Ga naar inhoud

[OPGELOST] MSN virus, door foto


Aanbevolen berichten

Hallo, ik heb een msn virus opgelopen door op een link van een foto te klikken, ik ben er al achter dat ik niet de enige ben en heb al vast een log van hijackthis gemaakt:

kunnen jullie mij helpen

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:14, on 13-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Lexmark 6200 Series\lxbumon.exe

C:\Program Files\Lexmark 6200 Series\ezprint.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\mrofinu1423.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe

C:\WINDOWS\system32\lxbucoms.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = StartNow's Internet Explorer Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mobstar - A dark world of money, murder and politics

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = StartNow's Internet Explorer Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = StartNow's Internet Explorer Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe

O2 - BHO: PopThis! BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {14922705-B322-21AD-45D9-66E1038AC291} - C:\DOCUME~1\josje\APPLIC~1\GPLELS~1\PILECURB.exe (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"

O4 - HKLM\..\Run: [okaysoftwarenounbold] C:\Documents and Settings\All Users\Application Data\eggs road okay software\InsidePeak.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Two Axis] C:\DOCUME~1\Frans\APPLIC~1\CREATI~1\Date Blue.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Frans\Local Settings\Temp\{7C98C270-A011-4BC8-9BEC-F3AD96DD5BC0}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Ashampoo Magical Defrag.lnk = F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)

O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: AshampooDefragService - - F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 8295 bytes

Link naar reactie
Delen op andere sites

Verwijder MSN (en eventueel alle andere Messengers).

Download SDFix en klik op "uitvoeren".

Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje!

R3 - Default URLSearchHook is missing

F2 - REGystem.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe

O2 - BHO: PopThis! BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)

O2 - BHO: (no name) - {14922705-B322-21AD-45D9-66E1038AC291} - C:\DOCUME~1\josje\APPLIC~1\GPLELS~1\PILECURB.exe (file missing)

O4 - HKLM\..\Run: [okaysoftwarenounbold] C:\Documents and Settings\All Users\Application Data\eggs road okay software\InsidePeak.exe

O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092C BD44BD8689220221DD3257

O4 - HKCU\..\Run: [Two Axis] C:\DOCUME~1\Frans\APPLIC~1\CREATI~1\Date Blue.exe

O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Frans\Local Settings\Temp\{7C98C270-A011-4BC8-9BEC-F3AD96DD5BC0}\{6164D2E7-986B-42F5-B3A6-64 D5E53FB889}\NOVG.EXE

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)

O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte mappen via Windows Verkenner :

C:\Program Files\mathies.com

C:\Documents and Settings\All Users\Application Data\eggs road okay software

Herstart je PC in veilige modus.

Open de SDFix map en dubbelklik op RunThis.bat om het tooltje te starten.

Typ Y om het schoonmaakproces te starten.

Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.

De computer zal dan herstarten (dit duurt langer dan gewoonlijk).

Wanneer de pc herstart zal het tooltje opnieuw runnen en het verwijderingsproces vervolgen, tot de melding Finished getoond wordt. Druk dan op eender welke toets om het script te beëindigen en je bureaubladiconen weer te laden.

Wanneer je bureaubladiconen verschijnen zal het rapportje van SDFix openen. Dit zal dan ook te vinden zijn in de SDFix map als Report.txt.

Herstart je computer in normale modus.

Plak nu het rapportje van SDFix hier met een nieuw HJT-log.

Link naar reactie
Delen op andere sites

ik heb de instructie gevolgd en hier de logs:

SDFix: Version 1.171

Run by Frans on ma 14-04-2008 at 20:30

Microsoft Windows XP [versie 5.1.2600]

Running From: C:\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\%^^%^%~1.exe - Deleted

C:\WINDOWS\system32\^^%%%%~1.exe - Deleted

C:\WINDOWS\mrofinu1423.exe - Deleted

C:\Documents and Settings\Frans\real.txt - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 20:36:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:5531c660

"s2"=dword:e1098d13

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:bb,94,54,f5,0e,bc,a1,8a,06,da,02,58,d4,26,b4,62,ff,e9,41,66,52,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:77,d7,9c,2c,06,94,02,ea,8e,eb,20,7a,9e,3b,c9,ca,cd,a3,2d,35,15,..

"a0"=hex:20,01,00,00,2e,ac,89,b4,c7,17,ef,0d,da,9d,a8,3f,0e,fc,6b,f1,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:fe,6e,a9,2a,c8,7a,56,16,02,7d,36,98,59,9a,78,79,b6,73,1e,69,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:bb,94,54,f5,0e,bc,a1,8a,06,da,02,58,d4,26,b4,62,ff,e9,41,66,52,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:77,d7,9c,2c,06,94,02,ea,8e,eb,20,7a,9e,3b,c9,ca,cd,a3,2d,35,15,..

"a0"=hex:20,01,00,00,2e,ac,89,b4,c7,17,ef,0d,da,9d,a8,3f,0e,fc,6b,f1,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:fe,6e,a9,2a,c8,7a,56,16,02,7d,36,98,59,9a,78,79,b6,73,1e,69,30,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"="F:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat:*:Enabled:The Battle for Middle-earth "

"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"

"F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe"="D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe:*:Enabled:mcoinstall"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"

Sun 14 Mar 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8d5769ed022fab7a177db7759e6a27b\BIT3BF.tmp"

Thu 21 Dec 2006 34,308 ...H. --- "C:\Documents and Settings\Bart\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll"

Wed 11 Jul 2007 34,308 ...H. --- "C:\Documents and Settings\Frans\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll"

Finished!

-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:45:21, on 14-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Lexmark 6200 Series\lxbumon.exe

C:\Program Files\Lexmark 6200 Series\ezprint.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\lxbucoms.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = StartNow's Internet Explorer Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mobstar - A dark world of money, murder and politics

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = StartNow's Internet Explorer Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = StartNow's Internet Explorer Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Ashampoo Magical Defrag.lnk = F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: AshampooDefragService - - F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6470 bytes

Link naar reactie
Delen op andere sites

Ziet er al goed uit, maar wil je - voor alle zekerheid - nog even dit doen :

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het logje van Combofix aan je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 08-04-15.4 - Frans 2008-04-16 14:32:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.249 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\winhelp.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))

.

2008-04-14 20:28 . 2008-04-14 20:29 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-14 20:19 . 2008-04-14 20:19 <DIR> d-------- C:\SDFix

2008-04-13 22:16 . 2008-04-13 22:16 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-13 20:58 . 2008-04-13 20:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-13 20:50 6,409,216 ----a-w C:\WINDOWS\Internet Logs\xDB4E6.tmp

2008-04-13 20:50 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4E7.tmp

2008-04-13 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-13 20:39 --------- d-----w C:\Program Files\SpywareBlaster

2008-04-13 20:39 --------- d-----w C:\Program Files\Hitman Pro

2008-04-13 20:01 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB4E5.tmp

2008-04-13 19:10 6,413,824 ----a-w C:\WINDOWS\Internet Logs\xDB4E4.tmp

2008-04-12 19:52 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E3.tmp

2008-04-12 18:12 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E2.tmp

2008-04-11 06:55 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E0.tmp

2008-04-11 06:55 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4E1.tmp

2008-04-10 15:27 6,401,024 ----a-w C:\WINDOWS\Internet Logs\xDB4DE.tmp

2008-04-10 15:27 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB4DF.tmp

2008-04-09 18:39 6,400,512 ----a-w C:\WINDOWS\Internet Logs\xDB4DD.tmp

2008-04-09 07:59 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4DB.tmp

2008-04-09 07:59 38,912 ----a-w C:\WINDOWS\Internet Logs\xDB4DC.tmp

2008-04-08 19:14 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4DA.tmp

2008-04-07 20:33 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4D9.tmp

2008-04-05 14:02 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D8.tmp

2008-04-05 11:08 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4D7.tmp

2008-04-05 10:30 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D6.tmp

2008-04-05 07:41 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D4.tmp

2008-04-05 07:41 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB4D5.tmp

2008-04-04 11:44 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D2.tmp

2008-04-04 11:44 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB4D3.tmp

2008-04-03 18:10 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D1.tmp

2008-04-03 15:28 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4D0.tmp

2008-04-03 14:42 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CF.tmp

2008-04-02 20:05 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CD.tmp

2008-04-02 20:05 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4CE.tmp

2008-04-02 15:36 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CC.tmp

2008-04-02 12:17 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CB.tmp

2008-04-01 17:37 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C9.tmp

2008-04-01 17:37 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB4CA.tmp

2008-04-01 14:45 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C8.tmp

2008-03-30 17:31 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C6.tmp

2008-03-29 11:11 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C5.tmp

2008-03-28 18:19 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C4.tmp

2008-03-27 22:37 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C3.tmp

2008-03-27 19:21 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C2.tmp

2008-03-27 19:21 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4C7.tmp

2008-03-26 19:19 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C1.tmp

2008-03-26 08:48 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB4EE.tmp

2008-03-26 08:46 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C0.tmp

2008-03-25 22:22 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4BF.tmp

2008-03-25 17:29 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BE.tmp

2008-03-25 07:04 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BC.tmp

2008-03-25 07:04 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB4BD.tmp

2008-03-24 19:34 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB4BB.tmp

2008-03-24 19:29 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BA.tmp

2008-03-23 23:07 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B8.tmp

2008-03-23 23:07 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB4B9.tmp

2008-03-23 06:15 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB4B7.tmp

2008-03-23 05:57 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B6.tmp

2008-03-22 21:44 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B4.tmp

2008-03-22 21:44 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB4B5.tmp

2008-03-22 17:43 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B3.tmp

2008-03-21 16:13 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B1.tmp

2008-03-21 13:38 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB4B2.tmp

2008-03-21 10:17 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B0.tmp

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 18:48 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4AF.tmp

2008-03-18 06:59 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AD.tmp

2008-03-18 06:59 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4AE.tmp

2008-03-17 20:43 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AC.tmp

2008-03-16 20:27 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AB.tmp

2008-03-15 16:26 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A9.tmp

2008-03-15 16:26 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB4AA.tmp

2008-03-14 21:26 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A8.tmp

2008-03-13 19:12 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A7.tmp

2008-03-12 15:37 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A6.tmp

2008-03-12 14:04 6,394,880 ----a-w C:\WINDOWS\Internet Logs\xDB4A5.tmp

2008-03-11 22:28 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A4.tmp

2008-03-11 15:38 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A3.tmp

2008-03-10 22:07 6,395,392 ----a-w C:\WINDOWS\Internet Logs\xDB4A2.tmp

2008-03-09 20:56 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A0.tmp

2008-03-09 20:56 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB4A1.tmp

2008-03-09 18:51 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49F.tmp

2008-03-09 14:12 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB49E.tmp

2008-03-09 14:11 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49D.tmp

2008-03-09 13:23 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49B.tmp

2008-03-09 13:23 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB49C.tmp

2008-03-09 12:53 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB499.tmp

2008-03-09 12:53 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB49A.tmp

2008-03-09 09:10 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB497.tmp

2008-03-09 09:10 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB498.tmp

2008-03-08 19:10 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB496.tmp

2008-03-08 11:49 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB494.tmp

2008-03-08 11:49 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB495.tmp

2008-03-08 08:39 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB493.tmp

2008-03-07 22:16 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB492.tmp

2008-03-07 16:55 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB491.tmp

2008-03-07 14:24 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB490.tmp

2008-03-06 21:18 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48F.tmp

2008-03-06 07:06 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48D.tmp

2008-03-06 07:06 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB48E.tmp

2008-03-05 19:49 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB48C.tmp

2008-03-05 18:50 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48B.tmp

2008-03-05 13:03 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB48A.tmp

2008-03-05 12:59 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB489.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"HyvesKwekker"="C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" [2007-04-06 11:12 1588736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2003-03-27 10:34 53248 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2003-11-17 11:33 753664 C:\WINDOWS\system32\nwiz.exe]

"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-02-17 17:01 693528]

"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 13:29 188416]

"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 15:26 299008]

"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 19:16 61440]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2004-08-04 10:03 54784 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-04-07 21:48]

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-09-24 17:08]

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-09-24 17:08]

R3 sm56pci;sm56pci;C:\WINDOWS\system32\DRIVERS\sm56pci.sys [1999-11-05 10:42]

R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2005-09-24 17:24]

S2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS []

S2 UMAXPCLS;Stuurprogramma voor scanner op printerpoort;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 22:58]

S3 efipsk;efipsk;C:\DOCUME~1\josje\LOCALS~1\Temp\efipsk.sys []

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-15 16:00:00 C:\WINDOWS\Tasks\A4A86D389187E784.job"

- c:\docume~1\josje\applic~1\creati~1\SHOW BIRD ABOUT.exe

"2008-04-15 16:00:00 C:\WINDOWS\Tasks\AFB461E591841379.job"

- c:\docume~1\frans\applic~1\creati~1\SHOW BIRD ABOUT.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 14:36:25

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-16 14:37:22

ComboFix-quarantined-files.txt 2008-04-16 12:37:07

Pre-Run: 336,351,232 bytes beschikbaar

Post-Run: 878,186,496 bytes beschikbaar

.

2008-04-10 15:26:13 --- E O F ---

Link naar reactie
Delen op andere sites

OK, dat ziet er goed uit. Tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. En je JAVA kan een update gebruiken.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Verwijder SDFix.

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".

- Zet een vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Windows vraagt of je dat zeker weet.

- Klik "Ja".

- Klik "OK".

- Start de pc opnieuw op.

- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.

- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"

- Klik "Ja".

- Verwijder het vinkje voor "Systeemherstel uitschakelen".

- Klik "Toepassen".

- Klik "OK".

- Start de pc opnieuw op

- Er is nu een nieuw herstelpunt aangemaakt.

Je Java software is verouderd. Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren.

Download Java Runtime Environment (JRE) 6u5.

  • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u5".
  • Klik op de "Download" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer “Windows”.
  • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op “Continue”.
  • De pagina zal herladen.
  • Klik op de jre-6u5-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn, zeker je webbrowser.
  • Ga dan naar Start -> Configuratiescherm -> Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op “Verwijderen” of op de “Wijzig/Verwijder” knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

That’s it !

En dan mag je - wat mij betreft - die MSN terug installeren (als je dat nog niet gedaan hebt).

Link naar reactie
Delen op andere sites

Hartstikke bedankt voor de goede hulp, alles werkt en geen problemen meer gehad. Ben ook maar meteen met een grote schoonmaak begonnen want kwam er toch wel achter dat dat ook nodig was. Iedereen is ook weer blij omdat de computer nu weer kan worden gebruikt, nogmaals dank.

Gr Tancho

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.