Vraag & Antwoord
Windows beveiliging belet openen programmaatje
30 antwoorden
- Een programma (dat mij door een familie mij gezipt is toegestuurd) kan niet geopend worden:
[img:b7471b7386]http://i44.tinypic.com/25ox8b7.jpg[/img:b7471b7386]
het is een programmaatje gemaakt door een route(foto)-tracker (Amod) en een tekst-bestandje. Dat tekstbestandje moet je kunnen openen met de exe, waarmee het (o.a.) in Google Earth te openen is.Ik heb gezocht in de beveiliging van mijn pc, maar kan niet verklaren waarom ik het niet kan openen. Iemand een suggestie? - Open als admin?
Heb je de help ale gelezen bij die vraag op de melding? - Microsoft gaat zich er zoals gewoonlijk weer eens tegen aan bemoeien als je een .exe wilt openen vanuit je mail. :wink:
Er van uitgaande dat je outlook gebruikt, kan je op onderstaande link terugvinden hoe dit op te lossen voor jouw versie:
http://www.slipstick.com/outlook/esecup/getexe.asp - @ andre@home: die onderstreepte regel met help "doet" niks.
@ ps: ik gebruik nog steeds Outlook Express, maar ik zal nog eens zoeken met Google. - [quote:5bda168874="PS"]Microsoft gaat zich er zoals gewoonlijk weer eens tegen aan bemoeien als je een .exe wilt openen vanuit je mail. :wink:
Er van uitgaande dat je outlook gebruikt, kan je op onderstaande link terugvinden hoe dit op te lossen voor jouw versie:
http://www.slipstick.com/outlook/esecup/getexe.asp[/quote:5bda168874]Het is toch veel handiger om een aanhangsel eerst op te slaan, eventueel virus scanner er nog een keer over heen, en dan pas uit te voeren?
Ik lees niet hoe f.j.stols het precies doet…..???
anders….: (had je zelf ook kunnen vinden…)
http://www.google.nl/#hl=nl&q=attachment+unblock+%22outlook+express%22&meta=&aq=f&aqi=&aql=&oq=&gs_rfai=&fp=819e66f6a2bb7dfd
[quote:5bda168874]You have 2 options available to you. You can either allow all attachments or you can selectively allow only certain potentially harmful attachments.
Allow all attachments:
To disable and lose the protection of Outlook Express's security feature:
1) Start Outlook Express.
2) On the Tools menu, click Options.
3) Click the Security tab, Uncheck the forth item, which says "Do not allow attachments to be saved or opened that could potentially be a virus" and then click OK.
NOTE: By default this protective security feature is not turned on, so you may find that it is already unchecked.
You might want to try the second method first, since the above method disables the security protection entirely.
Selectively allow some attachments:
You first have to turn on Outlook Express's security feature as follows:
1) Start Outlook Express.
2) On the Tools menu, click Options.
3) Click the Security tab, Place a checkmark next to the forth item, which says "Do not allow attachments to be saved or opened that could potentially be a virus" and then click OK.
MODIFY THE UNSAFE FILE LIST
NOTE: Because there are several versions of Microsoft Windows, the following steps may be different on your computer.
To keep being protected by the Outlook Express file security feature but just remove certain file types from the Internet Explorer unsafe file list:
1) Open Windows Explorer, click Tools on the toolbar and click Folder Options.
2) Click the File Types tab.
3) Click the file type that you want to allow, and then click Advanced or Edit.
4) Uncheck the "Confirm open after download" check box and click OK.
NOTE: Some file types will not allow you to uncheck the box or the file type may not even be on the list. For example, by default, the Internet Explorer 6 unsafe file list includes .exe files, and you cannot remove this file type from the list.
I find Outlook Express to be too aggressive in what it blocks. Some file types that I let in are bmp, doc, eml (listed under Outlook Express Mail Message), gif, htm, html, jpe, jpg, jpeg, pdf, rtf, tif, tiff, txt, url (listed under Internet Shortcut) and URL-HyperText Transfer Protocol (Listed in N/A section). Keep in mind that a website url (link) may take you to a webpage that will install unwanted programs on your PC. So whenever you receive e-mail with attachments or website links, you should be expecting that e-mail. [/quote:5bda168874] - de gezipte bijlage heb ik in een map opgeslagen. Meestal kijkt de virusscanner (Nod32) er nog eens naar. Alvast bedankt voor het zoekwerk, (was namelijk ook met andere dingen bezig) , ga het bestuderen en breng dan verslag uit. In een andere pc in huis (met AVG en XPpro) hetzelfde.
- En dan de zip uitgepakt…. en toen de exe gestart of….? (zou handig zijn als je aangeeft hoe je alles deed… het blijft nu maar gissen wanneer die melding optreedt..)
- sorry: de zip in een map geplaatst en toen geopend. Er komt dan een toepassing en een tekstbestand. Het verder openen van de toepassing lukt niet Er verschijnt dan dit:
[img:bbea4be443]http://i41.tinypic.com/taotjb.jpg[/img:bbea4be443]
en als ik dan op "alles uitpakken" klik komt er alleen een logje, en als ik op "uitvoeren" klik verschijnt de melding zoals in mijn eerste post. Hoop dat ik duidelijk was. - Doe eerst maar het volgende: [b:915d11e5f1]download, installeer en blijf MBAM gebruiken (KLIK)[/b:915d11e5f1]
[list:915d11e5f1]• Al meteen na de installatie wil [b:915d11e5f1]MBAM[/b:915d11e5f1] zijn database opwaarderen – toestaan dus.
• Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:915d11e5f1]Update[/b:915d11e5f1]!
• Start [b:915d11e5f1]MBAM[/b:915d11e5f1] en kies voor [b:915d11e5f1]Snelle Scan[/b:915d11e5f1]
• [b:915d11e5f1]N.B.: Vistagebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:915d11e5f1]
• Het scannen kan een tijdje duren, dus wees geduldig.
• Indien de scan voltooid is, klik dan op de knop [b:915d11e5f1]OK[/b:915d11e5f1]
• Klik daarna op de knop [b:915d11e5f1]Bekijk Resultaten[/b:915d11e5f1] om de resultaten te zien.
• Zorg ervoor, dat alles aangevinkt is.
• Vervolgens klik je op: [b:915d11e5f1]Verwijder geselecteerde[/b:915d11e5f1] .
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
• Het log wordt automatisch bewaard door [b:915d11e5f1]MBAM[/b:915d11e5f1] en dat kan je terugvinden door op de tab [b:915d11e5f1]Logs[/b:915d11e5f1] te klikken in [b:915d11e5f1]MBAM[/b:915d11e5f1] .
• Indien [b:915d11e5f1]MBAM[/b:915d11e5f1] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven –
dan telkens op [b:915d11e5f1]OK[/b:915d11e5f1] klikken!
• Daarna zal [b:915d11e5f1]MBAM[/b:915d11e5f1] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:915d11e5f1]
Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook.
MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen. - en hier een voorlopig antwoord aan PS: de aanwijzingen om in O.E. een vinkje weg te halen (desnoods tijdelijk) hielpen niet. En de optie om in Windows Explorer (ofwel verkenner) in de mapopties te kijken ook niet. Andere suggesties heb ik vooralsnog niet nagegaan.
- Alvorens nou met allerhande (beveiligings)software aan de gang te gaan:
- Bestand opslaan uit de mail
- Bestand rechts klikken en kiezen voor "Eigenschappen"
- Het zou kunnen zijn dat je onderin dit venster ziet dat "Dit bestand is afkomstig van een andere computer en wordt mogelijk geblokkerd om deze computer beter te beveiligen".
- In dat geval kiezen voor "Blokkering opheffen" en opnieuw proberen
Ik beweer niet dat dit de oplossing is, maar het is een mogelijkheid! - momenteel zit ik geheel in de puree. Kennelijk iets ("Cleanup antivirus"
opgehaald wat allerlei meldingen geeft van trojanen, virussen, unprotected. Zit niet in software, en installeert zich steeds weer op bureaublad en startmenu. Belemmert allerlei normale handelingen kortom hérél vervelend. Vandaar alvast een HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:59, on 6-4-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
E:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
E:\Documents and Settings\All Users\Application Data\106d6b2\CU106d.exe
Y:\05 p r o g r a m m a s\schoonmakertjes,diagnostiek,mailwasher\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.186.119.129 www.google.com
O1 - Hosts: 93.186.119.129 google.com
O1 - Hosts: 93.186.119.129 google.com.au
O1 - Hosts: 93.186.119.129 www.google.com.au
O1 - Hosts: 93.186.119.129 google.be
O1 - Hosts: 93.186.119.129 www.google.be
O1 - Hosts: 93.186.119.129 google.com.br
O1 - Hosts: 93.186.119.129 www.google.com.br
O1 - Hosts: 93.186.119.129 google.ca
O1 - Hosts: 93.186.119.129 www.google.ca
O1 - Hosts: 93.186.119.129 google.ch
O1 - Hosts: 93.186.119.129 www.google.ch
O1 - Hosts: 93.186.119.129 google.de
O1 - Hosts: 93.186.119.129 www.google.de
O1 - Hosts: 93.186.119.129 google.dk
O1 - Hosts: 93.186.119.129 www.google.dk
O1 - Hosts: 93.186.119.129 google.fr
O1 - Hosts: 93.186.119.129 www.google.fr
O1 - Hosts: 93.186.119.129 google.ie
O1 - Hosts: 93.186.119.129 www.google.ie
O1 - Hosts: 93.186.119.129 google.it
O1 - Hosts: 93.186.119.129 www.google.it
O1 - Hosts: 93.186.119.129 google.co.jp
O1 - Hosts: 93.186.119.129 www.google.co.jp
O1 - Hosts: 93.186.119.129 google.nl
O1 - Hosts: 93.186.119.129 www.google.nl
O1 - Hosts: 93.186.119.129 google.no
O1 - Hosts: 93.186.119.129 www.google.no
O1 - Hosts: 93.186.119.129 google.co.nz
O1 - Hosts: 93.186.119.129 www.google.co.nz
O1 - Hosts: 93.186.119.129 google.pl
O1 - Hosts: 93.186.119.129 www.google.pl
O1 - Hosts: 93.186.119.129 google.se
O1 - Hosts: 93.186.119.129 www.google.se
O1 - Hosts: 93.186.119.129 google.co.uk
O1 - Hosts: 93.186.119.129 www.google.co.uk
O1 - Hosts: 93.186.119.129 google.co.za
O1 - Hosts: 93.186.119.129 www.google.co.za
O1 - Hosts: 93.186.119.129 www.google-analytics.com
O1 - Hosts: 93.186.119.129 www.bing.com
O1 - Hosts: 93.186.119.129 search.yahoo.com
O1 - Hosts: 93.186.119.129 www.search.yahoo.com
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com
O1 - Hosts: 93.186.119.129 de.search.yahoo.com
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com
O1 - Hosts: 93.186.119.129 au.search.yahoo.com
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] E:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MailWasher] E:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
O4 - HKCU\..\Run: [CleanUp Antivirus] "E:\Documents and Settings\All Users\Application Data\106d6b2\CU106d.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-57989841-515967899-725345543-1004\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-515967899-725345543-1004\..\Run: [CleanUp Antivirus] "E:\Documents and Settings\All Users\Application Data\106d6b2\CU106d.exe" /s /d (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269173420983
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269174419171
O20 - AppInit_DLLs:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
–
End of file - 8919 bytes
ik zie de naam hier en daar al verschijnen, maar ik wacht graag het advies van de deskundigen af. - net eerder vanavond een MBAM scan gedaan met goed resultaat. Na die * ^# "@ Cleanupvirus waren er 790 (!) verkeerde bestanden gezien en verwijderd door MBAM. Zo zou heb ik het nog nooit gegeten.
- Hallo f.j.stols, ergo - je moet dus weer even aan het werk!
Alleen dit: HijackThis heb je geïnstalleerd in een verkeerde locatie!
Hierdoor kan HijackThis geen back-ups maken!
Verplaats dus uit Y:\05 p r o g r a m m a s\schoonmakertjes,diagnostiek,mailwasher\Hijackthis\HijackThis.exe de map Hijackthis\HijackThis.exe en plaats deze in E:\Program Files. - de diverse stappen heb ik grotendeels met succes gedaan. Eerlijk gezegd had ik al een MBAM laten lopen die er ongeveer 160 dingen uithaalde!
Wat betreft die HostsXpert krijg ik een venster: hetzelfde als met het openen van een exe zoals eerder in het begin van deze post gemeld (waarschuwing bij zip). Ik kom er wel iets verder mee, en dan zie ik
[img:cbc0f60576]http://i44.tinypic.com/2mgjr6p.jpg[/img:cbc0f60576]
als ik dat weghaal een groter scherm met ruim 100 regels.Wat ik daar mee moet is mij niet duidelijk.
Vervolgens een nieuwe MBAM gemaakt:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Databaseversie: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7-4-2010 10:04:41
mbam-log-2010-04-07 (10-04-41).txt
Scantype: Snelle scan
Objecten gescand: 105748
Verstreken tijd: 9 minuut/minuten, 32 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
en vervolgens nog een HJKT:
, maar daar komt een voor mij onbekende melding:
[img:cbc0f60576]http://i39.tinypic.com/mbl2s2.jpg[/img:cbc0f60576]
die ik kan weg klikken en dan zie ik de log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:45, on 7-4-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
E:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.186.119.129 www.google.com
O1 - Hosts: 93.186.119.129 google.com
O1 - Hosts: 93.186.119.129 google.com.au
O1 - Hosts: 93.186.119.129 www.google.com.au
O1 - Hosts: 93.186.119.129 google.be
O1 - Hosts: 93.186.119.129 www.google.be
O1 - Hosts: 93.186.119.129 google.com.br
O1 - Hosts: 93.186.119.129 www.google.com.br
O1 - Hosts: 93.186.119.129 google.ca
O1 - Hosts: 93.186.119.129 www.google.ca
O1 - Hosts: 93.186.119.129 google.ch
O1 - Hosts: 93.186.119.129 www.google.ch
O1 - Hosts: 93.186.119.129 google.de
O1 - Hosts: 93.186.119.129 www.google.de
O1 - Hosts: 93.186.119.129 google.dk
O1 - Hosts: 93.186.119.129 www.google.dk
O1 - Hosts: 93.186.119.129 google.fr
O1 - Hosts: 93.186.119.129 www.google.fr
O1 - Hosts: 93.186.119.129 google.ie
O1 - Hosts: 93.186.119.129 www.google.ie
O1 - Hosts: 93.186.119.129 google.it
O1 - Hosts: 93.186.119.129 www.google.it
O1 - Hosts: 93.186.119.129 google.co.jp
O1 - Hosts: 93.186.119.129 www.google.co.jp
O1 - Hosts: 93.186.119.129 google.nl
O1 - Hosts: 93.186.119.129 www.google.nl
O1 - Hosts: 93.186.119.129 google.no
O1 - Hosts: 93.186.119.129 www.google.no
O1 - Hosts: 93.186.119.129 google.co.nz
O1 - Hosts: 93.186.119.129 www.google.co.nz
O1 - Hosts: 93.186.119.129 google.pl
O1 - Hosts: 93.186.119.129 www.google.pl
O1 - Hosts: 93.186.119.129 google.se
O1 - Hosts: 93.186.119.129 www.google.se
O1 - Hosts: 93.186.119.129 google.co.uk
O1 - Hosts: 93.186.119.129 www.google.co.uk
O1 - Hosts: 93.186.119.129 google.co.za
O1 - Hosts: 93.186.119.129 www.google.co.za
O1 - Hosts: 93.186.119.129 www.google-analytics.com
O1 - Hosts: 93.186.119.129 www.bing.com
O1 - Hosts: 93.186.119.129 search.yahoo.com
O1 - Hosts: 93.186.119.129 www.search.yahoo.com
O1 - Hosts: 93.186.119.129 uk.search.yahoo.com
O1 - Hosts: 93.186.119.129 ca.search.yahoo.com
O1 - Hosts: 93.186.119.129 de.search.yahoo.com
O1 - Hosts: 93.186.119.129 fr.search.yahoo.com
O1 - Hosts: 93.186.119.129 au.search.yahoo.com
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Gadwin PrintScreen] E:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MailWasher] E:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-57989841-515967899-725345543-1004\..\Run: [Gadwin PrintScreen] E:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - E:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269173420983
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269174419171
O20 - AppInit_DLLs:
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
–
End of file - 8346 bytes
ik hoop dat ik duidelijk was! - Gezien de problemen, denk ik dat een en ander dieper in jouw Windows zit!
[b:9da9004aec]Laat Combofix jouw Windows scannen[/b:9da9004aec] (klik).
[b:9da9004aec]Hoe Combofix goed te gebruiken[/b:9da9004aec] (klik)
[b:9da9004aec]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende: - alles verliep naar wens; momenteel loopt de Trijan-remover . Die vond tot nu toe een "rogue"achtig ding met sirenegeluid.. Aangezien ik niet weet hoe lang die scan duurt hier alvast de Combofix:
ComboFix 10-04-06.03 - Frans 07-04-2010 12:34:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.702 [GMT 2:00]
Gestart vanuit: e:\documents and settings\Frans\Bureaublad\ComboFix.exe
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\program files\Mozilla Firefox\searchplugins\search.xml
e:\recycler\S-1-5-21-1960408961-1383384898-839522115-1004
e:\recycler\S-1-5-21-527237240-682003330-839522115-1004
e:\recycler\S-1-5-21-606747145-115176313-682003330-1003
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-03-07 to 2010-04-07 ))))))))))))))))))))))))))))))
.
2010-04-06 17:36 . 2010-04-07 10:26 ——– d–h–r- e:\documents and settings\Frans\Onlangs geopend
2010-04-06 17:31 . 2010-04-06 17:31 ——– d-sh–w- e:\documents and settings\All Users\Application Data\CUPPBSYYA
2010-04-06 17:30 . 2010-04-06 17:31 ——– d-sh–w- e:\documents and settings\All Users\Application Data\106d6b2
2010-04-06 14:24 . 2010-04-06 14:24 ——– d—–w- e:\documents and settings\All Users\Application Data\ArcSoft
2010-04-06 14:23 . 2010-04-06 14:23 ——– d—–w- e:\program files\Common Files\InstallShield
2010-04-06 14:12 . 2010-04-06 14:12 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\ArcSoft
2010-04-06 14:11 . 2010-04-07 05:50 ——– d—–w- e:\documents and settings\Frans\Application Data\ArcSoft
2010-04-06 14:10 . 2005-02-23 12:58 11776 —-a-w- e:\windows\system32\drivers\afc.sys
2010-04-06 14:10 . 2010-04-07 05:48 ——– d—–w- e:\program files\Common Files\ArcSoft
2010-04-06 14:09 . 2010-04-07 05:49 ——– d—–w- e:\program files\ArcSoft
2010-04-06 11:28 . 2010-04-06 11:28 ——– d—–w- e:\documents and settings\Frans\Application Data\HD Tune Pro
2010-04-06 11:28 . 2010-04-06 11:28 ——– d—–w- e:\program files\HD Tune Pro
2010-04-05 16:51 . 2010-04-06 06:40 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\Conduit
2010-04-03 09:37 . 2007-10-12 13:14 3734536 —-a-w- e:\windows\system32\d3dx9_36.dll
2010-04-03 09:31 . 2010-04-03 09:31 ——– d—–w- e:\program files\SiSoftware
2010-04-02 11:43 . 2010-04-02 11:43 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\PassMark
2010-04-02 11:43 . 2008-07-12 06:18 467984 —-a-w- e:\windows\system32\d3dx10_39.dll
2010-04-02 11:43 . 2008-07-12 06:18 1493528 —-a-w- e:\windows\system32\D3DCompiler_39.dll
2010-04-02 11:43 . 2008-07-12 06:18 3851784 —-a-w- e:\windows\system32\D3DX9_39.dll
2010-04-02 11:43 . 2006-09-28 14:05 2414360 —-a-w- e:\windows\system32\d3dx9_31.dll
2010-04-02 11:42 . 2010-04-02 11:42 ——– d—–w- e:\windows\Logs
2010-04-02 11:42 . 2010-04-02 11:42 ——– d—–w- e:\documents and settings\All Users\Application Data\PassMark
2010-04-01 15:01 . 2010-04-01 15:01 ——– d—–w- e:\program files\Java
2010-04-01 14:34 . 2010-04-02 11:40 ——– d—–w- e:\program files\DiskCheckup
2010-04-01 14:05 . 2010-04-01 14:05 ——– d—–w- e:\program files\Seagate
2010-04-01 12:18 . 2010-04-01 12:31 ——– d—–w- e:\program files\CrystalDiskInfo
2010-03-31 10:08 . 2010-03-31 10:58 ——– d—a-w- e:\documents and settings\All Users\Application Data\TEMP
2010-03-30 10:25 . 2010-03-30 10:25 ——– d—–w- e:\program files\Lavalys
2010-03-30 08:10 . 2010-03-30 08:10 ——– d—–w- e:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-30 07:43 . 2001-09-06 19:26 9728 -c–a-w- e:\windows\system32\dllcache\brcoinst.dll
2010-03-30 07:43 . 2001-09-06 19:26 12800 -c–a-w- e:\windows\system32\dllcache\brevif.dll
2010-03-30 07:43 . 2001-09-06 19:26 19456 -c–a-w- e:\windows\system32\dllcache\brbidiif.dll
2010-03-30 07:43 . 2001-09-06 19:26 103936 -c–a-w- e:\windows\system32\dllcache\binlsvc.dll
2010-03-30 07:41 . 2001-08-17 18:49 26624 -c–a-w- e:\windows\system32\dllcache\ativxbar.sys
2010-03-30 07:40 . 2001-08-17 18:11 16969 -c–a-w- e:\windows\system32\dllcache\amb8002.sys
2010-03-30 07:40 . 2001-08-17 19:51 5248 -c–a-w- e:\windows\system32\dllcache\aliide.sys
2010-03-30 07:40 . 2001-08-17 19:49 26624 -c–a-w- e:\windows\system32\dllcache\alifir.sys
2010-03-30 07:40 . 2001-08-17 18:11 27678 -c–a-w- e:\windows\system32\dllcache\ali5261.sys
2010-03-30 07:40 . 2001-08-17 20:07 56960 -c–a-w- e:\windows\system32\dllcache\aic78xx.sys
2010-03-30 07:40 . 2001-08-17 20:07 55168 -c–a-w- e:\windows\system32\dllcache\aic78u2.sys
2010-03-30 07:40 . 2001-08-17 19:52 12800 -c–a-w- e:\windows\system32\dllcache\aha154x.sys
2010-03-30 07:38 . 2001-08-17 20:07 101888 -c–a-w- e:\windows\system32\dllcache\adpu160m.sys
2010-03-30 07:38 . 2001-08-17 18:11 46112 -c–a-w- e:\windows\system32\dllcache\adptsf50.sys
2010-03-30 07:38 . 2008-04-13 20:06 10880 -c–a-w- e:\windows\system32\dllcache\admjoy.sys
2010-03-30 07:38 . 2001-08-17 18:19 747392 -c–a-w- e:\windows\system32\dllcache\adm8830.sys
2010-03-30 07:38 . 2001-08-17 18:19 553984 -c–a-w- e:\windows\system32\dllcache\adm8820.sys
2010-03-30 07:38 . 2001-08-17 18:19 584448 -c–a-w- e:\windows\system32\dllcache\adm8810.sys
2010-03-30 07:38 . 2001-08-17 18:11 20160 -c–a-w- e:\windows\system32\dllcache\adm8511.sys
2010-03-30 06:56 . 2010-03-30 06:56 ——– d-sh–w- e:\documents and settings\Frans\IECompatCache
2010-03-29 02:40 . 2010-03-29 02:40 ——– d—–w- e:\windows\Sun
2010-03-28 19:05 . 2010-03-28 19:05 ——– d—–w- e:\documents and settings\Frans\Application Data\MSN6
2010-03-28 19:05 . 2010-03-28 19:05 ——– d—–w- e:\documents and settings\All Users\Application Data\MSN6
2010-03-28 16:05 . 2006-12-18 14:33 356352 —-a-w- e:\windows\system32\NVUNINST.EXE
2010-03-28 07:41 . 2009-03-25 06:29 130432 —-a-w- e:\windows\system32\drivers\Rtnicxp.sys
2010-03-28 07:41 . 2009-03-03 12:18 73728 —-a-w- e:\windows\system32\RtNicProp32.dll
2010-03-28 07:41 . 2010-03-28 07:41 ——– d—–w- e:\program files\Realtek
2010-03-28 07:41 . 2010-04-07 05:49 ——– d–h–w- e:\program files\InstallShield Installation Information
2010-03-27 19:45 . 2010-03-27 19:45 ——– d—–w- e:\documents and settings\Frans\Application Data\DeviceDoctorSoftware
2010-03-27 10:59 . 2010-03-27 11:00 ——– d—–w- e:\documents and settings\Frans\Application Data\UltraExplorer
2010-03-27 10:59 . 2010-03-28 15:11 ——– d—–w- e:\program files\UltraExplorer
2010-03-26 14:31 . 2010-03-26 14:31 ——– d—–w- e:\documents and settings\Frans\Application Data\Canneverbe Limited
2010-03-26 14:31 . 2010-03-26 14:31 ——– d—–w- e:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-03-26 14:30 . 2009-11-12 12:48 7168 —-a-w- e:\windows\system32\drivers\StarOpen.sys
2010-03-26 14:30 . 2010-03-26 14:30 ——– d—–w- e:\program files\CDBurnerXP
2010-03-26 07:22 . 2008-04-14 21:32 136192 -c–a-w- e:\windows\system32\dllcache\aaclient.dll
2010-03-26 07:21 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0411.dll
2010-03-26 07:21 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0404.dll
2010-03-26 07:20 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0804.dll
2010-03-26 07:19 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0401.dll
2010-03-26 07:18 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt0412.dll
2010-03-26 07:18 . 2007-04-02 22:56 19456 -c–a-w- e:\windows\system32\dllcache\agt040d.dll
2010-03-26 07:15 . 2008-04-14 21:32 159232 -c—-w- e:\windows\system32\dllcache\cewmdm.dll
2010-03-26 07:15 . 2008-04-14 21:32 294912 -c—-w- e:\windows\system32\dllcache\dlimport.exe
2010-03-26 07:15 . 2008-04-14 21:33 695808 -c—-w- e:\windows\system32\dllcache\drmv2clt.dll
2010-03-26 07:15 . 2008-04-14 21:33 124416 -c—-w- e:\windows\system32\dllcache\mplay32.exe
2010-03-26 07:15 . 2008-04-14 21:32 240640 -c—-w- e:\windows\system32\dllcache\mpg4dmod.dll
2010-03-26 07:15 . 2008-04-14 21:33 259072 -c—-w- e:\windows\system32\dllcache\msnetobj.dll
2010-03-26 07:15 . 2008-04-14 21:33 356352 -c—-w- e:\windows\system32\dllcache\msscp.dll
2010-03-26 07:15 . 2008-04-14 21:32 201728 -c—-w- e:\windows\system32\dllcache\mspmsp.dll
2010-03-26 07:15 . 2008-04-14 21:32 246272 -c—-w- e:\windows\system32\dllcache\mswmdm.dll
2010-03-26 07:15 . 2008-04-14 21:33 226816 -c—-w- e:\windows\system32\dllcache\npdrmv2.dll
2010-03-26 07:11 . 2008-04-13 21:06 144384 ——w- e:\windows\system32\drivers\hdaudbus.sys
2010-03-26 07:11 . 2008-04-13 23:10 10240 ——w- e:\windows\system32\drivers\sffp_mmc.sys
2010-03-26 06:54 . 2009-10-21 05:40 75776 -c—-w- e:\windows\system32\dllcache\strmfilt.dll
2010-03-26 06:54 . 2009-10-21 05:40 25088 -c—-w- e:\windows\system32\dllcache\httpapi.dll
2010-03-26 06:54 . 2009-10-20 16:20 265728 -c—-w- e:\windows\system32\dllcache\http.sys
2010-03-25 14:39 . 2010-03-25 14:39 ——– d–h–w- e:\windows\PIF
2010-03-25 06:40 . 2010-03-25 06:40 ——– d—–w- e:\documents and settings\Frans\Application Data\Malwarebytes
2010-03-25 06:40 . 2010-03-29 22:46 38224 —-a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 06:40 . 2010-03-25 06:40 ——– d—–w- e:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 06:40 . 2010-03-29 22:45 20824 —-a-w- e:\windows\system32\drivers\mbam.sys
2010-03-25 06:40 . 2010-04-07 07:54 ——– d—–w- e:\program files\Malwarebytes' Anti-Malware
2010-03-24 18:39 . 2010-03-24 18:39 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\VS Revo Group
2010-03-24 18:03 . 2010-03-24 18:03 ——– d—–w- e:\documents and settings\Frans\Application Data\Foxit
2010-03-24 06:42 . 2010-03-24 06:42 ——– d—–w- e:\program files\GlobFX
2010-03-23 15:22 . 2010-03-23 15:29 1006 —-a-w- e:\windows\unins000.dat
2010-03-23 13:57 . 2010-03-23 13:57 ——– d-sh–w- e:\documents and settings\Administrator\PrivacIE
2010-03-23 13:56 . 2010-03-23 13:56 ——– d—–w- e:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-03-23 13:56 . 2010-03-23 13:56 ——– d-sh–w- e:\documents and settings\Administrator\IETldCache
2010-03-23 11:18 . 2010-03-25 08:02 ——– d—–w- e:\program files\MSECACHE
2010-03-23 10:41 . 2010-03-23 10:41 ——– d—–w- e:\windows\system32\XPSViewer
2010-03-23 10:41 . 2010-03-23 10:41 ——– d—–w- e:\program files\MSBuild
2010-03-23 10:40 . 2010-03-23 10:40 ——– d—–w- e:\program files\Reference Assemblies
2010-03-23 10:40 . 2008-07-06 12:06 89088 —-a-w- e:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-23 10:39 . 2008-07-06 12:06 89088 -c—-w- e:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-23 10:39 . 2008-07-06 12:06 117760 ——w- e:\windows\system32\prntvpt.dll
2010-03-23 10:39 . 2008-07-06 10:50 597504 -c—-w- e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-23 10:39 . 2008-07-06 10:50 597504 ——w- e:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-23 10:39 . 2008-07-06 12:06 575488 -c—-w- e:\windows\system32\dllcache\xpsshhdr.dll
2010-03-23 10:39 . 2008-07-06 12:06 575488 ——w- e:\windows\system32\xpsshhdr.dll
2010-03-23 10:39 . 2008-07-06 12:06 1676288 -c—-w- e:\windows\system32\dllcache\xpssvcs.dll
2010-03-23 10:39 . 2008-07-06 12:06 1676288 ——w- e:\windows\system32\xpssvcs.dll
2010-03-23 08:06 . 2010-03-25 15:06 ——– d—–w- e:\documents and settings\Frans\Application Data\Canon
2010-03-22 18:25 . 2010-03-22 18:28 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\Temp
2010-03-22 16:00 . 2010-03-22 16:00 ——– d—–w- e:\program files\filehippo.com
2010-03-22 14:30 . 2010-03-22 14:30 ——– d—–w- e:\documents and settings\Frans\Application Data\FastStone
2010-03-22 14:25 . 2010-03-22 18:25 ——– d—–w- e:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-22 14:23 . 2010-03-22 14:23 ——– d—–w- e:\program files\FastStone Photo Resizer
2010-03-22 14:20 . 2010-03-22 18:47 ——– d—–w- e:\documents and settings\Frans\Local Settings\Application Data\Google
2010-03-22 14:19 . 2010-03-22 18:47 ——– d—–w- e:\program files\Google
2010-03-22 14:19 . 2010-03-28 18:48 ——– d—–w- e:\program files\Picasa2
2010-03-22 14:12 . 2010-03-22 14:12 ——– d—–w- e:\documents and settings\All Users\Application Data\FLEXnet
2010-03-22 13:25 . 2001-08-04 15:50 454815 —-a-r- e:\windows\system32\drivers\CTXH51.sys
2010-03-22 12:27 . 2010-03-22 12:27 ——– d—–w- e:\documents and settings\Frans\Application Data\CheckPoint
2010-03-22 12:27 . 2010-03-22 12:27 ——– d—–w- e:\program files\CheckPoint
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 10:34 . 2001-09-07 12:00 86182 —-a-w- e:\windows\system32\perfc013.dat
2010-04-07 10:34 . 2001-09-07 12:00 499340 —-a-w- e:\windows\system32\perfh013.dat
2010-04-07 07:54 . 2010-04-07 07:54 5918776 —-a-w- e:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 17:31 . 2010-04-06 17:30 3020800 —-a-w- e:\documents and settings\All Users\Application Data\106d6b2\CU106d.exe
2010-04-03 11:23 . 2010-04-06 17:31 458200 —-a-w- e:\documents and settings\All Users\Application Data\106d6b2\sqlite3.dll
2010-04-03 11:22 . 2010-04-06 17:31 718296 —-a-w- e:\documents and settings\All Users\Application Data\106d6b2\mozcrt19.dll
2010-04-03 09:33 . 2010-04-03 09:33 2316 —-a-w- e:\documents and settings\All Users\Application Data\xml1318.tmp
2010-04-03 09:33 . 2010-04-03 09:33 13846 —-a-w- e:\documents and settings\All Users\Application Data\xml1316.tmp
2010-04-03 09:33 . 2010-04-03 09:32 9036 —-a-w- e:\documents and settings\All Users\Application Data\xml1314.tmp
2010-03-23 15:29 . 2002-02-10 00:00 72748 —-a-w- e:\windows\unins000.exe
2010-03-22 14:04 . 2010-03-22 14:06 9336 ——w- e:\windows\system32\drivers\cdr4_xp.sys
2010-03-22 14:04 . 2010-03-22 14:06 9464 ——w- e:\windows\system32\drivers\cdralw2k.sys
2010-03-22 14:04 . 2010-03-22 14:06 129784 ——w- e:\windows\system32\pxafs.dll
2010-03-22 14:04 . 2010-03-22 14:06 43528 ——w- e:\windows\system32\drivers\PxHelp20.sys
2010-03-22 14:04 . 2010-03-22 14:06 116472 ——w- e:\windows\system32\pxcpyi64.exe
2010-03-22 14:04 . 2010-03-22 14:06 118520 ——w- e:\windows\system32\pxinsi64.exe
2010-03-21 18:25 . 2010-03-21 18:25 9 —-a-w- e:\documents and settings\Frans\Application Data\mdb.bin
2010-03-21 18:24 . 2010-03-21 18:24 5813000 —-a-w- e:\windows\system32\config\systemprofile\Application Data\COMODO\setup_clps_3.0.133262.11_Release.exe
2010-03-21 17:09 . 2010-03-21 17:08 5542592 —-a-w- e:\documents and settings\All Users\Application Data\Comodo Downloader\hopsurf.exe
2010-03-21 12:37 . 2010-03-21 12:37 503808 —-a-w- e:\documents and settings\Frans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ebf4ff9-n\msvcp71.dll
2010-03-21 12:37 . 2010-03-21 12:37 499712 —-a-w- e:\documents and settings\Frans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ebf4ff9-n\jmc.dll
2010-03-21 12:37 . 2010-03-21 12:37 348160 —-a-w- e:\documents and settings\Frans\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3ebf4ff9-n\msvcr71.dll
2010-03-21 12:37 . 2010-03-21 12:37 61440 —-a-w- e:\documents and settings\Frans\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-40693ccc-n\decora-sse.dll
2010-03-21 12:37 . 2010-03-21 12:37 12800 —-a-w- e:\documents and settings\Frans\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-40693ccc-n\decora-d3d.dll
2010-03-21 11:37 . 2010-03-21 10:54 ——– d—–w- e:\program files\Mozilla Firefox(2)
2010-03-21 10:56 . 2010-03-21 10:13 ——– d–h–w- e:\program files\CanonBJ
2010-03-21 10:54 . 2010-03-21 10:54 0 —-a-w- e:\windows\nsreg.dat
2010-03-21 10:14 . 2010-03-21 10:14 ——– d—–w- e:\program files\Common Files\CANON
2010-03-21 10:13 . 2010-03-21 10:13 ——– d—–w- e:\documents and settings\All Users\Application Data\CanonBJ
2010-03-21 09:09 . 2010-03-21 09:09 ——– d—–w- e:\program files\microsoft frontpage
2010-03-21 09:05 . 2010-03-21 09:05 21748 —-a-w- e:\windows\system32\emptyregdb.dat
2010-02-25 06:20 . 2001-09-07 12:00 916480 —-a-w- e:\windows\system32\wininet.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 —-a-w- e:\windows\system32\GPhotos.scr
2010-02-04 08:01 . 2010-04-03 09:38 74072 —-a-w- e:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-04-03 09:38 528216 —-a-w- e:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-04-03 09:38 238936 —-a-w- e:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-04-03 09:38 22360 —-a-w- e:\windows\system32\X3DAudio1_7.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="e:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2010-03-21 949376]
"ZoneAlarm Client"="e:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00 1818624 —-a-w- e:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
2010-03-03 13:31 155648 —-a-w- e:\program files\filehippo.com\UpdateChecker.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 nod32drv;nod32drv;e:\windows\system32\drivers\nod32drv.sys [21-3-2010 14:21 15424]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 13:03 169312]
R3 ham50;V9X HAM 1394V;e:\windows\system32\drivers\CTXH51.sys [22-3-2010 15:25 454815]
S2 gupdate;Google Updateservice (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [22-3-2010 20:24 136176]
.
Inhoud van de 'Gedeelde Taken' map
2010-03-25 e:\windows\Tasks\$~$Sys0$.job
- e:\windows\System32\SchedSvc.dll [2010-03-21 21:32]
2010-03-22 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 18:24]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: e:\windows\System32\imon.dll
FF - ProfilePath - e:\documents and settings\Frans\Application Data\Mozilla\Firefox\Profiles\gc7ngbp7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: e:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: e:\program files\Picasa2\npPicasa2.dll
FF - plugin: e:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
—- FIREFOX POLICIES —-
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "";
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com";
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff";
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org";
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com";
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS VERWIJDERD - - - -
MSConfigStartUp-ArcSoft Connection Service - e:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-MSMSGS - e:\program files\Messenger\msmsgs.exe
AddRemove-HijackThis - y:\05 p r o g r a m m a s\schoonmakertjes
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 12:46
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MailWasher = e:\progra~1\MAILWA~1\MAILWA~1.EXE?
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–¤|ÿÿÿÿ¤•¤|ù•9~*]
"3140110900063D11C8EF10054038389C"="E?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'explorer.exe'(1840)
e:\windows\system32\webcheck.dll
.
———————— Andere Aktieve Processen ————————
.
e:\progra~1\MAILWA~1\MAILWA~1.EXE
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\CDBurnerXP\NMSAccessU.exe
e:\program files\Eset\nod32krn.exe
.
**************************************************************************
.
Voltooingstijd: 2010-04-07 12:54:41 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-07 10:54
Pre-Run: 19.146.534.912 bytes beschikbaar
Post-Run: 20.114.894.848 bytes beschikbaar
- - End Of File - - 24F9121CB231310F98834D6E5C21ACBF
en ik blijf de Trojan-remover in de gaten houden. Wat een gedoe! - Je hebt Combofix toch niet tegelijkertijd met dat andere tool gedraaid, mag ik aannemen?
- Hallo Frans, heb jij en taak in jouw Windows geprogrammeerd?
Ik vind namelijk in het Combofix-log deze vermelding: windows\tasks\$~$sys0$.job.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.