Ga naar inhoud

Tancho

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    4

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Tancho

  1. Tancho
    Hartstikke bedankt voor de goede hulp, alles werkt en geen problemen meer gehad. Ben ook maar meteen met een grote schoonmaak begonnen want kwam er toch wel achter dat dat ook nodig was. Iedereen is ook weer blij omdat de computer nu weer kan worden gebruikt, nogmaals dank. Gr Tancho
  2. Tancho
    ComboFix 08-04-15.4 - Frans 2008-04-16 14:32:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.249 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Frans\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\winhelp.ini . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))) . 2008-04-14 20:28 . 2008-04-14 20:29 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-14 20:19 . 2008-04-14 20:19 <DIR> d-------- C:\SDFix 2008-04-13 22:16 . 2008-04-13 22:16 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 20:58 . 2008-04-13 20:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-13 20:50 6,409,216 ----a-w C:\WINDOWS\Internet Logs\xDB4E6.tmp 2008-04-13 20:50 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4E7.tmp 2008-04-13 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-13 20:39 --------- d-----w C:\Program Files\SpywareBlaster 2008-04-13 20:39 --------- d-----w C:\Program Files\Hitman Pro 2008-04-13 20:01 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB4E5.tmp 2008-04-13 19:10 6,413,824 ----a-w C:\WINDOWS\Internet Logs\xDB4E4.tmp 2008-04-12 19:52 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E3.tmp 2008-04-12 18:12 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E2.tmp 2008-04-11 06:55 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4E0.tmp 2008-04-11 06:55 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4E1.tmp 2008-04-10 15:27 6,401,024 ----a-w C:\WINDOWS\Internet Logs\xDB4DE.tmp 2008-04-10 15:27 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB4DF.tmp 2008-04-09 18:39 6,400,512 ----a-w C:\WINDOWS\Internet Logs\xDB4DD.tmp 2008-04-09 07:59 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4DB.tmp 2008-04-09 07:59 38,912 ----a-w C:\WINDOWS\Internet Logs\xDB4DC.tmp 2008-04-08 19:14 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4DA.tmp 2008-04-07 20:33 6,398,976 ----a-w C:\WINDOWS\Internet Logs\xDB4D9.tmp 2008-04-05 14:02 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D8.tmp 2008-04-05 11:08 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4D7.tmp 2008-04-05 10:30 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D6.tmp 2008-04-05 07:41 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D4.tmp 2008-04-05 07:41 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB4D5.tmp 2008-04-04 11:44 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D2.tmp 2008-04-04 11:44 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB4D3.tmp 2008-04-03 18:10 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4D1.tmp 2008-04-03 15:28 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4D0.tmp 2008-04-03 14:42 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CF.tmp 2008-04-02 20:05 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CD.tmp 2008-04-02 20:05 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4CE.tmp 2008-04-02 15:36 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CC.tmp 2008-04-02 12:17 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4CB.tmp 2008-04-01 17:37 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C9.tmp 2008-04-01 17:37 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB4CA.tmp 2008-04-01 14:45 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C8.tmp 2008-03-30 17:31 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C6.tmp 2008-03-29 11:11 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C5.tmp 2008-03-28 18:19 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C4.tmp 2008-03-27 22:37 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4C3.tmp 2008-03-27 19:21 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C2.tmp 2008-03-27 19:21 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4C7.tmp 2008-03-26 19:19 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C1.tmp 2008-03-26 08:48 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB4EE.tmp 2008-03-26 08:46 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4C0.tmp 2008-03-25 22:22 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB4BF.tmp 2008-03-25 17:29 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BE.tmp 2008-03-25 07:04 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BC.tmp 2008-03-25 07:04 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB4BD.tmp 2008-03-24 19:34 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB4BB.tmp 2008-03-24 19:29 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4BA.tmp 2008-03-23 23:07 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B8.tmp 2008-03-23 23:07 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB4B9.tmp 2008-03-23 06:15 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB4B7.tmp 2008-03-23 05:57 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B6.tmp 2008-03-22 21:44 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B4.tmp 2008-03-22 21:44 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB4B5.tmp 2008-03-22 17:43 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B3.tmp 2008-03-21 16:13 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B1.tmp 2008-03-21 13:38 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB4B2.tmp 2008-03-21 10:17 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4B0.tmp 2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 18:48 6,395,904 ----a-w C:\WINDOWS\Internet Logs\xDB4AF.tmp 2008-03-18 06:59 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AD.tmp 2008-03-18 06:59 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB4AE.tmp 2008-03-17 20:43 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AC.tmp 2008-03-16 20:27 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4AB.tmp 2008-03-15 16:26 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A9.tmp 2008-03-15 16:26 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB4AA.tmp 2008-03-14 21:26 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A8.tmp 2008-03-13 19:12 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A7.tmp 2008-03-12 15:37 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A6.tmp 2008-03-12 14:04 6,394,880 ----a-w C:\WINDOWS\Internet Logs\xDB4A5.tmp 2008-03-11 22:28 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A4.tmp 2008-03-11 15:38 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A3.tmp 2008-03-10 22:07 6,395,392 ----a-w C:\WINDOWS\Internet Logs\xDB4A2.tmp 2008-03-09 20:56 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB4A0.tmp 2008-03-09 20:56 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB4A1.tmp 2008-03-09 18:51 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49F.tmp 2008-03-09 14:12 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB49E.tmp 2008-03-09 14:11 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49D.tmp 2008-03-09 13:23 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB49B.tmp 2008-03-09 13:23 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB49C.tmp 2008-03-09 12:53 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB499.tmp 2008-03-09 12:53 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB49A.tmp 2008-03-09 09:10 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB497.tmp 2008-03-09 09:10 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB498.tmp 2008-03-08 19:10 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB496.tmp 2008-03-08 11:49 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB494.tmp 2008-03-08 11:49 21,504 ----a-w C:\WINDOWS\Internet Logs\xDB495.tmp 2008-03-08 08:39 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB493.tmp 2008-03-07 22:16 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB492.tmp 2008-03-07 16:55 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB491.tmp 2008-03-07 14:24 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB490.tmp 2008-03-06 21:18 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48F.tmp 2008-03-06 07:06 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48D.tmp 2008-03-06 07:06 19,968 ----a-w C:\WINDOWS\Internet Logs\xDB48E.tmp 2008-03-05 19:49 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB48C.tmp 2008-03-05 18:50 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB48B.tmp 2008-03-05 13:03 22,528 ----a-w C:\WINDOWS\Internet Logs\xDB48A.tmp 2008-03-05 12:59 6,392,832 ----a-w C:\WINDOWS\Internet Logs\xDB489.tmp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "HyvesKwekker"="C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" [2007-04-06 11:12 1588736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 10:34 53248 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2003-11-17 11:33 753664 C:\WINDOWS\system32\nwiz.exe] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-02-17 17:01 693528] "lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 13:29 188416] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 15:26 299008] "EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 19:16 61440] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 10:03 54784 C:\WINDOWS\system32\narrator.exe] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-04-07 21:48] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2005-09-24 17:08] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2005-09-24 17:08] R3 sm56pci;sm56pci;C:\WINDOWS\system32\DRIVERS\sm56pci.sys [1999-11-05 10:42] R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2005-09-24 17:24] S2 A4SII300;A4SII300;C:\WINDOWS\system32\drivers\A4SII300.SYS [] S2 UMAXPCLS;Stuurprogramma voor scanner op printerpoort;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 22:58] S3 efipsk;efipsk;C:\DOCUME~1\josje\LOCALS~1\Temp\efipsk.sys [] . Inhoud van de 'Gedeelde Taken' map "2008-04-15 16:00:00 C:\WINDOWS\Tasks\A4A86D389187E784.job" - c:\docume~1\josje\applic~1\creati~1\SHOW BIRD ABOUT.exe "2008-04-15 16:00:00 C:\WINDOWS\Tasks\AFB461E591841379.job" - c:\docume~1\frans\applic~1\creati~1\SHOW BIRD ABOUT.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-16 14:36:25 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-16 14:37:22 ComboFix-quarantined-files.txt 2008-04-16 12:37:07 Pre-Run: 336,351,232 bytes beschikbaar Post-Run: 878,186,496 bytes beschikbaar . 2008-04-10 15:26:13 --- E O F ---
  3. Tancho
    ik heb de instructie gevolgd en hier de logs: SDFix: Version 1.171 Run by Frans on ma 14-04-2008 at 20:30 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\%^^%^%~1.exe - Deleted C:\WINDOWS\system32\^^%%%%~1.exe - Deleted C:\WINDOWS\mrofinu1423.exe - Deleted C:\Documents and Settings\Frans\real.txt - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 20:36:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:5531c660 "s2"=dword:e1098d13 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:bb,94,54,f5,0e,bc,a1,8a,06,da,02,58,d4,26,b4,62,ff,e9,41,66,52,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:77,d7,9c,2c,06,94,02,ea,8e,eb,20,7a,9e,3b,c9,ca,cd,a3,2d,35,15,.. "a0"=hex:20,01,00,00,2e,ac,89,b4,c7,17,ef,0d,da,9d,a8,3f,0e,fc,6b,f1,40,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:fe,6e,a9,2a,c8,7a,56,16,02,7d,36,98,59,9a,78,79,b6,73,1e,69,30,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:bb,94,54,f5,0e,bc,a1,8a,06,da,02,58,d4,26,b4,62,ff,e9,41,66,52,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:77,d7,9c,2c,06,94,02,ea,8e,eb,20,7a,9e,3b,c9,ca,cd,a3,2d,35,15,.. "a0"=hex:20,01,00,00,2e,ac,89,b4,c7,17,ef,0d,da,9d,a8,3f,0e,fc,6b,f1,40,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:fe,6e,a9,2a,c8,7a,56,16,02,7d,36,98,59,9a,78,79,b6,73,1e,69,30,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat"="F:\\Program Files\\EA GAMES\\The Battle for Middle-earth\\game.dat:*:Enabled:The Battle for Middle-earth " "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="F:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe"="D:\\Mijn Documenten\\Mijn ontvangen bestanden\\Winks(1)\\Winks\\mcoinstall.exe:*:Enabled:mcoinstall" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Sun 14 Mar 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8d5769ed022fab7a177db7759e6a27b\BIT3BF.tmp" Thu 21 Dec 2006 34,308 ...H. --- "C:\Documents and Settings\Bart\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll" Wed 11 Jul 2007 34,308 ...H. --- "C:\Documents and Settings\Frans\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll" Finished! ----------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:45:21, on 14-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lexmark 6200 Series\lxbumon.exe C:\Program Files\Lexmark 6200 Series\ezprint.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\lxbucoms.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = StartNow's Internet Explorer Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mobstar - A dark world of money, murder and politics R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = StartNow's Internet Explorer Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = StartNow's Internet Explorer Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Ashampoo Magical Defrag.lnk = F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: AshampooDefragService - - F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6470 bytes
  4. Tancho
    Hallo, ik heb een msn virus opgelopen door op een link van een foto te klikken, ik ben er al achter dat ik niet de enige ben en heb al vast een log van hijackthis gemaakt: kunnen jullie mij helpen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:17:14, on 13-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lexmark 6200 Series\lxbumon.exe C:\Program Files\Lexmark 6200 Series\ezprint.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\mrofinu1423.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe C:\WINDOWS\system32\lxbucoms.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = StartNow's Internet Explorer Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mobstar - A dark world of money, murder and politics R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = StartNow's Internet Explorer Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = StartNow's Internet Explorer Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe O2 - BHO: PopThis! BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {14922705-B322-21AD-45D9-66E1038AC291} - C:\DOCUME~1\josje\APPLIC~1\GPLELS~1\PILECURB.exe (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe" O4 - HKLM\..\Run: [okaysoftwarenounbold] C:\Documents and Settings\All Users\Application Data\eggs road okay software\InsidePeak.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\ %^ ^%^%^^% ^^ ^ ^%%%^%%%% %^ % % %.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Two Axis] C:\DOCUME~1\Frans\APPLIC~1\CREATI~1\Date Blue.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [HyvesKwekker] "C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Frans\Local Settings\Temp\{7C98C270-A011-4BC8-9BEC-F3AD96DD5BC0}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Ashampoo Magical Defrag.lnk = F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing) O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\mathies.com\PopThis!\PopThis.dll (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: AshampooDefragService - - F:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8295 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.