Ga naar inhoud

Tropic

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    7

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Tropic

  1. Tropic
    Hierbij de logfiles: Malware bytes: Malwarebytes' Anti-Malware 1.11 Database versie: 689 Scan type: Snelle Scan Objecten gescand: 53115 Verstreken tijd: 32 minute(s), 36 second(s) Geheugenprocessen geïnfecteerd: 6 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 19 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 13 Geheugenprocessen geïnfecteerd: C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\svzip.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\runsql.exe (Trojan.Agent) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Google Online Search Service (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netx (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net64 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netzip (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runsql (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\Documents and Settings\Gijs\Local Settings\Temp\682870043.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\svc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\sv.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\svzip.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\runsql.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\2052v.exe (Worm.Sdbot) -> Delete on reboot. C:\WINDOWS\system32\winlogans.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Gijs\Favorieten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svchost.t__ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Combofix: ComboFix 08-04-26.3 - Gijs 2008-04-27 10:58:28.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.106 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Gijs\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\kmd.exe C:\WINDOWS\system32\kmd.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))) . 2008-04-27 08:15 . 2008-04-27 08:15 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\Malwarebytes 2008-04-27 08:14 . 2008-04-27 08:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-27 08:14 . 2008-04-27 08:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 18:57 . 2008-04-25 18:50 180,224 --a------ C:\WINDOWS\svw.exe 2008-04-25 18:57 . 2008-04-25 19:07 144 --ahs---- C:\WINDOWS\system32\3495402579.dat 2008-04-18 18:36 . 2008-04-18 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse 2008-04-18 17:49 . 2008-04-18 17:49 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\PlayFirst 2008-04-18 17:47 . 2008-04-18 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 17:16 1,534 ----a-w C:\WINDOWS\system32\tmp.reg 2008-02-08 21:55 85,504 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-02-08 08:37 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe 2008-02-07 21:15 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-02-07 21:15 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll . ------- Sigcheck ------- 2004-08-03 22:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\drivers\tcpip.sys 2004-08-03 22:14 359040 1745b00fc1141404b28f4b94f69a8871 C:\WINDOWS\system32\dllcache\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:15 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-22 19:38 579584] "NWEReboot"="" [] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "netw"="C:\WINDOWS\svw.exe" [2008-04-25 18:50 180224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 23:15 219136] "jkdfj94kgdftdf"="C:\WINDOWS\TEMP\winlogan.exe" [ ] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 20:50] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-27 11:01:32 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-27 11:02:21 ComboFix2.txt 2008-02-11 17:38:12 ComboFix-quarantined-files.txt 2008-04-27 09:02:18 Pre-Run: 2,040,647,680 bytes beschikbaar Post-Run: 2,399,141,888 bytes beschikbaar 75 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:16:30, on 27/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\svw.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204055285046 O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.playfirst.com/play/game/feedingfrenzy/SproutLauncher.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 4620 bytes XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx Hopelijk is alles hiermee terug in orde. Hij werkt alleszins al terug sneller!
  2. Tropic
    Hierbij reeds de logfile van hijack this. kan iemand mij vertellen wat weg mag en hoe ik ervan af geraak? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:46:45, on 25/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\runsql.exe C:\WINDOWS\svhoster.exe C:\WINDOWS\svzip.exe C:\WINDOWS\vlc.exe C:\WINDOWS\svx.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\wdmon.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\svw.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe O4 - HKLM\..\Run: [net64] C:\WINDOWS\svhoster.exe O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe O4 - HKLM\..\Run: [vlc] C:\WINDOWS\vlc.exe O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe O4 - HKLM\..\Run: [wdmon] C:\WINDOWS\wdmon.exe O4 - HKLM\..\Run: [updateWin] C:\WINDOWS\system32\2052v.exe O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe O4 - HKLM\..\RunServices: [updateWin] C:\WINDOWS\system32\2052v.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateWin] C:\WINDOWS\system32\2052v.exe O4 - HKCU\..\RunServices: [updateWin] C:\WINDOWS\system32\2052v.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204055285046 O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.playfirst.com/play/game/feedingfrenzy/SproutLauncher.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\system32\winlagons.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 5557 bytes Alvast bedankt voor de reacties!
  3. Tropic
    Probleem opgelost dus! Dikke merci!!!!
  4. Tropic
    Hierbij de logbestanden: Smitfraudfix SmitFraudFix v2.286 Scan done at 19:16:36,31, ma 11/02/2008 Run from C:\Documents and Settings\Gijs\Mijn documenten\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{747e1fbe-b70f-441d-bbca-6e536c04924a}"="didact" [HKEY_CLASSES_ROOT\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32] @="C:\WINDOWS\system32\wuuawkz.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32] @="C:\WINDOWS\system32\wuuawkz.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\wuuawkz.dll -> Hoax.Win32.Renos.gen.o C:\WINDOWS\system32\wuuawkz.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\MENUST~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\MENUST~1\Security Troubleshooting.url Deleted C:\DOCUME~1\ALLUSE~1\BUREAU~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\BUREAU~1\Security Troubleshooting.url Deleted C:\Program Files\Helper\ Deleted C:\Program Files\Online Add-on\ Deleted C:\Program Files\VirusHeat 3.9\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{D84EA966-FA90-40DA-8F01-E76C536191AC}: DhcpNameServer=195.130.129.161 195.130.130.161 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D84EA966-FA90-40DA-8F01-E76C536191AC}: DhcpNameServer=195.130.129.161 195.130.130.161 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D84EA966-FA90-40DA-8F01-E76C536191AC}: DhcpNameServer=195.130.129.161 195.130.130.161 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.130.129.161 195.130.130.161 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=195.130.129.161 195.130.130.161 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.130.129.161 195.130.130.161 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:30:15, on 11/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 3542 bytes Combofix ComboFix 08-02.05.3 - Gijs 2008-02-11 19:33:56.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.73 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Gijs\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))) . 2008-02-11 19:16 . 2008-02-11 19:16 1,534 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-11 19:15 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-02-11 19:15 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-02-11 19:15 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe 2008-02-11 19:15 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-02-11 19:15 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-02-11 19:15 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-02-11 19:15 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten 2008-02-11 19:02 . 2008-02-07 21:49 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten 2008-02-11 19:02 . 2008-02-07 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-02-10 09:43 . 2008-02-10 09:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-02-10 09:43 . 2008-02-10 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-02-10 09:10 . 2008-02-10 09:10 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-02-10 09:10 . 2008-02-10 09:10 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\PC Tools 2008-02-10 09:10 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-10 09:10 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-10 09:10 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-10 09:10 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-09 23:12 . 2008-02-09 23:12 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-09 22:16 . 2008-02-09 22:16 <DIR> dr-h----- C:\$VAULT$.AVG 2008-02-09 21:44 . 2008-02-09 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-09 20:49 . 2008-02-09 20:49 <DIR> d-------- C:\Program Files\Google 2008-02-09 18:34 . 2008-02-09 22:14 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-02-07 23:31 . 2008-02-07 23:31 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\Ahead 2008-02-07 23:26 . 2008-02-07 23:26 <DIR> d-------- C:\Program Files\Nero 2008-02-07 23:26 . 2008-02-07 23:26 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-02-07 23:22 . 2008-02-07 23:22 <DIR> d--hs---- C:\Recycled 2008-02-07 23:16 . 2008-02-07 23:16 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\AVG7 2008-02-07 23:15 . 2008-02-07 23:16 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-02-07 23:15 . 2008-02-07 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-07 23:15 . 2008-02-07 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-02-07 23:15 . 2008-02-07 23:15 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-02-07 23:15 . 2008-02-07 23:15 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-02-07 23:01 . 2008-02-07 23:01 395 --a------ C:\WINDOWS\ODBC.INI 2008-02-07 23:00 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-07 21:59 --------- d-----w C:\Program Files\Microsoft.NET 2008-02-07 21:33 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:15 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 23:17 579072] "NWEReboot"="" [] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 23:15 219136] R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 20:50] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 19:36:57 Windows 5.1.2600 Service Pack 2 FAT NTAPI detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-02-11 19:38:10 Na het gebruik van SmitFraudFix was volgens mij alles al weg. Ik heb in de 2 andere programmas alvast niks teruggevonden van wat je gezegd hebt. Hopelijk is hiermee het probleem opgelost.
  5. Tropic
    Enig idee hoe ik deze van men pc krijg? Mijn AVG virusscanner vindt hem namelijk niet terug. Alvast bedankt voor het antwoord.
  6. Tropic
    Na wat surfen kwam ik op hijackthis uit die het volgende resultaat gaf: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:52:15, on 9/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Program Files\Online Add-on\icmntr.exe C:\Program Files\Online Add-on\icthis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202589825.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Add-on\icthis.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 3561 bytes
  7. Tropic
    Hey Telkens ik op mijn pc werk krijg ik van die security alerts dat er spyware is gevonden en wanneer ik aan het surfen ben krijg ik steeds pop ups. Ik denk dat het gelegen is aan de volgende map: C:/ Program files/ Online Add on. Ik heb er echter geen idee van hoe ik deze weg krijg. Krijg steeds de melding dat de bestanden in gebruik zijn. Graag jullie raad!!!! Alvast bedankt tropic
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.