Vraag & Antwoord

Beveiliging & privacy

Hijackthis log explorer start niet

Anoniem
pimvandenderen
6 antwoorden
 • Mijn explorer.exe start wel op, maar wordt gelijk weer afgesloten, ook als ik dit via taakbeheer doet

  hierbij een hackthis log, kan er iemand kijken of er wat mis is, ben bang voor een virus of iets dergelijks

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 15:30:23, on 30-10-2007
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16544)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Acer\eManager\anbmServ.exe
  C:\Program Files\xampp\apache\bin\apache.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
  C:\Program Files\Eset\nod32krn.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\wltrysvc.exe
  C:\WINDOWS\System32\bcmwltry.exe
  C:\Program Files\xampp\apache\bin\apache.exe
  C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
  C:\WINDOWS\system32\cmd.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  D:\Downloads\HiJackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.kliksafe.nl:8080
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;*.local;<local>
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
  O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
  O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
  O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178542306374
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
  O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
  O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


  End of file - 6487 bytes
 • Je logje ziet er schoon uit, doe het volgende eens:

  Download Combofix naar je Bureaublad.
  [list:f156263277]
  Dubbelklik [b:f156263277]Combofix.exe[/b:f156263277]
  Volg de instructies, aanvaard de disclaimer door "[b:f156263277]1[/b:f156263277]" te typen en te bevestigen via "[b:f156263277]Enter[/b:f156263277]".
  Tijdens het runnen van de fix, [b:f156263277]NIET[/b:f156263277] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:f156263277]

  Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
  [i:f156263277]Plaats deze log in je volgende post[/i:f156263277]

  [b:f156263277]Note:[/b:f156263277] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

  Succes!

  Pim
 • Hoi, kreeg de log al voor de restart, stond dit in, probleem is alleen nog niet opgelost:

  ComboFix 07-10-30.5 - Hendrik 2007-10-30 15:50:04.1 - NTFSx86
  Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.450 [GMT 1:00]
  Gestart vanuit: D:\Downloads\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))
  .

  2007-10-30 15:49 51,200 –a—— C:\WINDOWS\NirCmd.exe
  2007-10-30 10:30 <DIR> d–h—– C:\Documents and Settings\Administrator\Sjablonen
  2007-10-30 10:30 <DIR> d–h—– C:\Documents and Settings\Administrator\Onlangs geopend
  2007-10-30 10:30 <DIR> d–h—– C:\Documents and Settings\Administrator\Netwerkprinteromgeving
  2007-10-30 10:30 <DIR> d——– C:\Documents and Settings\Administrator\Mijn documenten
  2007-10-30 10:30 <DIR> dr——- C:\Documents and Settings\Administrator\Menu Start
  2007-10-30 10:30 <DIR> d——– C:\Documents and Settings\Administrator\Favorieten
  2007-10-30 10:30 <DIR> d——– C:\Documents and Settings\Administrator\Bureaublad
  2007-10-30 10:26 1,036,800 –a–c— C:\WINDOWS\system32\dllcache\explorer.exe
  2007-10-30 10:26 1,036,800 –a—— C:\WINDOWS\explorer.exe
  2007-10-26 13:40 <DIR> d–h—– C:\WINDOWS\system32\GroupPolicy
  2007-10-25 19:51 552 –a—— C:\WINDOWS\system32\d3d8caps.dat
  2007-10-23 20:17 <DIR> d——– C:\Program Files\TuneUp Utilities 2007
  2007-10-23 20:17 24,072 –a—— C:\WINDOWS\system32\uxtuneup.dll
  2007-10-23 20:08 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\Thinstall
  2007-10-19 09:00 <DIR> d——– C:\Documents and Settings\All Users\Application Data\FLEXnet
  2007-10-19 08:53 <DIR> d——– C:\Program Files\Bonjour
  2007-10-19 08:41 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
  2007-10-11 10:20 <DIR> d——– C:\Documents and Settings\Hendrik\.eclipse
  2007-10-10 22:10 582,656 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
  2007-10-08 21:37 <DIR> dr-h—– C:\Documents and Settings\Hendrik\Onlangs geopend
  2007-10-08 21:36 <DIR> d——– C:\Program Files\ToniArts
  2007-09-28 17:08 156,992 –a—— C:\WINDOWS\system32\DivXCodecVersionChecker.exe
  2007-09-28 17:07 3,596,288 –a—— C:\WINDOWS\system32\qt-dx331.dll
  2007-09-28 17:07 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
  2007-09-28 17:07 524,288 –a—— C:\WINDOWS\system32\DivXsm.exe
  2007-09-28 17:07 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll
  2007-09-27 13:42 <DIR> d——– C:\Program Files\Microsoft
  2007-09-26 10:58 <DIR> d——– C:\Program Files\PRAKVAAR
  2007-09-18 20:20 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Protexis
  2007-09-18 20:20 80 -r-hs—- C:\WINDOWS\system32\E574519813.dll
  2007-09-18 20:09 <DIR> d——– C:\Documents and Settings\Hendrik\WINDOWS
  2007-09-18 14:06 52,184 –ah—– C:\WINDOWS\system32\mlfcache.dat
  2007-09-17 15:31 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\Ahead
  2007-09-17 15:28 <DIR> d——– C:\Program Files\Nero
  2007-09-17 15:28 <DIR> d——– C:\Program Files\Common Files\Ahead
  2007-09-07 10:22 <DIR> d——– C:\TMP
  2007-09-06 20:25 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\TortoiseSVN
  2007-09-04 17:37 <DIR> d——– C:\Program Files\TortoiseSVN
  2007-09-04 08:57 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\Apple Computer
  2007-09-03 20:09 <DIR> d——– C:\Program Files\Google
  2007-09-03 12:21 <DIR> d——– C:\Documents and Settings\Hendrik\Application Data\Subversion
  2007-09-03 12:19 <DIR> d——– C:\Documents and Settings\Hendrik\workspace
  2007-09-03 11:02 <DIR> d——– C:\Program Files\Sybase

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2007-10-29 12:23 ——— d—–w C:\Program Files\DivX
  2007-10-25 11:38 ——— d—–w C:\Program Files\Launch Manager
  2007-10-23 19:25 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
  2007-10-23 19:24 ——— d—–w C:\Program Files\TuneUp Utilities 2006
  2007-10-19 07:53 ——— d—–w C:\Program Files\Common Files\Adobe
  2007-10-17 10:01 ——— d—–w C:\Program Files\xampp
  2007-10-10 22:05 ——— d—–w C:\Documents and Settings\All Users\Application Data\Microsoft Help
  2007-10-08 20:36 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2007-09-28 16:07 43,528 ——w C:\WINDOWS\system32\drivers\PxHelp20.sys
  2007-09-28 16:07 129,784 ——w C:\WINDOWS\system32\pxafs.dll
  2007-09-28 16:07 120,056 ——w C:\WINDOWS\system32\pxcpyi64.exe
  2007-09-28 16:07 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
  2007-09-28 16:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx0c.dll
  2007-09-28 16:05 823,296 —-a-w C:\WINDOWS\system32\divx_xx07.dll
  2007-09-28 16:05 81,920 —-a-w C:\WINDOWS\system32\dpl100.dll
  2007-09-28 16:05 802,816 —-a-w C:\WINDOWS\system32\divx_xx11.dll
  2007-09-28 16:05 739,840 —-a-w C:\WINDOWS\system32\DivX.dll
  2007-09-28 16:05 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
  2007-09-28 16:05 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
  2007-09-28 16:05 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
  2007-09-28 16:05 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
  2007-09-28 16:05 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
  2007-09-28 16:05 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
  2007-09-28 16:05 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
  2007-09-28 16:05 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
  2007-09-24 12:21 ——— d—–w C:\Program Files\Foxit Software
  2007-09-21 21:54 66,608 –sha-w C:\WINDOWS\system32\drivers\fidbox.idx
  2007-09-21 21:54 5,120 –sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
  2007-09-21 21:54 4,815,136 –sha-w C:\WINDOWS\system32\drivers\fidbox.dat
  2007-09-21 21:54 32,032 –sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
  2007-09-04 09:39 ——— d—–w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
  2007-09-03 10:58 ——— d—–w C:\Program Files\Java
  2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
  2007-07-30 17:19 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
  2007-07-30 17:19 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
  2007-07-30 17:19 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
  2007-07-30 17:19 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
  2007-07-30 17:19 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
  2007-07-30 17:19 271,224 —-a-w C:\WINDOWS\system32\mucltui.dll
  2007-07-30 17:19 207,736 —-a-w C:\WINDOWS\system32\muweb.dll
  2007-07-30 17:19 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
  2007-07-30 17:19 1,712,984 —-a-w C:\WINDOWS\system32\wuaueng.dll
  2007-07-30 17:18 33,624 —-a-w C:\WINDOWS\system32\wups.dll
  2007-07-18 15:00 298,104 —-a-w C:\WINDOWS\system32\imon.dll
  2007-07-09 13:20 582,656 —-a-w C:\WINDOWS\system32\rpcrt4.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SiSPower"="SiSPower.dll" [2005-02-25 12:35 C:\WINDOWS\system32\SiSPower.dll]
  "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2005-03-04 12:13]
  "SoundMan"="SOUNDMAN.EXE" [2005-02-23 11:13 C:\WINDOWS\SOUNDMAN.EXE]
  "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-02-23 04:04]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 03:50 C:\WINDOWS\AGRSMMSG.exe]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 07:44]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 07:43]
  "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-18 16:00]
  "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]

  C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
  Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-05-07 13:13:43]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  "NoRecentDocsMenu"=01000000

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Service Manager.lnk]
  path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk
  backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hendrik^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
  path=C:\Documents and Settings\Hendrik\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
  backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
  C:\WINDOWS\system32\ctfmon.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
  "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
  C:\Program Files\PowerISO\PWRISOVM.EXE

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
  "C:\Program Files\VMware\VMware Player\hqtray.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
  "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
  "Adobe LM Service"=3 (0x3)
  "WMPNetworkSvc"=3 (0x3)
  "vsmon"=2 (0x2)
  "VMware NAT Service"=2 (0x2)
  "vmount2"=2 (0x2)
  "VMnetDHCP"=2 (0x2)
  "VMAuthdService"=2 (0x2)
  "usnjsvc"=3 (0x3)
  "TUWinStylerThemeSvc"=3 (0x3)
  "ose"=3 (0x3)
  "odserv"=3 (0x3)
  "Microsoft Office Groove Audit Service"=3 (0x3)

  R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys
  R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys
  R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
  R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
  S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
  S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
  UxTuneUp

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
  AutoRun\command - F:\start.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
  AutoRun\command - G:\start.exe

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
  AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WPI\WPI.hta

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09da598c-1013-11dc-be7c-005056c00008}]
  AutoRun\command - Bas.exe

  *Newly Created Service* - CATCHME
  .
  Inhoud van de 'Gedeelde Taken' map
  "2007-10-26 15:17:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
  .
  **************************************************************************

  catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-10-30 15:53:36
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 2007-10-30 15:54:17
  .
  — E O F —
 • Nog even bijzeggen, misschien wel handig:
  explorer.exe start in de veilige modus ook niet, dus of het een virus is weet ik nu ook niet meer zo zeker, nod32 vind ook niets
 • Ook niks te bekennen :roll:

  Kun je [b:65694d48a7]C:\WINDOWS\explorer.exe[/b:65694d48a7] eens uploaden bij Jotti.

  Kopieer bovenstaande dikgedrukte file in het venster en klik op [b:65694d48a7]submit[/b:65694d48a7]. Plaats vervolgens de uitslag hier.


  Download Dr.Web Cureit naar je bureaublad.
  [list:65694d48a7]
  * Dubbelklik [b:65694d48a7]drweb-cureit.exe[/b:65694d48a7] en sta het toe om de express scan te starten.
  * Indien een popup verschijnt met het voorstel tot kopen/50% korting,
  mag je deze sluiten met het kruisje.
  * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
  klik de [b:65694d48a7]Yes to all[/b:65694d48a7] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
  * Kies bovenaan in het menu voor [b:65694d48a7]Language/Taal[/b:65694d48a7] en wijzig deze naar [b:65694d48a7]Dutch (Nederlands)[/b:65694d48a7] indien deze bij jou anders staat ingesteld.
  * Druk op [b:65694d48a7]F9[/b:65694d48a7] en kies daarna voor [b:65694d48a7]Acties[/b:65694d48a7] en stel daar het volgende in onder [b:65694d48a7]Malware[/b:65694d48a7] :
  o Adware: [b:65694d48a7]Verplaats[/b:65694d48a7]
  Dialers: [b:65694d48a7]Verplaats[/b:65694d48a7]
  Jokes: [b:65694d48a7]Rapportage[/b:65694d48a7]
  Riskware: [b:65694d48a7]Rapportage[/b:65694d48a7]
  Hacktools: [b:65694d48a7]Verplaats[/b:65694d48a7]
  Haal dan het [b:65694d48a7]vinkje weg bij "Prompt bij actie"[/b:65694d48a7].
  Druk dan op [b:65694d48a7]OK[/b:65694d48a7].
  * Druk op [b:65694d48a7]F9[/b:65694d48a7] en kies daarna voor [b:65694d48a7]Scan[/b:65694d48a7] en verwijder het vinkje bij [b:65694d48a7]Heuristische analyse[/b:65694d48a7] en klik op [b:65694d48a7]OK[/b:65694d48a7].
  * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
  * Selecteer hier [b:65694d48a7]alle stations[/b:65694d48a7]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
  * Klik daarna de
 • Jotti kan er niets in vinden.

  Ik denk dat dit iets heel raars is, een virus had allang gevonden moeten zijn.

  En mn computer is toch al niet zo lekker snel meer, dus ik doe maar gelijk een nieuwe installatie, dan moet het over zijn.

  bedankt iig pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.