Mededeling

Collapse
No announcement yet.

onoes

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • onoes

    Ik heb her en der informatie gelezen over het onoes bestand. Ik heb even een log file gemaakt, zodat iemand me zou kunnen helpen???
    Ik heb gisteren windows opnieuw geinstalleerd en mijn harde schijf danig opgeruimd. Ik heb daardoor mijn Norton nog niet opnieuw geinstalleerd. Dat ga ik z.s.m. doen.
    Mij log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:33:18, on 29-1-2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    F:\setup.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\dllhost.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    F:\Setup\hpzgat01.exe
    F:\Setup\hpzmsi01.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\MsiExec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rabobank.nl/particulieren/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\System32\dxdllreg.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzrcv01.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

    --
    End of file - 2476 bytes

  • #2
    Wat is het probleem juist omdat je dit logje post?

    Als je last hebt van malware, dan lijkt me het beste wat je kan doen opnieuw formateren, aangezien je zelf aangeeft dat de computer gisteren pas geformateerd is.
    Blijkbaar heb je nauwelijks nieuwe software geïnstalleerd. Je hebt ook niets van securitysoftware geïnstalleerd.

    Comment


    • #3
      onoes

      De harde schijf formatteren wilde niet lukken. Ik heb een compaq pc die daar schijnbaar tegen beveiligd is??? Ik kwam in het mapje Windows een bestandje onoes tegen. Toen ik dat googlede bleek dat het hier om een worm gaat. Verwijderen lukt ook niet. Een advies was om het hier te plaatsen met een log file. Dat heb ik gedaan. Ik zou dus graag die worm willen verwijderen. Bedankt voor je reactie trouwens.

      Comment


      • #4
        Laat het bestand voor de zekerheid eens scannen hier: http://www.virustotal.com/en/indexf.html

        Post het resultaat van de scan.

        Comment


        • #5
          Dit bestand is reeds gescanned:
          MD5: e10041322af0b04ab6dc4da9b2d48077
          Datum: 2007.11.20 18:19:58 (CET) [>70D]
          Resultaat: 31/31
          Permalink: analisis/d5cde028f813e3a9a0dc69a1fef29ac3

          Antivirus Versie Laatst geüpdatet Resultaat
          AhnLab-V3 - - Win32/IRCBot.worm.variant
          AntiVir - - Worm/Rbot.174080
          Authentium - - W32/Backdoor.XLM
          Avast - - Win32:SdBot-gen44
          AVG - - BackDoor.Generic2.UTX
          BitDefender - - Backdoor.Eggdrop.V
          CAT-QuickHeal - - Backdoor.Rbot.gen
          ClamAV - - Trojan.Eggdrop-16
          DrWeb - - Win32.HLLW.MyBot
          eSafe - - Win32.EggDrop.v
          eTrust-Vet - - Win32/Rbot.EPW
          Ewido - - Backdoor.EggDrop.v
          FileAdvisor - - High threat detected
          Fortinet - - W32/RBot.9722!tr.bdr
          F-Prot - - W32/Backdoor.XLM
          F-Secure - - Backdoor.Win32.EggDrop.v
          Ikarus - - Backdoor.Win32.EggDrop.v
          Kaspersky - - Backdoor.Win32.EggDrop.v
          McAfee - - W32/Gaobot.worm.gen.u
          Microsoft - - Backdoor:Win32/Rbot
          NOD32v2 - - Win32/Rbot
          Norman - - W32/Spybot.AGXH
          Panda - - W32/Gaobot.MFM.worm
          Rising - - Backdoor.Rbot.enw
          Sophos - - W32/Rbot-FVY
          Sunbelt - - Backdoor.Win32.EggDrop.v
          Symantec - - W32.Spybot.Worm
          TheHacker - - Backdoor/EggDrop.v
          VBA32 - - Backdoor.Win32.EggDrop.v
          VirusBuster - - Backdoor.EggDrop.CG
          Webwasher-Gateway - - Worm.Rbot.174080
          Extra informatie
          MD5: e10041322af0b04ab6dc4da9b2d48077
          SHA1: d0890ca87ce11bf6e0384d18fd92fc48f2f776a5
          SHA256: cbf8af243789b0f6c6fbe19ab079f8c2de1b4e06b2e287418638d4ec8261f30f
          SHA512: a3261e181a65813f697b180daf59e06cad84eea0c507862d5ef641790d08b2e8 f3d5fbe4246f2cb2032125e440ed87e87b6ca9b755d28d6b9f8412acd85ccb1e

          Comment


          • #6
            Lijkt me duidelijk.

            Verwijder het bestand.

            Comment


            • #7
              Het blijft terug komen....Verwijderen had ik al eens gedaan

              Comment


              • #8
                Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
                Plaats het op je bureaublad.
                Dubbelklik er op om het programma te starten.
                In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
                Volg de instructies op het scherm.
                Als het tooltje klaar is, opent er een logfile (combofix.txt).
                Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                Comment


                • #9
                  Allereerst de combofix log:

                  ComboFix 08-01-30.6 - oeben 2008-01-30 19:49:56.1 - NTFSx86
                  Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.100 [GMT 1:00]
                  Gestart vanuit: C:\Documents and Settings\oeben\Local Settings\Temporary Internet Files\Content.IE5\FOCWI61C\ComboFix[1].exe
                  * Nieuw herstelpunt werd aangemaakt

                  WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                  .

                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  C:\Documents and Settings\Eigenaar\Application Data\DriveCleaner 2006 Free
                  C:\Documents and Settings\Eigenaar\Application Data\DriveCleaner 2006 Free\Logs\update.log
                  C:\Program Files\ISTsvc
                  C:\Program Files\myglobalsearch
                  C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
                  C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
                  C:\Program Files\outlook
                  C:\Program Files\outlook\outlook.exe
                  C:\Program Files\outlook\p.zip
                  C:\Program Files\outlook\v.tmp
                  C:\Program Files\winupdates
                  D:\Autorun.inf . . . . konden niet verwijderd worden

                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))
                  .

                  2008-01-29 20:36 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
                  2008-01-29 20:36 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
                  2008-01-29 20:36 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
                  2008-01-29 20:36 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
                  2008-01-29 20:35 . 2008-01-29 20:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
                  2008-01-29 20:32 . 2008-01-29 20:32 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-01-29 20:29 . 2008-01-29 20:29 <DIR> d-------- C:\Program Files\Common Files\HP
                  2008-01-29 20:29 . 2008-01-29 20:29 43,488 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
                  2008-01-29 20:21 . 2008-01-29 20:21 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
                  2008-01-29 20:21 . 2004-01-05 10:44 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
                  2008-01-29 20:20 . 2008-01-29 20:21 <DIR> d----c--- C:\Documents and Settings\oeben\Application Data\PrevxCSI
                  2008-01-29 20:20 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
                  2008-01-29 20:20 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
                  2008-01-29 20:20 . 2004-01-05 10:44 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
                  2008-01-29 20:19 . 2002-08-29 01:32 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
                  2008-01-29 20:19 . 2002-08-29 01:32 28,160 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
                  2008-01-29 20:19 . 2002-08-29 01:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
                  2008-01-29 20:19 . 2002-08-29 01:50 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
                  2008-01-29 20:19 . 2004-01-05 10:44 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
                  2008-01-29 20:19 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
                  2008-01-29 20:19 . 2002-08-29 01:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
                  2008-01-29 20:17 . 2004-01-05 10:44 38,879 --------- C:\WINDOWS\hpomdl03.dat
                  2008-01-29 20:17 . 2008-01-29 21:08 29,200 --a------ C:\WINDOWS\hpoins03.dat
                  2008-01-28 19:36 . 2008-01-28 19:36 16,760 --a--c--- C:\Documents and Settings\oeben\Application Data\GDIPFONTCACHEV1.DAT
                  2008-01-28 19:25 . 2008-01-28 19:25 <DIR> d-------- C:\Program Files\Bdienst
                  2008-01-28 18:43 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
                  2008-01-28 18:33 . 2008-01-28 18:33 395 --a------ C:\WINDOWS\ODBC.INI
                  2008-01-28 17:11 . 2008-01-28 17:11 <DIR> d-------- C:\Program Files\SAGEM
                  2008-01-28 17:11 . 2008-01-28 17:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
                  2008-01-28 17:11 . 2004-09-06 17:35 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
                  2008-01-28 16:51 . 2008-01-28 16:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData
                  2008-01-28 15:11 . 2008-01-28 20:23 <DIR> d----c--- C:\Documents and Settings\oeben\Application Data\MSN6
                  2008-01-28 15:11 . 2008-01-28 15:11 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
                  2008-01-28 14:51 . 2008-01-30 19:49 <DIR> d----c--- C:\Documents and Settings\oeben\Application Data\MailWasherPro
                  2008-01-28 14:51 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
                  2008-01-28 14:49 . 2008-01-28 14:01 <DIR> d--h-c--- C:\Documents and Settings\oeben\Sjablonen
                  2008-01-28 14:49 . 2008-01-28 21:02 <DIR> dr-h-c--- C:\Documents and Settings\oeben\Onlangs geopend
                  2008-01-28 14:49 . 2008-01-28 14:46 <DIR> d--h-c--- C:\Documents and Settings\oeben\Netwerkprinteromgeving
                  2008-01-28 14:49 . 2008-01-28 19:27 <DIR> dr---c--- C:\Documents and Settings\oeben\Mijn documenten
                  2008-01-28 14:49 . 2008-01-28 14:46 <DIR> dr---c--- C:\Documents and Settings\oeben\Menu Start
                  2008-01-28 14:49 . 2008-01-29 20:56 <DIR> dr---c--- C:\Documents and Settings\oeben\Favorieten
                  2008-01-28 14:49 . 2008-01-30 20:26 <DIR> d----c--- C:\Documents and Settings\oeben\Bureaublad
                  2008-01-28 14:49 . 2002-08-29 01:32 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
                  2008-01-28 14:46 . 2008-01-28 14:01 <DIR> d--h-c--- C:\Documents and Settings\Default User.WINDOWS\Sjablonen
                  2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d--h-c--- C:\Documents and Settings\Default User.WINDOWS\Onlangs geopend
                  2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d--h-c--- C:\Documents and Settings\Default User.WINDOWS\Netwerkprinteromgeving
                  2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d----c--- C:\Documents and Settings\Default User.WINDOWS\Mijn documenten
                  2008-01-28 14:46 . 2008-01-28 14:46 <DIR> dr---c--- C:\Documents and Settings\Default User.WINDOWS\Menu Start
                  2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d----c--- C:\Documents and Settings\Default User.WINDOWS\Favorieten
                  2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d----c--- C:\Documents and Settings\Default User.WINDOWS\Bureaublad
                  2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d--h-c--- C:\Documents and Settings\All Users.WINDOWS\Sjablonen
                  2008-01-28 14:46 . 2008-01-29 20:34 <DIR> dr---c--- C:\Documents and Settings\All Users.WINDOWS\Menu Start
                  2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Favorieten
                  2008-01-28 14:46 . 2008-01-28 14:03 <DIR> dr---c--- C:\Documents and Settings\All Users.WINDOWS\Documenten
                  2008-01-28 14:46 . 2008-01-29 21:08 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Bureaublad
                  2008-01-28 14:46 . 2002-09-11 13:00 1,901,005 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
                  2008-01-28 14:44 . 2008-01-28 14:12 782 --a------ C:\WINDOWS\system32\$winnt$.inf
                  2008-01-28 14:39 . 2008-01-28 14:05 <DIR> dr------- C:\WINDOWS\Web
                  2008-01-28 14:39 . 2008-01-29 20:19 <DIR> d-------- C:\WINDOWS\twain_32
                  2008-01-28 14:39 . 2008-01-28 14:39 <DIR> d-------- C:\WINDOWS\mui
                  2008-01-28 14:39 . 2008-01-28 14:39 <DIR> d-------- C:\WINDOWS\Driver Cache
                  2008-01-28 14:39 . 2008-01-28 14:39 <DIR> d-------- C:\WINDOWS\addins
                  2008-01-28 14:13 . 2008-01-28 14:13 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
                  2008-01-28 14:10 . 2002-09-11 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
                  2008-01-28 14:09 . 2002-09-11 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
                  2008-01-28 14:08 . 2001-09-06 21:27 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
                  2008-01-28 14:07 . 2008-01-28 14:07 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
                  2008-01-28 14:07 . 2008-01-28 14:49 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
                  2008-01-28 14:07 . 2008-01-28 14:07 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
                  2008-01-28 14:07 . 2008-01-28 14:07 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
                  2008-01-28 14:07 . 2008-01-28 14:07 2,845 --a------ C:\WINDOWS\system32\CONFIG.NT
                  2008-01-28 14:07 . 2008-01-28 14:07 0 --a------ C:\WINDOWS\control.ini
                  2008-01-28 14:05 . 2008-01-28 14:07 <DIR> d--hsc--- C:\Documents and Settings\All Users.WINDOWS\DRM
                  2008-01-28 14:05 . 2008-01-28 14:05 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
                  2008-01-28 14:05 . 2008-01-28 14:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
                  2008-01-28 14:03 . 2002-09-11 13:00 798,782 --a--c--- C:\WINDOWS\system32\dllcache\srchui.dll
                  2008-01-28 14:02 . 2008-01-28 14:02 21,748 --a------ C:\WINDOWS\system32\emptyregdb.dat
                  2008-01-28 14:02 . 2008-01-28 14:02 37 --a------ C:\WINDOWS\vbaddin.ini
                  2008-01-28 14:02 . 2008-01-28 14:02 36 --a------ C:\WINDOWS\vb.ini
                  2008-01-28 13:34 . 2002-04-15 14:31 107,776 --a------ C:\WINDOWS\system32\drivers\ac97ich4.sys
                  2008-01-27 18:39 . 2008-01-27 18:39 <DIR> d-------- C:\WINDOWS\Sun
                  2008-01-27 16:13 . 2008-01-27 16:13 <DIR> d---s---- C:\Documents and Settings\Eigenaar\UserData
                  2008-01-27 16:12 . 2008-01-27 16:12 <DIR> d-------- C:\Documents and Settings\Eigenaar\Contacts
                  2007-12-03 23:38 . 2007-12-03 23:38 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\PlayFirst

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-01-28 08:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                  2008-01-26 16:32 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\MailWasherPro
                  2008-01-26 11:11 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\U3
                  2008-01-04 09:35 --------- d-----w C:\Program Files\HT Ratings
                  2004-11-30 18:18 8,224 ----a-w C:\Documents and Settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
                  .

                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-11 13:00 13312]
                  "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
                  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-11 13:00 13312]

                  C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
                  HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
                  Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]


                  *Newly Created Service* - ALG
                  *Newly Created Service* - IPNAT
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-01-30 20:26:38
                  Windows 5.1.2600 Service Pack 1 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  .
                  ------------------------ Other Running Processes ------------------------
                  .
                  C:\Program Files\HP\HP Software Update\HPWuSchd.exe
                  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  .
                  **************************************************************************
                  .
                  Voltooingstijd: 2008-01-30 20:31:03 - machine was rebooted
                  ComboFix-quarantined-files.txt 2008-01-30 19:30:41

                  EN DAN NU DE HIJACKTHIS LOG:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 20:34:07, on 30-1-2008
                  Platform: Windows XP SP1 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\HP\HP Software Update\HPWuSchd.exe
                  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                  C:\WINDOWS\System32\ctfmon.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  C:\WINDOWS\System32\wuauclt.exe
                  C:\WINDOWS\system32\notepad.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rabobank.nl/particulieren/
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                  O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
                  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                  O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

                  --
                  End of file - 2532 bytes

                  Comment


                  • #10
                    Je hebt nog steeds geen antivirusprogramma op je computer: conf:
                    Dacht dat je de boodschap in mijn eerste post in deze thread wel begrepen zou hebben.
                    Installeer een antivirusprogramma, update deze en laat die scannen.
                    Wordt er wat gevonden dan laat je dit verwijderen.

                    Meld je daarna terug met een nieuwe log van Combofix en van Hijackthis.

                    Comment


                    • #11
                      ComboFix 08-01-31.4 - oeben 2008-01-31 9:47:44.2 - NTFSx86
                      Microsoft Windows XP Professional 5.1.2600.1.1252.1.1043.18.90 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\oeben\Bureaublad\ComboFix.exe
                      * Nieuw herstelpunt werd aangemaakt

                      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
                      .

                      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))
                      .

                      2008-01-30 21:00 . 2008-01-30 21:00 0 --a------ C:\WINDOWS\VPC32.INI
                      2008-01-30 20:57 . 2008-01-30 20:58 <DIR> d-------- C:\Program Files\Symantec
                      2008-01-30 20:57 . 2008-01-30 20:58 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
                      2008-01-30 20:57 . 2002-11-14 06:46 124,167 --a------ C:\WINDOWS\system32\SYMEVNT.386
                      2008-01-30 20:57 . 2002-11-14 06:46 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
                      2008-01-30 20:57 . 2002-11-14 06:46 73,480 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
                      2008-01-29 20:36 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
                      2008-01-29 20:36 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
                      2008-01-29 20:36 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
                      2008-01-29 20:36 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
                      2008-01-29 20:35 . 2008-01-29 20:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
                      2008-01-29 20:32 . 2008-01-29 20:32 <DIR> d-------- C:\Program Files\Trend Micro
                      2008-01-29 20:29 . 2008-01-29 20:29 <DIR> d-------- C:\Program Files\Common Files\HP
                      2008-01-29 20:29 . 2008-01-29 20:29 43,488 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
                      2008-01-29 20:21 . 2008-01-29 20:21 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
                      2008-01-29 20:21 . 2004-01-05 10:44 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
                      2008-01-29 20:20 . 2008-01-29 20:21 <DIR> d----c--- C:\Documents and Settings\oeben\Application Data\PrevxCSI
                      2008-01-29 20:20 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
                      2008-01-29 20:20 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
                      2008-01-29 20:20 . 2004-01-05 10:44 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
                      2008-01-29 20:19 . 2002-08-29 01:32 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
                      2008-01-29 20:19 . 2002-08-29 01:32 28,160 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
                      2008-01-29 20:19 . 2002-08-29 01:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
                      2008-01-29 20:19 . 2002-08-29 01:50 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
                      2008-01-29 20:19 . 2004-01-05 10:44 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
                      2008-01-29 20:19 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
                      2008-01-29 20:19 . 2002-08-29 01:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
                      2008-01-29 20:17 . 2004-01-05 10:44 38,879 --------- C:\WINDOWS\hpomdl03.dat
                      2008-01-29 20:17 . 2008-01-29 21:08 29,200 --a------ C:\WINDOWS\hpoins03.dat
                      2008-01-28 19:36 . 2008-01-28 19:36 16,760 --a--c--- C:\Documents and Settings\oeben\Application Data\GDIPFONTCACHEV1.DAT
                      2008-01-28 19:25 . 2008-01-28 19:25 <DIR> d-------- C:\Program Files\Bdienst
                      2008-01-28 18:43 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
                      2008-01-28 18:33 . 2008-01-30 20:57 613 --a------ C:\WINDOWS\ODBC.INI
                      2008-01-28 17:11 . 2008-01-28 17:11 <DIR> d-------- C:\Program Files\SAGEM
                      2008-01-28 17:11 . 2008-01-28 17:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
                      2008-01-28 17:11 . 2004-09-06 17:35 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
                      2008-01-28 16:51 . 2008-01-28 16:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData
                      2008-01-28 15:11 . 2008-01-28 20:23 <DIR> d----c--- C:\Documents and Settings\oeben\Application Data\MSN6
                      2008-01-28 15:11 . 2008-01-28 15:11 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
                      2008-01-28 14:51 . 2008-01-31 09:46 <DIR> d----c--- C:\Documents and Settings\oeben\Application Data\MailWasherPro
                      2008-01-28 14:51 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
                      2008-01-28 14:49 . 2008-01-28 14:01 <DIR> d--h-c--- C:\Documents and Settings\oeben\Sjablonen
                      2008-01-28 14:49 . 2008-01-28 21:02 <DIR> dr-h-c--- C:\Documents and Settings\oeben\Onlangs geopend
                      2008-01-28 14:49 . 2008-01-28 14:46 <DIR> d--h-c--- C:\Documents and Settings\oeben\Netwerkprinteromgeving
                      2008-01-28 14:49 . 2008-01-28 19:27 <DIR> dr---c--- C:\Documents and Settings\oeben\Mijn documenten
                      2008-01-28 14:49 . 2008-01-28 14:46 <DIR> dr---c--- C:\Documents and Settings\oeben\Menu Start
                      2008-01-28 14:49 . 2008-01-29 20:56 <DIR> dr---c--- C:\Documents and Settings\oeben\Favorieten
                      2008-01-28 14:49 . 2008-01-31 09:46 <DIR> d----c--- C:\Documents and Settings\oeben\Bureaublad
                      2008-01-28 14:49 . 2002-08-29 01:32 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
                      2008-01-28 14:46 . 2008-01-28 14:01 <DIR> d--h-c--- C:\Documents and Settings\Default User.WINDOWS\Sjablonen
                      2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d--h-c--- C:\Documents and Settings\Default User.WINDOWS\Onlangs geopend
                      2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d--h-c--- C:\Documents and Settings\Default User.WINDOWS\Netwerkprinteromgeving
                      2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d----c--- C:\Documents and Settings\Default User.WINDOWS\Mijn documenten
                      2008-01-28 14:46 . 2008-01-28 14:46 <DIR> dr---c--- C:\Documents and Settings\Default User.WINDOWS\Menu Start
                      2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d----c--- C:\Documents and Settings\Default User.WINDOWS\Favorieten
                      2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d----c--- C:\Documents and Settings\Default User.WINDOWS\Bureaublad
                      2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d--h-c--- C:\Documents and Settings\All Users.WINDOWS\Sjablonen
                      2008-01-28 14:46 . 2008-01-29 20:34 <DIR> dr---c--- C:\Documents and Settings\All Users.WINDOWS\Menu Start
                      2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Favorieten
                      2008-01-28 14:46 . 2008-01-28 14:03 <DIR> dr---c--- C:\Documents and Settings\All Users.WINDOWS\Documenten
                      2008-01-28 14:46 . 2008-01-29 21:08 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Bureaublad
                      2008-01-28 14:46 . 2002-09-11 13:00 1,901,005 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
                      2008-01-28 14:44 . 2008-01-28 14:12 782 --a------ C:\WINDOWS\system32\$winnt$.inf
                      2008-01-28 14:39 . 2008-01-28 14:05 <DIR> dr------- C:\WINDOWS\Web
                      2008-01-28 14:39 . 2008-01-29 20:19 <DIR> d-------- C:\WINDOWS\twain_32
                      2008-01-28 14:39 . 2008-01-28 14:39 <DIR> d-------- C:\WINDOWS\mui
                      2008-01-28 14:39 . 2008-01-28 14:39 <DIR> d-------- C:\WINDOWS\Driver Cache
                      2008-01-28 14:39 . 2008-01-28 14:39 <DIR> d-------- C:\WINDOWS\addins
                      2008-01-28 14:13 . 2008-01-28 14:13 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
                      2008-01-28 14:10 . 2002-09-11 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
                      2008-01-28 14:09 . 2002-09-11 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
                      2008-01-28 14:08 . 2001-09-06 21:27 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
                      2008-01-28 14:07 . 2008-01-28 14:07 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
                      2008-01-28 14:07 . 2008-01-28 14:49 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
                      2008-01-28 14:07 . 2008-01-28 14:07 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
                      2008-01-28 14:07 . 2008-01-28 14:07 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
                      2008-01-28 14:07 . 2008-01-28 14:07 2,845 --a------ C:\WINDOWS\system32\CONFIG.NT
                      2008-01-28 14:07 . 2008-01-28 14:07 0 --a------ C:\WINDOWS\control.ini
                      2008-01-28 14:05 . 2008-01-28 14:07 <DIR> d--hsc--- C:\Documents and Settings\All Users.WINDOWS\DRM
                      2008-01-28 14:05 . 2008-01-28 14:05 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
                      2008-01-28 14:05 . 2008-01-28 14:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
                      2008-01-28 14:03 . 2002-09-11 13:00 798,782 --a--c--- C:\WINDOWS\system32\dllcache\srchui.dll
                      2008-01-28 14:02 . 2008-01-28 14:02 21,748 --a------ C:\WINDOWS\system32\emptyregdb.dat
                      2008-01-28 14:02 . 2008-01-28 14:02 37 --a------ C:\WINDOWS\vbaddin.ini
                      2008-01-28 14:02 . 2008-01-28 14:02 36 --a------ C:\WINDOWS\vb.ini
                      2008-01-28 13:34 . 2002-04-15 14:31 107,776 --a------ C:\WINDOWS\system32\drivers\ac97ich4.sys
                      2008-01-27 18:39 . 2008-01-27 18:39 <DIR> d-------- C:\WINDOWS\Sun
                      2008-01-27 16:13 . 2008-01-27 16:13 <DIR> d---s---- C:\Documents and Settings\Eigenaar\UserData
                      2008-01-27 16:12 . 2008-01-27 16:12 <DIR> d-------- C:\Documents and Settings\Eigenaar\Contacts
                      2007-12-03 23:38 . 2007-12-03 23:38 <DIR> d-------- C:\Documents and Settings\Eigenaar\Application Data\PlayFirst

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-01-30 19:57 --------- d-----w C:\Program Files\NavNT
                      2008-01-28 13:07 558,142 ----a-w C:\WINDOWS\java\Packages\LZ5ZFPZD.ZIP
                      2008-01-28 13:06 155,995 ----a-w C:\WINDOWS\java\Packages\BBFJ7F9N.ZIP
                      2008-01-28 08:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                      2008-01-26 16:32 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\MailWasherPro
                      2008-01-26 11:11 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\U3
                      2008-01-04 09:35 --------- d-----w C:\Program Files\HT Ratings
                      2004-11-30 18:18 8,224 ----a-w C:\Documents and Settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-11 13:00 13312]
                      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 15:08 1511453]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
                      "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
                      "vptray"="C:\PROGRA~1\NavNT\vptray.exe" [2001-09-24 06:59 73728]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-11 13:00 13312]

                      C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
                      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
                      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]


                      *Newly Created Service* - DEFWATCH
                      *Newly Created Service* - NAVAP
                      *Newly Created Service* - NAVAPEL
                      *Newly Created Service* - NAVENG
                      *Newly Created Service* - NAVEX15
                      *Newly Created Service* - NORTON_ANTIVIRUS_SERVER
                      *Newly Created Service* - SYMEVENT
                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-01-31 09:51:50
                      Windows 5.1.2600 Service Pack 1 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      **************************************************************************
                      .
                      Voltooingstijd: 2008-01-31 9:54:12
                      ComboFix-quarantined-files.txt 2008-01-31 08:53:16
                      ComboFix2.txt 2008-01-30 19:31:03
                      --------------------------------------------------------------------------








                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 9:58:49, on 31-1-2008
                      Platform: Windows XP SP1 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\Program Files\HP\HP Software Update\HPWuSchd.exe
                      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                      C:\WINDOWS\System32\ctfmon.exe
                      C:\Program Files\Messenger\msmsgs.exe
                      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                      C:\WINDOWS\System32\wuauclt.exe
                      C:\Program Files\NavNT\defwatch.exe
                      C:\Program Files\NavNT\rtvscan.exe
                      C:\WINDOWS\System32\MsgSys.EXE
                      C:\PROGRA~1\NavNT\vptray.exe
                      C:\WINDOWS\explorer.exe
                      C:\WINDOWS\system32\notepad.exe
                      C:\Documents and Settings\oeben\Bureaublad\E-mail.exe
                      C:\Program Files\Outlook Express\msimn.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rabobank.nl/particulieren/
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
                      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
                      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                      O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
                      O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
                      O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

                      --
                      End of file - 3034 bytes

                      Comment


                      • #12
                        Ziet er goed uit.
                        Zijn er nog problemen?

                        Comment


                        • #13
                          Ik geloof het niet. Bedankt voor alle adviezen die je hebt gegeven!
                          Groetjes

                          Comment


                          • #14
                            Mooi.
                            Fix deze nog met hijackthis:
                            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

                            En update eerst je windows.

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X