Ga naar inhoud

[OPGELOST] Windows XP - System Security version 4.51

MaartenW
 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [updateWin] C:\WINDOWS\system32\accesst.exe

O4 - HKLM\..\Run: [alg] C:\WINDOWS\alg.exe

O4 - HKLM\..\Run: [taskmg] C:\WINDOWS\taskmg.exe

O4 - HKLM\..\Run: [system] C:\WINDOWS\system.exe

O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe

O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe

O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe

O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe

O4 - HKLM\..\Run: [16413434] C:\Documents and Settings\All Users\Application Data\16413434\16413434.exe

O4 - HKLM\..\Run: [96423426] C:\Documents and Settings\All Users\Application Data\96423426\96423426.exe

O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe

O4 - HKLM\..\Run: [sms] C:\WINDOWS\sms.exe

O4 - HKLM\..\RunServices: [updateWin] C:\WINDOWS\system32\accesst.exe

O4 - HKCU\..\Run: [forkless] C:\DOCUME~1\tineke\APPLIC~1\NURBCA~1\ModeJump.exe

O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe

O4 - HKCU\..\Run: [updateWin] C:\WINDOWS\system32\accesst.exe

O4 - HKCU\..\RunServices: [updateWin] C:\WINDOWS\system32\accesst.exe

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Everest Poker\UltimateBet\UltimateBet.exe (file missing)

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Everest Poker\UltimateBet\UltimateBet.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
MaartenW Nieuweling

MaartenW

Geplaatst:
  • Auteur
Geplaatst:

Hey Kape,

Beetje raar, kan je bericht alleen zien als ik op antwoorden click...

Maar ik heb je lijst afgewerkt ( computer start nu ook normaal op enzo)

hier de log

Malwarebytes' Anti-Malware 1.36

Database versie: 2159

Windows 5.1.2600 Service Pack 3

20-5-2009 23:40:37

mbam-log-2009-05-20 (23-40-37).txt

Scan type: Snelle Scan

Objecten gescand: 92757

Verstreken tijd: 11 minute(s), 37 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 3

Registerwaarden geïnfecteerd: 14

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 4

Bestanden geïnfecteerd: 68

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.Systemsecurity) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amoumain (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Trojan.Clicker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Trojan.Clicker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servicelayer (Trojan.Clicker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\ (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Torrent101 (Trojan.Lop) -> Quarantined and deleted successfully.

C:\Program Files\Torrent101\ZM (Trojan.Lop) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\WINDOWS\amoumain.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\WINDOWS\vlc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\wdmon.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\servicelayer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\lsass.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\odb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\svc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\svw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\svx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\tmp0760349.log (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\tmp3209753.log (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\tmp3232165.log (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\tmp3296257.log (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\tmp8647656.log (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\tmp9979762.log (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\5_odb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\60325cahp25caa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\avto.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\avto2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\avto3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\avto4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\teste3_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\teste4_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\avto.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\avto1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\avto2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\avto3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\avto4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temporary Internet Files\Content.IE5\R7UNRHY9\123[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Torrent101\Torrent101.TRC (Trojan.Lop) -> Quarantined and deleted successfully.

C:\Program Files\Torrent101\ZM\minime.exe (Trojan.Lop) -> Quarantined and deleted successfully.

C:\WINDOWS\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\taskmg.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\alg.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\1_dropper_286962.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\3_baracudanew.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\4_pinnew.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\6_ldr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\nopmulti1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\nopmulti3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\nopmulti4.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\nopmulti5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\nopmulti3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\nopmulti4.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\nopmulti5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q5.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q6.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q7.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\q9.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\teste2_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Local Settings\Temp\wndutl32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\tineke\Application Data\ntos.exe (Backdoor.Proxy) -> Quarantined and deleted successfully.

C:\WINDOWS\system.exe (Worm.Autorun) -> Quarantined and deleted successfully.

C:\WINDOWS\sms.exe (Trojan.PWS) -> Quarantined and deleted successfully.

en de hijackThis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:52:48, on 20-5-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\DNA\btdna.exe

C:\WINDOWS\system32\sistray.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [siSPower] "Rundll32.exe" SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "C:\Program Files\Hitman Pro\srhelper.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Auto Run Software for Photo Frame] "C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe" /autorun

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151141649203

O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://216.32.89.203/activex/vogweb29.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--

End of file - 10625 bytes

Nu moest ik nog iets met een cleaner ofzo doen toch?

Naja ik wacht je antwoord af!

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Oeps ... dat is wel een hele berg rotzooi die opgeruimd werd door Malwarebytes :s

Tijd voor de “grote schoonmaak” : een cleaning en het verwijderen van de besmette herstelpunten. En je JAVA kan een update gebruiken.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Download Java Runtime Environment (JRE) 6u13 naar je Bureaublad

Sluit alle programma's die eventueel open zijn - Zeker je web browser!

  • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u13-windows-i586-p.s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

That’s it !

Link naar reactie
Delen op andere sites
MaartenW Nieuweling

MaartenW

Geplaatst:
  • Auteur
Geplaatst:

Hey Kape,

Haha ja dat was wel een grote lijst, zal wel wat vaker thuiskomen en de computer checken...

Heb een probleem met ccleaner..als ik het wil installeren krijg ik de volgende melding : fout bij het schrijven naar bestand : c:\ ..\ccleaner\ccleaner.exe

Moet ik dat gewoon allemaal negeren of?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:
Haha ja dat was wel een grote lijst, zal wel wat vaker thuiskomen en de computer checken...
Dat lijkt me een goed idee ... en misschien ook iets voorzichtiger surfen ;-)
Heb een probleem met ccleaner..als ik het wil installeren krijg ik de volgende melding : fout bij het schrijven naar bestand : c:\ ..\ccleaner\ccleaner.exe
Vreemd ... want dat is normaal een perfecte download. Verwijder de map van CCleaner (indien die al bestaat) en probeer het dan opnieuw.
Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.