
    2007-09-03 11:02 <DIR> d——– C:\Program Files\Sybase

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-29 12:23 ——— d—–w C:\Program Files\DivX
    2007-10-25 11:38 ——— d—–w C:\Program Files\Launch Manager
    2007-10-23 19:25 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-23 19:24 ——— d—–w C:\Program Files\TuneUp Utilities 2006
    2007-10-19 07:53 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-10-17 10:01 ——— d—–w C:\Program Files\xampp
    2007-10-10 22:05 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-10-08 20:36 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-09-28 16:07 43,528 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-09-28 16:07 129,784 ——w C:\WINDOWS\system32\pxafs.dll
    2007-09-28 16:07 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2007-09-28 16:07 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2007-09-28 16:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-28 16:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-28 16:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 16:05 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-28 16:05 739,840 —-a-w C:\WINDOWS\system32\DivX.dll
    2007-09-28 16:05 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-09-28 16:05 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-09-28 16:05 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-09-28 16:05 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-09-28 16:05 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-09-28 16:05 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-09-28 16:05 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-09-28 16:05 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-09-24 12:21 ——— d—–w C:\Program Files\Foxit Software
    2007-09-21 21:54 66,608 –sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-09-21 21:54 5,120 –sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-09-21 21:54 4,815,136 –sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-09-21 21:54 32,032 –sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-09-04 09:39 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-09-03 10:58 ——— d—–w C:\Program Files\Java
    2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 271,224 —-a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 17:19 207,736 —-a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-07-18 15:00 298,104 —-a-w C:\WINDOWS\system32\imon.dll
    2007-07-09 13:20 582,656 —-a-w C:\WINDOWS\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [2005-02-25 12:35 C:\WINDOWS\system32\SiSPower.dll]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2005-03-04 12:13]
    "SoundMan"="SOUNDMAN.EXE" [2005-02-23 11:13 C:\WINDOWS\SOUNDMAN.EXE]
    "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-02-23 04:04]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 03:50 C:\WINDOWS\AGRSMMSG.exe]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 07:44]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 07:43]
    "nod32kui"="C:\Program Files\Eset
    od32kui.exe" [2007-07-18 16:00]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-05-07 13:13:43]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu"=01000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk
    backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hendrik^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Hendrik\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
    "C:\Program Files\VMware\VMware Player\hqtray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Adobe LM Service"=3 (0x3)
    "WMPNetworkSvc"=3 (0x3)
    "vsmon"=2 (0x2)
    "VMware NAT Service"=2 (0x2)
    "vmount2"=2 (0x2)
    "VMnetDHCP"=2 (0x2)
    "VMAuthdService"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "TUWinStylerThemeSvc"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)

    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys
    R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
    S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command - F:\start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    AutoRun\command - G:\start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WPI\WPI.hta

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09da598c-1013-11dc-be7c-005056c00008}]
    AutoRun\command - Bas.exe

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-26 15:17:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-30 15:53:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-10-30 15:54:17
    .
    — E O F —
  • Nog even bijzeggen, misschien wel handig:
    explorer.exe start in de veilige modus ook niet, dus of het een virus is weet ik nu ook niet meer zo zeker, nod32 vind ook niets
  • Ook niks te bekennen :roll:

    Kun je [b:65694d48a7]C:\WINDOWS\explorer.exe[/b:65694d48a7] eens uploaden bij Jotti.

    Kopieer bovenstaande dikgedrukte file in het venster en klik op [b:65694d48a7]submit[/b:65694d48a7]. Plaats vervolgens de uitslag hier.


    Download Dr.Web Cureit naar je bureaublad.
    [list:65694d48a7]
    * Dubbelklik [b:65694d48a7]drweb-cureit.exe[/b:65694d48a7] en sta het toe om de express scan te starten.
    * Indien een popup verschijnt met het voorstel tot kopen/50% korting,
    mag je deze sluiten met het kruisje.
    * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:65694d48a7]Yes to all[/b:65694d48a7] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    * Kies bovenaan in het menu voor [b:65694d48a7]Language/Taal[/b:65694d48a7] en wijzig deze naar [b:65694d48a7]Dutch (Nederlands)[/b:65694d48a7] indien deze bij jou anders staat ingesteld.
    * Druk op [b:65694d48a7]F9[/b:65694d48a7] en kies daarna voor [b:65694d48a7]Acties[/b:65694d48a7] en stel daar het volgende in onder [b:65694d48a7]Malware[/b:65694d48a7] :
    o Adware: [b:65694d48a7]Verplaats[/b:65694d48a7]
    Dialers: [b:65694d48a7]Verplaats[/b:65694d48a7]
    Jokes: [b:65694d48a7]Rapportage[/b:65694d48a7]
    Riskware: [b:65694d48a7]Rapportage[/b:65694d48a7]
    Hacktools: [b:65694d48a7]Verplaats[/b:65694d48a7]
    Haal dan het [b:65694d48a7]vinkje weg bij "Prompt bij actie"[/b:65694d48a7].
    Druk dan op [b:65694d48a7]OK[/b:65694d48a7].
    * Druk op [b:65694d48a7]F9[/b:65694d48a7] en kies daarna voor [b:65694d48a7]Scan[/b:65694d48a7] en verwijder het vinkje bij [b:65694d48a7]Heuristische analyse[/b:65694d48a7] en klik op [b:65694d48a7]OK[/b:65694d48a7].
    * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
    * Selecteer hier [b:65694d48a7]alle stations[/b:65694d48a7]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    * Klik daarna de
  • Jotti kan er niets in vinden.

    Ik denk dat dit iets heel raars is, een virus had allang gevonden moeten zijn.

    En mn computer is toch al niet zo lekker snel meer, dus ik doe maar gelijk een nieuwe installatie, dan moet het over zijn.

    bedankt iig pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.