Het is nu ma apr 21, 2014 2:25 am

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 17 berichten ]  Ga naar pagina 1, 2  Volgende
Auteur Bericht
 Berichttitel: BROWSERKAPING
BerichtGeplaatst: di aug 19, 2008 11:26 pm 
Offline
Lid

Geregistreerd: ma jun 18, 2007 9:28 pm
Berichten: 20
:roll: Hallo ik heb windows xp opnieuw geinstall alles draait prima,maar ik zit alleen met een brouwserkaper van msn
in de adres balk zie ik eerst dit adres http://go.microsoft.com/fwlink/?LinkId=74005
en dan veranderd het naar dit adres http://www.msn.com/404.aspx?aspxerrorpa ... once2.aspx
waarna ik dus de msn pag te zien krijg.

hijackthis lofile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:52, on 19-8-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\adobe photoshop 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\adobe photoshop 5.0\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\anton\Mijn documenten\exe files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\adobe photoshop 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MyApp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MyApp\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\adobe photoshop 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6199 bytes


MBAM LOGFILE
Malwarebytes' Anti-Malware 1.25
Database versie: 1071
Windows 5.1.2600 Service Pack 3

23:08:04 19-8-2008
mbam-log-08-19-2008 (23-08-04).txt

Scan type: Snelle Scan
Objecten gescand: 37200
Verstreken tijd: 2 minute(s), 15 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)


MET VRIENDELIJKE GROET ANTON :D


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: za aug 23, 2008 4:30 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


start opnieuw op en stel handmatig even je startpagina naar wens in.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel: nog geen resultaat
BerichtGeplaatst: zo aug 24, 2008 9:06 pm 
Offline
Lid

Geregistreerd: ma jun 18, 2007 9:28 pm
Berichten: 20
:D Hallo Eric helaas heeft de uitgevoerde bewerking geen resultaat opgeleverd.
hier mijn nieuwe log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:46, on 24-8-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\adobe photoshop 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\adobe photoshop 5.0\apdproxy.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\anton\Mijn documenten\exe files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\adobe photoshop 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MyApp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MyApp\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\adobe photoshop 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6077 bytes


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: zo aug 24, 2008 9:29 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Volg deze instructies om Combofix te downloaden. Is er iets niet duidelijk, dan vraag je het.
Voer de instructies op de BleepingComputer pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je combofix al eerder gebruikt hebt en de recovery console al geïnstalleerd hebt mag je die stap overslaan.

OPMERKING:
Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe, als Combofix aangeeft dat er een nieuwere versie beschikbaar is, dan sta je toe dat deze gedownload wordt.
Volg de instructies en aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: zo aug 24, 2008 10:14 pm 
Offline
Lid

Geregistreerd: ma jun 18, 2007 9:28 pm
Berichten: 20
:D Hallo eric nog even een vraag over XP Recovery Console.
Ik heb sp 3 xp home maar deze wordt niet aan geboden door microsoft
altans niet op de pagina waar naar gelinkt wordt.
enig idee?
gr Anton


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: zo aug 24, 2008 10:26 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
probeer sp2 , lukt het niet sla de stap dan over.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: zo aug 24, 2008 10:44 pm 
Offline
Lid

Geregistreerd: ma jun 18, 2007 9:28 pm
Berichten: 20
Hallo eric,
Hier het log file van combo fix

ComboFix 08-08-23.03 - anton 2008-08-24 22:37:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1568 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\anton\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\anton\Bureaublad\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))
.

2008-08-24 22:29 . 2008-08-24 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-24 22:28 . 2008-08-24 22:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-24 21:35 . 2008-08-24 21:35 <DIR> d-------- C:\Program Files\Matrox Imaging
2008-08-24 21:35 . 2001-12-13 02:03 8,126,736 --a------ C:\WINDOWS\system32\milim.dll
2008-08-24 21:30 . 2008-08-24 21:35 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-24 21:21 . 2008-08-24 21:21 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-08-24 19:26 . 2008-08-24 19:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-24 19:26 . 2008-08-24 19:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-24 19:26 . 2008-08-24 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-22 18:23 . 2008-08-22 18:23 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-21 11:29 . 2008-04-14 19:02 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-20 23:29 . 2008-08-20 23:29 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-20 23:23 . 2008-08-20 23:24 <DIR> d-------- C:\Program Files\mediaplayer clasic
2008-08-20 23:16 . 2008-08-20 23:16 <DIR> d-------- C:\Documents and Settings\anton\Application Data\Media Player Classic
2008-08-20 21:15 . 2008-08-20 21:15 <DIR> d-------- C:\Documents and Settings\anton\Application Data\HP
2008-08-20 21:15 . 2008-08-20 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-08-20 21:13 . 2008-08-20 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-20 21:13 . 2008-08-20 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-20 21:13 . 2008-08-20 21:13 0 --a------ C:\WINDOWS\system32\ŸÕŸÕ
2008-08-20 21:12 . 2008-08-20 21:12 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-20 21:12 . 2008-08-20 21:12 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-20 21:12 . 2008-08-20 21:12 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-20 21:12 . 2007-10-30 11:25 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-20 21:12 . 2007-10-30 11:25 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-20 21:11 . 2008-08-20 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-20 21:11 . 2007-10-30 11:11 729,088 -ra------ C:\WINDOWS\system32\hpowiax7.dll
2008-08-20 21:11 . 2007-10-30 11:11 581,632 -ra------ C:\WINDOWS\system32\hpotscl6.dll
2008-08-20 21:11 . 2007-10-30 11:25 372,736 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-08-20 21:11 . 2007-10-30 11:25 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-08-20 21:11 . 2007-10-30 11:11 303,104 -ra------ C:\WINDOWS\system32\hpovst15.dll
2008-08-20 21:11 . 2007-11-08 16:52 271,704 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-08-20 21:11 . 2007-10-20 18:25 117,760 --a------ C:\WINDOWS\system32\hpzll5mu.dll
2008-08-20 21:11 . 2007-10-30 11:25 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-08-20 21:11 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-20 21:11 . 2008-04-13 20:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-20 21:09 . 2008-08-20 21:10 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-20 21:09 . 2008-08-20 21:14 <DIR> d-------- C:\Program Files\HP
2008-08-20 21:06 . 2008-08-20 21:14 168,429 --a------ C:\WINDOWS\hpoins27.dat
2008-08-20 21:06 . 2008-01-18 17:56 932 --------- C:\WINDOWS\hpomdl27.dat
2008-08-20 13:08 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-20 13:08 . 2008-04-13 20:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-19 23:01 . 2008-08-19 23:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 23:01 . 2008-08-19 23:01 <DIR> d-------- C:\Documents and Settings\anton\Application Data\Malwarebytes
2008-08-19 23:01 . 2008-08-19 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 23:01 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-19 23:01 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-19 22:16 . 2008-08-19 22:16 <DIR> d-------- C:\Documents and Settings\anton\Application Data\SmartFTP
2008-08-19 22:15 . 2008-08-19 22:15 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-08-19 22:15 . 2008-08-19 22:15 <DIR> d-------- C:\Program Files\SmartFTP Client
2008-08-19 21:59 . 2008-08-19 21:59 <DIR> d-------- C:\WINDOWS\Sun
2008-08-19 21:59 . 2008-08-19 21:59 <DIR> d-------- C:\Program Files\Sun
2008-08-19 21:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-19 21:58 . 2008-08-19 21:59 <DIR> d-------- C:\Program Files\Java
2008-08-19 21:58 . 2008-08-19 21:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-18 23:35 . 2008-08-18 23:35 <DIR> d-------- C:\Program Files\ScreenPrint32 v3
2008-08-18 23:35 . 2008-08-18 23:35 249,856 --------- C:\WINDOWS\Setup1.exe
2008-08-18 23:35 . 2008-08-18 23:35 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-08-18 23:00 . 2008-08-18 23:00 <DIR> d-------- C:\Program Files\CleanUp!
2008-08-18 22:28 . 2008-08-18 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-08-18 22:12 . 2008-08-24 22:28 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-18 22:10 . 2008-08-18 22:27 <DIR> d-------- C:\Program Files\NOS
2008-08-18 22:10 . 2008-08-18 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-18 22:08 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-08-18 22:08 . 2008-08-19 22:06 395 --a------ C:\WINDOWS\ODBC.INI
2008-08-18 22:07 . 2008-08-18 22:08 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-18 22:07 . 2008-08-18 22:07 <DIR> d-------- C:\Program Files\MyApp
2008-08-18 22:05 . 2008-08-18 22:05 <DIR> dr-h----- C:\MSOCache
2008-08-18 21:44 . 2008-08-18 21:44 <DIR> d-------- C:\Program Files\uTorrent
2008-08-18 21:44 . 2008-08-20 23:16 <DIR> d-------- C:\Documents and Settings\anton\Application Data\uTorrent
2008-08-18 21:40 . 2008-08-19 19:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-18 21:40 . 2008-08-18 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 19:57 . 2008-08-20 23:10 180 --a------ C:\rollback.ini
2008-08-18 19:54 . 2008-08-18 20:36 <DIR> d-------- C:\Documents and Settings\anton\Application Data\MailFrontier
2008-08-18 19:51 . 2008-08-24 22:39 10,286,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-18 19:51 . 2008-08-24 14:23 130,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-18 19:46 . 2008-08-18 19:46 <DIR> d-------- C:\Program Files\Zone Labs
2008-08-18 19:46 . 2008-08-18 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-18 19:45 . 2008-08-24 22:31 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-08-18 19:30 . 2008-08-18 19:30 <DIR> d-------- C:\Program Files\Google
2008-08-18 19:30 . 2008-08-24 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-18 19:20 . 2008-06-23 18:43 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-18 19:20 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-18 19:20 . 2007-03-08 07:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-18 19:20 . 2008-06-23 18:43 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-18 19:20 . 2008-06-23 18:43 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-18 19:20 . 2008-06-23 18:43 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-18 19:20 . 2008-06-23 18:43 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-18 19:20 . 2008-06-23 18:43 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-18 19:20 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-18 00:49 . 2008-08-18 19:20 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2008-08-18 00:49 . 2008-08-18 00:49 <DIR> d-------- C:\WINDOWS\system32\nl
2008-08-18 00:49 . 2008-08-18 00:49 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-18 00:49 . 2008-08-18 00:49 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-18 00:03 . 2008-08-18 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-17 22:59 . 2008-08-24 21:28 18,098 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-08-17 22:59 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-08-17 22:59 . 2004-08-13 04:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-08-17 22:54 . 2006-06-14 13:44 12,288 --a------ C:\WINDOWS\system32\drivers\EIO.sys
2008-08-17 22:53 . 2008-08-17 22:53 <DIR> d-------- C:\Program Files\My Company Name
2008-08-17 22:52 . 2008-08-17 23:02 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-17 22:51 . 2008-08-17 22:51 <DIR> d-------- C:\WINDOWS\nview
2008-08-17 22:51 . 2007-04-13 00:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-17 22:51 . 2007-04-12 17:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-17 22:51 . 2007-04-12 17:44 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-17 22:50 . 2008-08-17 22:50 <DIR> d-------- C:\Program Files\Common Files\InstallShield

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 20:25 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-24 20:25 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-24 20:25 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-08-24 20:25 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-08-24 20:25 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-08-24 20:25 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-08-20 21:53 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-08-17 21:02 --------- d-----w C:\Program Files\Analog Devices
2008-08-17 21:01 --------- d-----w C:\Program Files\Realtek
2008-08-17 19:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:43 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 17:44 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 10:00 925696]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 20:36 446464]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 17:44 8429568]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 21:17 49152]
"Adobe Photo Downloader"="D:\adobe photoshop 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2007-04-12 17:44 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:02 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 20:38:52 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;D:\adobe photoshop 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]
S0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2002-07-09 23:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - ADOBEACTIVEFILEMONITOR6.0
*Newly Created Service* - CATCHME
*Newly Created Service* - FLEXNET_LICENSING_SERVICE
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.zeelandnet.nl/
O8 -: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MyApp\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 22:39:07
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-08-24 22:39:43
ComboFix-quarantined-files.txt 2008-08-24 20:39:41

Pre-Run: 217,905,405,952 bytes beschikbaar
Post-Run: 217,889,312,768 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

212 --- E O F --- 2008-08-22 16:23:55


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: ma aug 25, 2008 7:00 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

Afbeelding

vertel even hoe het nu gaat aub

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: ma aug 25, 2008 10:14 pm 
Offline
Lid

Geregistreerd: ma jun 18, 2007 9:28 pm
Berichten: 20
:( Hallo eric helaas nog steeds geen resultaat.

gr anton


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di aug 26, 2008 9:50 am 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Plaats even een nieuw HJT logje aub

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di aug 26, 2008 5:08 pm 
Offline
Lid

Geregistreerd: ma jun 18, 2007 9:28 pm
Berichten: 20
Sorry,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:58, on 26-8-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\adobe photoshop 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\adobe photoshop 6.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\anton\Mijn documenten\exe files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\adobe photoshop 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MyApp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MyApp\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\adobe photoshop 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6575 bytes


gr anton :roll:


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di aug 26, 2008 6:39 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Doe een on-line scan bij Panda. Bewaar het logje en plaats dat hier, samen met een nieuw hijackthis-logje.

Hoe is het met je problemen?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di aug 26, 2008 8:50 pm 
Offline
Lid

Geregistreerd: ma jun 18, 2007 9:28 pm
Berichten: 20
Hallo eric het probleem van de browser kaper is er nog steeds.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-26 20:42:30
PROTECTIONS: 1
MALWARE: 23
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Zone Alarm Security Suite 7.0.483.000 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@tradedoubler[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@mediaplex[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@revenue[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@apmebf[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@weborama[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@advertising[1].txt
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@metriweb[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@bravenet[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No F:\Documents and Settings\anton administrator\Cookies\anton_administrator@searchportal.information[2].txt
00356048 Application/PassRock HackTools No 0 No No C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe[C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe][RAS.exe]
00356048 Application/PassRock HackTools No 0 No No F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe[F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe][RAS.exe]
00359825 Application/PassRock HackTools No 0 No No C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe[C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe][RockXp_.exe]
00359825 Application/PassRock HackTools No 0 No No F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe[F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe][RockXp_.exe]
00360476 Application/PassRock HackTools No 0 Yes No F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe
00360476 Application/PassRock HackTools No 0 Yes No C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\ultimate xp cracks\Rock XP 2.0.exe
02430323 Generic Trojan Virus/Trojan No 0 No No F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\ultimate xp cracks\Windows 2003 & XP Anti Product Activation Crack 1.8 Beta 2.rar[WPA_Kill.exe]
02430323 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\ultimate xp cracks\Windows 2003 & XP Anti Product Activation Crack 1.8 Beta 2.rar[WPA_Kill.exe]
02933925 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\ultimate xp cracks\WinXP Activation 1.0.exe
02933925 Generic Trojan Virus/Trojan No 0 Yes No F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\ultimate xp cracks\WinXP Activation 1.0.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\ultimate xp cracks\Windows 2003 & XP Anti Product Activation Crack 1.2.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\ultimate xp cracks\Windows 2003 & XP Anti Product Activation Crack 1.2.exe
03257451 Spyware/Virtumonde Spyware No 1 No No D:\utorend\adobe premiere ellements 4\Adobe Premiere Elements v4 0 DVD Multilanguage Retail iso Incl Keygen\CORE_KEYGEN.rar[CORE KEYGEN\keygen.exe]
03257451 Spyware/Virtumonde Spyware No 1 No No E:\back up utorend files\utorend\adobe premiere ellements 4\Adobe Premiere Elements v4 0 DVD Multilanguage Retail iso Incl Keygen\CORE_KEYGEN.rar[CORE KEYGEN\keygen.exe]
03277040 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\Documents and Settings\anton\Mijn documenten\ZIP FILES\keygenerater adobe ellements 2.0.zip[Adobe.Premiere.Elements.v2.0.GERMAN.Retail.WinXP.Incl.Keymaker-CORE/keygen.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location \#
;===================================================================================================================================================================================
No C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\anti activation crack 2.0.1\Windows 2003 & XP & LH Anti Product Activation Crack 2.0.1.EXE
No C:\Documents and Settings\anton\Mijn documenten\xp cracktweak\anti activation crack 2.0.1\Windows 2003 & XP & LH Anti Product Activation Crack 2.0.1.zip[Windows 2003 & XP & LH Anti Product Activation Crack 2.0.1.EXE]
No F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\anti activation crack 2.0.1\Windows 2003 & XP & LH Anti Product Activation Crack 2.0.1.EXE
No F:\Documents and Settings\anton administrator\Mijn documenten\xp cracktweak\anti activation crack 2.0.1\Windows 2003 & XP & LH Anti Product Activation Crack 2.0.1.zip[Windows 2003 & XP & LH Anti Product Activation Crack 2.0.1.EXE]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description \#
;===================================================================================================================================================================================
;===================================================================================================================================================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:22, on 26-8-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\adobe photoshop 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\anton\Mijn documenten\exe files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\adobe photoshop 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MyApp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MyApp\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\adobe photoshop 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6765 bytes


gr anton


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo aug 27, 2008 8:38 am 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Cracks gebruikt ??

gebruik eens RIES http://support.microsoft.com/kb/923737/nl
om je IE instellingen te herstellen, vertel dan eens hoe het gaat.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo aug 27, 2008 10:09 pm 
Offline
Lid

Geregistreerd: ma jun 18, 2007 9:28 pm
Berichten: 20
Hallo eric,

sorry maar ik zie echt geen reset staan als ik dit menu open
zoals beschreven
Klik in het menu Extra op Internet-opties.
2. Klik op het tabblad Geavanceerd op Reset.
3. Klik in het dialoogvenster Reset Internet Explorer Settings op Reset.
4. Wanneer de standaardinstellingen van Internet Explorer 7 zijn hersteld, klikt u op Sluiten en vervolgens tweemaal op OK.
5. Sluit Internet Explorer 7. De wijzigingen worden doorgevoerd wanneer u Internet Explorer 7 de volgende keer opent.

of doe ik iets verkeerd

gr Anton


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 17 berichten ]  Ga naar pagina 1, 2  Volgende

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Majestic-12 [Bot] en 0 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling