Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

omg jij naakt ? virus

None
12 antwoorden
  • Gister heb ik op een link geklikt die ik kreeg van mijn broer met de tekst erin; omg jij naakt ?
    Sindsdien doet msn raar.
    Heb al op internet rondgekeken hoe ik het weg krijg maar kan niets vinden.
    Weet iemand hoe ik hier vanaf kom, en kan iemand hier mij mee helpen?

    Alvast bedankt
  • Download hier () en sla het op je bureaublad.
    Dubbelklik [b:0c29584e43]MSNFix.exe[/b:0c29584e43], er zal nu een icoontje op je bureaublad verschijnen.

    Dubbelklik het icoontje "[b:0c29584e43]Start MSNFix[/b:0c29584e43]"en laat het zijn gang gaan.
    (Indien je meldingen krijgt van je scanner e.d. sta dit toe).

    Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (C:\MSNFix.txt). Post deze in je volgende reactie.

    Post ook een Hijackthis logje, hier staat hoe dit moet:
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358
  • Logfile of HijackThis v1.99.1
    Scan saved at 12:54:31, on 2-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    C:\Program Files\FTD Watchdog\FtdMonitor.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\grabit\GrabIt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\AntiVirus\AVRealTime.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [FTD Watchdog Monitor] C:\Program Files\FTD Watchdog\FtdMonitor.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin4.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143490245812
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.double-z.nl/plugins/doublez_ie.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AA733B87-28E7-4263-ABAC-32F21F83943F}: NameServer = 213.51.144.37,213.51.129.37
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: sweepsrv.sys - Unknown owner - C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\sweepsrv.sys (file missing)


  • Dit werkte bij mij niet.
    Kreeg heel de tijd een melding dat het niet geschikt was voor windows.
  • [quote:070f65d9c2]
    Kreeg heel de tijd een melding dat het niet geschikt was voor windows.
    [/quote:070f65d9c2]

    Waarbij krijg je die melding? Kan je de precieze foutmelding geven?

    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:070f65d9c2]
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    [/b:070f65d9c2]

    Sluit alle openstaande vensters, behalve Hijackthis en klik op Fix checked.

    Download Combofix naar je Bureaublad.
    [list:070f65d9c2]
    Dubbelklik [b:070f65d9c2]Combofix.exe[/b:070f65d9c2]
    Volg de instructies, aanvaard de disclaimer door "[b:070f65d9c2]1[/b:070f65d9c2]" te typen en te bevestigen via "[b:070f65d9c2]Enter[/b:070f65d9c2]".
    Tijdens het runnen van de fix, [b:070f65d9c2]NIET[/b:070f65d9c2] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:070f65d9c2]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:070f65d9c2]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:070f65d9c2]

    [b:070f65d9c2]Note:[/b:070f65d9c2] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.

    Succes!

    Pim :)
  • Misschien geen erg zinvolle bijdrage, want het kwaad is al geschied, maar wie ter wereld klikt er nou op een binnenkomend bestand met zo'n titel? Dat vraagt nee schreeuwt toch gewoon om problemen? Je voelt toch met de klompen aan dat zoiets niet deugt?
    Bij mij verdwijnt een bericht met die woordkeuze altijd ongezien naar het land van delete.
  • Hier een afbeelding als het gelukt is hem te plaatsen

    [img:e39d15d342]http://img213.imageshack.us/img213/7931/screenshot001qn0.th.png[/img:e39d15d342]





    ComboFix 07-11-02.3 - Eigenaar 2007-11-02 14:31:33.1 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Eigenaar\Application Data\inst.exe
    C:\Program Files\autorun.inf

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))
    .

    2007-11-02 14:28 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2007-11-02 11:57 <DIR> d——– C:\BackUpMSNCleaner
    2007-11-02 09:33 <DIR> d——– C:\Documents and Settings\Eigenaar\Application Data\Grisoft
    2007-11-02 09:31 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-02 09:31 10,872 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-01 21:05 <DIR> d——– C:\Program Files\FTD Watchdog
    2007-11-01 18:44 17,874,288 –a—— C:\Program Files\Install_Messenger.exe
    2007-10-28 02:57 49,152 –a—— C:\WINDOWS\system32
    ircmd.exe
    2007-10-28 02:57 16,384 –a—— C:\WINDOWS\system32\restart.exe
    2007-10-28 02:57 11,254 –a—— C:\WINDOWS\system32\locate.com
    2007-10-22 08:45 <DIR> d——– C:\Program Files\Freddi Fish 4 - De Kidnapping in de Zilte Zee
    2007-10-21 10:09 <DIR> d——– C:\Program Files\Putt-Putt 3 - De Autostad 500
    2007-10-20 08:16 <DIR> d——– C:\Documents and Settings\Eigenaar\Application Data\GrabIt
    2007-10-20 08:08 <DIR> d——– C:\Program Files\grabit
    2007-10-20 08:04 <DIR> d——– C:\Program Files\FTDv3.8
    2007-10-09 19:40 582,656 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-02 08:32 ——— d—–w C:\Program Files\ewido anti-spyware 4.0
    2007-11-02 08:00 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-02 07:59 ——— d—–w C:\Program Files\DC++
    2007-11-01 21:31 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-01 21:31 ——— d—–w C:\Program Files\QuickTime
    2007-11-01 21:28 ——— d—–w C:\Program Files\Zylom Games
    2007-11-01 18:12 ——— d—–w C:\Documents and Settings\All Users\Application Data\clp
    2007-10-28 11:14 ——— d—–w C:\Program Files\AltBinz
    2007-10-28 11:12 47,360 —-a-w C:\Documents and Settings\Eigenaar\Application Data\pcouffin.sys
    2007-10-28 11:12 ——— d—–w C:\Program Files\Rainforest Adventure
    2007-10-28 11:12 ——— d—–w C:\Program Files\DVDFab Platinum 3
    2007-10-28 11:12 ——— d—–w C:\Documents and Settings\Eigenaar\Application Data\Vso
    2007-10-28 11:09 ——— d—–w C:\Program Files\Hitman Pro
    2007-10-28 11:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-28 11:07 ——— d—–w C:\Documents and Settings\Eigenaar\Application Data\Lavasoft
    2007-10-10 19:36 ——— d—–w C:\Program Files\Java
    2007-07-27 13:05 502,412 —-a-w C:\Program Files\QuickPar-0.9.1.0-NLD.exe
    2007-07-27 12:36 1,864,977 —-a-w C:\Program Files\SetupFTDv3.7.3.zip
    2007-07-27 12:35 1,073,308 —-a-w C:\Program Files\altbinz0242.exe
    2007-01-19 12:17 1,761 —-a-w C:\Program Files\PC Antivirus.lnk
    2006-10-18 20:02 2,193 —-a-w C:\Program Files\CID2206.nzb
    2006-10-17 16:34 11,600,073 —-a-w C:\Program Files\BrickquestSetup.exe
    2006-09-12 19:05 12,789,248 —-a-w C:\Program Files\MP10Setup.exe
    2006-03-27 20:24 234,855 —-a-w C:\Program Files\hoster.zip
    2006-02-19 14:33 1,464,784 —-a-w C:\Program Files
    b505-install.exe
    2005-10-14 17:28 774,144 —-a-w C:\Program Files\RngInterstitial.dll
    2005-10-13 16:21 128,283 —-a-w C:\Program Files\ATLANTIS.EXE
    2005-09-21 10:27 49,672 —-a-w C:\Documents and Settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
    2005-07-25 18:34 999,293 —-a-w C:\Program Files\PrintScreen30_Setup.exe
    2005-07-22 11:34 3,595,259 —-a-w C:\Program Files\flashdemo.exe
    2005-05-22 20:21 15,991,392 —-a-w C:\Program Files\jre-1_5_0_02-windows-i586-p.exe
    2005-04-29 16:18 5,243,344 —-a-w C:\Program Files\SetupDl.exe
    2005-03-12 17:44 21,122 —ha-w C:\Program Files\Dutch.GID
    2005-03-12 17:43 41,961 —-a-w C:\Program Files\Dutch.lng
    2005-03-12 17:43 219,383 —-a-w C:\Program Files\Dutch.exe
    2005-03-12 17:43 214,662 —-a-w C:\Program Files\Dutch.hlp
    2005-03-12 17:43 1,779 —-a-w C:\Program Files\Dutch.cnt
    2005-03-12 17:38 1,665,325 —-a-w C:\Program Files\agsetup.exe
    2005-03-01 17:42 33 —-a-w C:\Program Files\listen.ram
    2005-02-25 11:53 2,495,484 —-a-w C:\Program Files\DCPlusPlus-0.670.exe
    2004-08-15 21:06 4,187,470 —-a-w C:\Program Files\SETUP.EXE
    2004-06-27 07:02 493,384 —-a-w C:\Program Files\ie6setup.exe
    2004-03-27 20:07 3,286,795 —-a-w C:\Program Files\DivX_Codec.exe
    2004-03-26 18:39 174,763 —-a-w C:\Program Files\msvcr70.exe
    2004-03-18 20:31 678 —ha-w C:\Documents and Settings\Eigenaar\hpothb07.dat
    2004-03-14 10:30 6,377,789 —-a-w C:\Program Files\videoLAN.exe
    2004-01-09 13:22 1,897,672 —-a-w C:\Program Files\winzip81.exe
    2002-07-31 23:00 303,104 —-a-w C:\Program Files\msvcr70.dll
    2001-06-22 21:48 27,648 —-a-w C:\Program Files\sylia.dll
    2004-05-11 05:36:53 32 –sha-w C:\WINDOWS\{67D13754-17D2-4AA4-95A8-A94E498D1D86}.dat
    2004-02-01 11:47:07 0 –sha-w C:\WINDOWS\SMINST\HPCD.sys
    2005-11-30 17:07:53 2,516 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2004-05-11 05:36:53 32 –sha-w C:\WINDOWS\system32\{70131279-77CC-4393-B093-2341C36F47FE}.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 13:07]
    "WinCinemaMgr"="C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe" [2003-08-07 12:57]
    "Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-08-08 08:51]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 03:42]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 05:19]
    "nwiz"="nwiz.exe" [2003-05-03 05:19 C:\WINDOWS\system32
    wiz.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 02:28]
    "Dit"="Dit.exe" [2003-07-16 13:56 C:\WINDOWS\Dit.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-12 12:50]
    "DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2003-07-23 10:41]
    "Preventon RealTime Antivirus"="C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\AntiVirus\AVRealTime.exe" []
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "FTD Watchdog Monitor"="C:\Program Files\FTD Watchdog\FtdMonitor.exe" [2007-10-05 02:16]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW"="nview.dll" [2003-05-03 05:19 C:\WINDOWS\system32
    view.dll]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\MSMSGS.EXE" /background

    R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS
    vcap.sys
    R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
    R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys
    R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    S3 InterCheck Control;InterCheck Control;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntdrv5.sys
    S3 InterCheck Filter;InterCheck Filter;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntflt5.sys
    S3 InterCheck Support 01;InterCheck Support 01;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst01.sys
    S3 InterCheck Support 02;InterCheck Support 02;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst02.sys
    S3 InterCheck Support 03;InterCheck Support 03;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst03.sys
    S3 InterCheck Support 04;InterCheck Support 04;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst04.sys
    S3 InterCheck Support 05;InterCheck Support 05;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst05.sys
    S3 InterCheck Support 06;InterCheck Support 06;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst06.sys
    S3 InterCheck Support 07;InterCheck Support 07;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst07.sys
    S3 InterCheck Support 08;InterCheck Support 08;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst08.sys
    S3 InterCheck Support 09;InterCheck Support 09;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst09.sys
    S3 InterCheck Support 10;InterCheck Support 10;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst10.sys
    S3 InterCheck Support 11;InterCheck Support 11;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst11.sys
    S3 InterCheck Support 12;InterCheck Support 12;\??\C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\icntst12.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

    *Newly Created Service* - AVGASCLN
    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-02 13:00:00 C:\WINDOWS\Tasks\A1F715C991848E81.job"
    "2007-11-02 13:00:00 C:\WINDOWS\Tasks\B7CCEF6391DF98C7.job"
    "2006-08-18 09:30:41 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1124006565.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    "2007-11-01 23:00:00 C:\WINDOWS\Tasks\{751125B8-E4CD-4FB7-A3B2-B849266CEB0A}_CP253145-B_Eigenaar.job"
    - C:\WINDOWS\system32\mobsync.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 14:40:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    **************************************************************************
    .
    Voltooingstijd: 2007-11-02 14:42:12
    .
    — E O F —






    Logfile of HijackThis v1.99.1
    Scan saved at 14:51:25, on 2-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\WINDOWS\system32\ps2.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP DVD\Umbrella\DVDTray.exe
    C:\Program Files\FTD Watchdog\FtdMonitor.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\grabit\GrabIt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\grabit\external\unrar\unrar.exe
    C:\Documents and Settings\Eigenaar\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [Preventon RealTime Antivirus] C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\AntiVirus\AVRealTime.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [FTD Watchdog Monitor] C:\Program Files\FTD Watchdog\FtdMonitor.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin4.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143490245812
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.double-z.nl/plugins/doublez_ie.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AA733B87-28E7-4263-ABAC-32F21F83943F}: NameServer = 213.51.144.37,213.51.129.37
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: sweepsrv.sys - Unknown owner - C:\Documents and Settings\Eigenaar\Bureaublad\@Home veiligheid\Antivirus\sweepsrv.sys (file missing)







  • De oplossing:
    - Sluit MSN helemaal af, dat er geen icoontje meer staat rechts onderin.
    - Start Taak Beheer met CTRL-SHIFT-ESC en ga naar Processen.
    - Sorteer deze alfabetisch en klik en sluit alles wat begint met "msn".
    - Leeg daarna je Tijdelijke Internet Bestanden folder en leeg je Prullebak.
    - Start opnieuw op. Nu zou het virus verwijderd moeten zijn.



    Heb je daarna nog steeds last van het virus, voer dan het volgende uit:

    - Zoek registersleutel met regedit;
    - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    - Verwijder daar: Graphic Update = %Temp%\msnmsgs.exe

    - Zoek registersleutel: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htc
    - Dubbelklik op Content Type (aan de rechterkant)
    - Daar moet zijn ingevuld: text/x-component
    - Wanneer je deze foute msnmsgs.exe hebt gestart is dat gewijzigd in: 0x00
    - Verander dat dan weer in: text/x-component

    Start daarna je PC opnieuw op. Dan is het probleem opgelost.



    :D 8)
  • Voor de mensen die niet zo technisch zijn en snel resultaat willen boeken: Nicorp.nl/antivirus. (http://www.nicorp.nl/antivirus/)

    Uitgebreide handleiding om het virus met de melding 'omg jij naakt ?' uit je systeem te verwijderen.
    Werkt gegarandeerd, het heeft al honderden mensen geholpen.

    Succes!
  • Hoi Calleke,

    Ik heb even overlegt waarom MSNfix niet wou lopen, probeer het eens met onderstaande instructies. Verwijder de oude MSNfix!

    Download hier () en sla het op je bureaublad.
    Dubbelklik [b:cf70676261]MSNFix.exe[/b:cf70676261], er zal nu een icoontje op je bureaublad verschijnen.

    Dubbelklik het icoontje "[b:cf70676261]Start MSNFix[/b:cf70676261]"en laat het zijn gang gaan.
    (Indien je meldingen krijgt van je scanner e.d. sta dit toe).

    Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (C:\MSNFix.txt). Post deze in je volgende reactie.

    Post ook een nieuw Combofix logje en een Hijackthis logje gemaakt met deze versie van Hijackthis: http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    Succes!

    Pim
  • ik heb de laatst ook het virus binnengekregen. ben ook zo dom geweest om dr op te klikken alleen was het nu voor je msn contacts ofzo. daarvoor had ik wel zon link van omg jij naakt gekregen.

    ik heb hier mijn txt bestandje is dit dan goed?

    ———- BENDEBOYS MSNFIX RAPORT ———-
    - Version: 3.6.0.5 - Last Update: 07/11/07
    - Scan performed on: wo 07-11-2007 - 13:46:27,14 By de Gooijer
    - Bootmode: Normal Mode

    ((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))

    2007-11-07 -13:36:08 - A.S.. "C:\WINDOWS\bootstat.dat"
    2007-10-07 -14:45:18 - A…. "C:\WINDOWS\eReg.dat"
    2007-10-10 -18:28:08 - A…. "C:\WINDOWS\WLXPGSS.SCR"
    2007-10-01 -15:11:14 - A…. "C:\WINDOWS\system32\CmdLineExt.dll"
    2007-09-15 - 6:56:22 - A…. "C:\WINDOWS\system32\FNTCACHE.DAT"
    2007-09-28 - 6:19:40 - A…. "C:\WINDOWS\system32\MRT.exe"
    2007-10-29 -18:42:44 - A…. "C:\WINDOWS\system32\perfc009.dat"
    2007-11-01 -14:25:22 - A…. "C:\WINDOWS\system32\perfc013.dat"
    2007-10-29 -18:42:44 - A…. "C:\WINDOWS\system32\perfh009.dat"
    2007-11-01 -14:25:22 - A…. "C:\WINDOWS\system32\perfh013.dat"
    2007-11-04 -11:23:06 - A…. "C:\WINDOWS\system32\~.exe"
    2007-11-07 -13:40:28 - A..H. "C:\Documents and Settings\de Gooijer\NTUSER.DAT"

    ((((((((((((((( FOUND FILES )))))))))))))))

    !! BEFORE FIX !!


    !! AFTER FIX !!


    ((((((((((((((( ShellServiceObjectDelayLoad )))))))))))))))

    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  • Ziet er goed uit!
    Kan je ook een Hijackthis post plaatsen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.