Vraag & Antwoord
hyjack file
16 antwoorden
- mijn computer doet raar en is traag heb een file erbij gezet wat te doen
gr Cees
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:36, on 3-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
–
End of file - 5447 bytes - Weet je zeker dat je het hele logje hebt gekopieert, ik mis namelijk onderaan een heleboel regels?
- Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:26, on 4-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
–
End of file - 5448 bytes
dit is alles wat er uit komt - Download Combofix naar je [b:6cd6c53ace]bureaublad[/b:6cd6c53ace]
Dubbelklik op [u:6cd6c53ace]combofix.exe[/u:6cd6c53ace]
Kies voor "Continue" door [b:6cd6c53ace]1[/b:6cd6c53ace] te typen gevolgd door [b:6cd6c53ace]ENTER[/b:6cd6c53ace].
Tijdens het runnen van de fix, [b:6cd6c53ace]NIET[/b:6cd6c53ace] in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log [b:6cd6c53ace]combofix.txt[/b:6cd6c53ace] openen. Bewaar dit logje.
[i:6cd6c53ace]NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.[/i:6cd6c53ace]
Plaats in je volgende antwoord het logje van combofix ([i:6cd6c53ace]combofix.txt[/i:6cd6c53ace])
Succes!
Pim - ComboFix 07-11-01.1 - Cees De Vries 2007-11-04 21:00:18.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Cees De Vries\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\#SharedObjects\5NTC5VTG\iforex.com
C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\#SharedObjects\5NTC5VTG\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Cees De Vries\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-10-04 to 2007-11-04 ))))))))))))))))))))))))))))))
.
2007-11-04 20:59 51,200 –a—— C:\WINDOWS\NirCmd.exe
2007-11-03 09:01 <DIR> d——– C:\Program Files\Trend Micro
2007-11-01 09:35 <DIR> d——– C:\Documents and Settings\Cees De Vries\Application Data\Yahoo!
2007-11-01 09:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 09:33 <DIR> d——– C:\Program Files\Yahoo!
2007-10-31 19:30 462,848 –a—— C:\WINDOWS\system32\ltkrn13n.dll
2007-10-31 19:30 450,560 –a—— C:\WINDOWS\system32\ltimg13n.dll
2007-10-31 19:30 401,408 –a—— C:\WINDOWS\system32\lfcmp13n.dll
2007-10-31 19:30 299,008 –a—— C:\WINDOWS\system32\ltdis13n.dll
2007-10-31 19:30 206,336 –a—— C:\WINDOWS\system32\ltefx13n.dll
2007-10-31 19:30 163,840 –a—— C:\WINDOWS\system32\ltfil13n.dll
2007-10-31 19:30 69,632 –a—— C:\WINDOWS\system32\lfgif13n.dll
2007-10-31 19:30 57,344 –a—— C:\WINDOWS\system32\lfbmp13n.dll
2007-10-26 12:09 <DIR> d——– C:\Program Files\Google
2007-10-15 14:58 <DIR> d——– C:\Documents and Settings\Cees De Vries\Application Data\Leadertech
2007-10-11 12:34 <DIR> d——– C:\Documents and Settings\Cees De Vries\DoctorWeb
2007-10-10 14:43 271,224 –a—— C:\WINDOWS\system32\mucltui.dll
2007-10-10 14:43 207,736 –a—— C:\WINDOWS\system32\muweb.dll
2007-10-10 14:24 32,592 –a—— C:\WINDOWS\system32\msonpmon.dll
2007-10-10 14:23 <DIR> d——– C:\Program Files\Microsoft Works
2007-10-10 14:22 <DIR> d——– C:\Program Files\Microsoft.NET
2007-10-10 14:20 <DIR> d——– C:\WINDOWS\SHELLNEW
2007-10-10 14:19 <DIR> dr-h—– C:\MSOCache
2007-10-10 14:19 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-09 10:57 <DIR> d——– C:\Program Files\MSAC-FD1
2007-10-09 10:57 113,812 ——— C:\WINDOWS\system32\drivers\FPMSNT.SYS
2007-10-09 10:57 73,296 ——— C:\WINDOWS\system32\drivers\sdselect.sys
2007-10-09 10:57 26,848 ——— C:\WINDOWS\system32\drivers\sdfdc.sys
2007-10-09 10:57 21,264 ——— C:\WINDOWS\system32\drivers\SdFloppy.sys
2007-10-09 10:56 <DIR> d——– C:\temp\bjc1000Win2kXPv150
2007-10-09 10:56 <DIR> d——– C:\temp
2007-10-05 11:21 221,184 –a—— C:\WINDOWS\system32\wmpns.dll
2007-10-04 13:18 <DIR> d——– C:\Program Files\MSXML 4.0
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 09:57 ——— d–h–w C:\Program Files\InstallShield Installation Information
2007-10-06 07:17 ——— d—–w C:\Program Files\Java
2007-10-03 13:28 ——— d—–w C:\Documents and Settings\Cees De Vries\Application Data\Nokia Multimedia Player
2007-10-03 09:02 ——— d—–w C:\Documents and Settings\Cees De Vries\Application Data\Nokia
2007-10-03 09:00 ——— d—–w C:\Documents and Settings\Cees De Vries\Application Data\Datalayer
2007-10-03 08:58 ——— d—–w C:\Documents and Settings\Cees De Vries\Application Data\PC Suite
2007-10-03 08:57 ——— d—–w C:\Program Files\Nokia
2007-10-03 08:56 ——— d—–w C:\Program Files\Common Files\PCSuite
2007-10-03 08:56 ——— d—–w C:\Program Files\Common Files\Nokia
2007-10-03 08:56 ——— d—–w C:\Program Files\Common Files\InstallShield
2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:18 683,520 —-a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:02 824,832 —-a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:02 671,232 —-a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:02 63,488 ——w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:02 6,058,496 ——w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:02 52,224 ——w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:02 477,696 —-a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:02 459,264 ——w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:02 44,544 —-a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:02 384,512 —-a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:02 383,488 ——w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:02 3,584,512 —-a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:02 27,648 —-a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:02 267,776 ——w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:02 232,960 —-a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:02 230,400 —-a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:02 214,528 —-a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:02 193,024 —-a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:02 153,088 —-a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:02 132,608 —-a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:02 124,928 —-a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:02 105,984 —-a-w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:02 102,400 —-a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:02 1,152,000 —-a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:23 63,488 —-a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:23 625,152 —-a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:23 13,824 ——w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 —-a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-04-30 08:23 C:\WINDOWS\mixer.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-09-06 13:45]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 14:29]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 10:44]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 14:49]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Memory Stick Monitor.lnk - C:\Program Files\MSAC-FD1\MSSTAT.EXE [2007-10-09 10:57:20]
R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys
R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 21:01:50
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
–
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\[u:2a6e1023c0]0[/u:2a6e1023c0]0"
.
Voltooingstijd: 2007-11-04 21:02:34
.
— E O F — - Scan de volgende file bij jotti: http://virusscan.jotti.org/
[b:2409727974]C:\WINDOWS\system32\drivers\FPMSNT.SYS[/b:2409727974]
Post de uitslag van de scan in je volgende bericht.
Herhaal dit voor:
[b:2409727974]C:\WINDOWS\system32\drivers\Sdselect.sys [/b:2409727974]
Kun je eens duidelijk omschrijven wat je problemen zijn?
Pim
- Service load: 0% 100%
File: FPMSNT.SYS
Status: OK
MD5: b8842541c0ec22aa64148046f65a3e39
Packers detected: -
Bit9 reports: No threat detected (more info)
Service load: 0% 100%
File: sdselect.sys
Status: OK
MD5: 7c4b01e60c2fd76ed7bc408b87d226c3
Packers detected: -
Bit9 reports: No threat detected (more info)
hij word steeds trager pim en loopt heel af en toe vast - Download F-Secure Blacklight: https://europe.f-secure.com/blacklight/
Plaats het op je bureaublad.
Dubbelklik blbeta.exe.
Klik op "I accept the agreement".
Klik op "Next".
Klik op "Scan" en als het programma klaar is klik je daarna op "Next".
Indien Blacklight iets vindt, zal het een lijst van bestanden weergeven.
Laat nog niks hernoemen.
Op je bureaublad staat een bestand met de naam fsbl.xxxxxxx.log (de x-en staan voor getallen)
Dit is het logje dat blacklight gemaakt heeft. Post het.
Download ATF Cleaner ( van Atribune)
Dubbelklik op [b:659ef75766]ATF cleaner[/b:659ef75766] om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch.
Klik op de knop Empty Selected.
Gebruik je ook [b:659ef75766]Firefox[/b:659ef75766] als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords"
Klik op de knop Empty Selected.
Gebruik je ook [b:659ef75766]Opera[/b:659ef75766] als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop [b:659ef75766]Exit[/b:659ef75766] om het programma af te sluiten.
Pim - Download F-Secure Blacklight
waar ik krijg die link niet open om te downloaden - Ik zie het probleem, gebruik onderstaande tool even.
Download [b:f5f25268a9]Gmer[/b:f5f25268a9] en plaats het op je [b:f5f25268a9]bureaublad.[/b:f5f25268a9]
- Unzip het > open de map gmer > dubbelklik op [b:f5f25268a9]gmer.exe[/b:f5f25268a9].
- Ga naar het tabblad [u:f5f25268a9]Rootkit[/u:f5f25268a9] en klik op de [u:f5f25268a9]Scan[/u:f5f25268a9] knop.
[i:f5f25268a9](Als een rootkit actief is, kan het zijn dat Gmer zal vragen om een scan uit te voeren. Sta dit toe.)[/i:f5f25268a9]
- Als de scan klaar is klik je op de knop [u:f5f25268a9]Copy[/u:f5f25268a9].
- Via CTRL+V kan je de volledige inhoud van het gmerlogje in je volgende post plakken. - GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-08 07:42:58
Windows 5.1.2600 Service Pack 2
—- User code sections - GMER 1.0.13 —-
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1500] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 448CF2C1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 44A6030F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44A60290 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44A602D4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 44A6021C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 44A60256 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 44A6034A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3244] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 448F1676 C:\WINDOWS\system32\IEFRAME.dll
—- User IAT/EAT - GMER 1.0.13 —-
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
—- EOF - GMER 1.0.13 —- - Start hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
[b:3c32dcd7ea]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
[/b:3c32dcd7ea]
Sluit alle openstaande vensters en klik op Fix checked.
Hoe werkt alles inmiddels?
Pim - Hoi Pim
Hij is al weer stukken beter als hij was hier nog even een nieuw hyjack file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:26, on 8-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.decomputerkrakers.nl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
–
End of file - 5164 bytes - Ziet er goed uit
Verwijder Combofix:
Ga naar start –> uitvoeren en typ:
[b:1f6a3bcef0]Combofix /u[/b:1f6a3bcef0]
Bevestig met ok.
Lees deze beveiligingstips ook nog eens door:
http://users.telenet.be/marcvn/spyware/1564073.htm
Pim - ok pim is werwijdert wederom weer bedankt
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
