Mededeling

Collapse
No announcement yet.

vervelende popup

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    vervelende popup

    beste leden,

    zoals al enkele voorgangers heb ik een hardnekkige popup te pakken gekregen, geen idee hoe ik eraan kom, nog minder hoe ikhiervanaf kom.

    hopelijk moet dit wel lukken met jullie hulp.

    ik heb hijack this het volgende logbestandje laten maken:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:51:09, on 13-2-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Dit.exe
    G:\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    G:\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Registry Clean Expert\RCHelper.exe
    G:\StatBar\StatBar.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\DitExp.exe
    G:\MICROS~2\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\JeePee\LOCALS~1\Temp\~DP9.dll (file missing)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
    O4 - Global Startup: StatBar.lnk = G:\StatBar\StatBar.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\MICROS~2\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188587429522
    O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - http://www.cadcollege.com/tools/symbolen/whip.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E7F992C8-1314-4021-B99B-AB48CF90A18C}: NameServer = 195.18.114.5,195.18.115.5
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 4720 bytes




    hierna heb ik een scan gemaakt met Combfix, wat het volgende als resultaat gaf:


    ComboFix 08-02-12.1 - JeePee 2008-02-13 20:44:31.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.274 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\JeePee\Bureaublad\ComboFix.exe

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\temp\tn3
    C:\WINDOWS\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))
    .

    2008-02-13 20:47 . 2008-02-13 20:47 <DIR> d-------- C:\temp\tn3
    2008-02-12 21:40 . 2008-02-12 21:43 <DIR> d-------- C:\RVAXO
    2008-02-12 21:27 . 2008-02-12 21:32 <DIR> d-------- C:\Program Files\XoftSpySE
    2008-02-11 20:51 . 2008-02-11 01:13 685,095 --a------ C:\WINDOWS\system32\RVAXO.bat
    2008-02-11 20:51 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
    2008-02-11 20:49 . 2008-02-11 20:49 <DIR> d-------- C:\Program Files\Trend Micro
    2008-02-11 19:46 . 2008-02-11 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-11 19:31 . 2008-02-11 19:38 <DIR> d-------- C:\Program Files\EsetOnlineScanner
    2008-02-10 19:24 . 2008-02-11 19:46 <DIR> d-------- C:\Program Files\Eset
    2008-02-10 18:53 . 2008-02-10 18:53 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
    2008-02-10 18:53 . 2008-02-10 18:53 86,144 --a------ C:\WINDOWS\system32\drivers\usbintell.sys
    2008-02-10 17:00 . 2008-02-10 17:52 <DIR> d-------- C:\Program Files\Registry Clean Expert
    2008-02-10 16:40 . 2008-02-11 19:58 59 --a------ C:\WINDOWS\[email protected]
    2008-02-10 16:25 . 2008-02-10 16:25 <DIR> d-------- C:\Program Files\BankingTools
    2008-02-10 15:49 . 2008-02-10 15:49 <DIR> d-------- C:\Program Files\Belastingdienst
    2008-01-20 20:32 . 2008-01-20 20:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-01-20 19:58 . 2008-02-13 19:56 <DIR> dr-h----- C:\Documents and Settings\JeePee\Onlangs geopend

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-11 18:46 --------- d-----w C:\Documents and Settings\JeePee\Application Data\uTorrent
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598F4775-6FB6-477B-9842-E0426824E077}]
    C:\DOCUME~1\JeePee\LOCALS~1\Temp\~DP9.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
    "H/PC Connection Agent"="G:\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:34 1289000]
    "RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-01-31 02:09 604920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2002-08-15 11:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2002-07-30 14:50 372736 C:\WINDOWS\system32\nwiz.exe]
    "Dit"="Dit.exe" [2002-08-28 12:43 73728 C:\WINDOWS\Dit.exe]
    "iTunesHelper"="G:\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    StatBar.lnk - G:\StatBar\StatBar.exe [2003-07-25 02:40:06 335872]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-05-11 03:06 40048 G:\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-09-20 14:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
    --a------ 2004-05-05 09:51 491520 C:\WINDOWS\system32\hphmon05.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
    --a------ 2004-04-01 16:03 49152 G:\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a------ 2007-09-20 08:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

    R1 usbintell;usbintell;C:\WINDOWS\system32\drivers\usbintell.sys [2008-02-10 18:53]
    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
    S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-10-16 13:52:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-11 18:20:09 C:\WINDOWS\Tasks\HP Usg Daily.job"
    - G:\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 20:47:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\DitExp.exe
    G:\MICROS~2\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-02-13 20:49:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-13 19:49:10
    ComboFix2.txt 2008-02-13 19:03:18
    ComboFix3.txt 2008-02-12 20:46:32
    ComboFix4.txt 2008-02-12 20:10:13
    .
    2008-01-20 19:36:42 --- E O F ---



    nu heb ik het idee dat ik ook een bestandje genaamd CFScript.txt moet aanmaken en deze naar combfix laten slepen, maar na deze scans houd mijn kennis hierover wel op.

    Kan iemand mij vertellen wat ik moet doen of hoe ik van deze popup af kan komen, want 't houd mij al even bezig.

    groeten,
    JPCDW
    Labels: Geen
      • Citaat
    • #2
      Hi JPCDW,

      Welkom op Nucia!

      Open een nieuw kladblok bestand.

      Kopieer en plak daarin de onderstaande code.
      Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.


      Code:
      Driver::
usbintell

File::
C:\WINDOWS\system32\drivers\usbintell.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\DOCUME~1\JeePee\LOCALS~1\Temp\~DP9.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598F4775-6FB6-477B-9842-E0426824E077}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
      Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



      Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
      Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

      - Daniël
        • Citaat

        Comment

        • #3
          Daniel, bedankt voor je snelle reactie, voor mij is't namelijk zoeken naar een speldeknopje in een oceaan.
          Voor nu lijkt de popup te zijn verdwenen, GELUKKIG!

          hieronder mijn log van combfix:

          ComboFix 08-02-12.1 - JeePee 2008-02-13 21:16:41.6 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.221 [GMT 1:00]
          Gestart vanuit: C:\Documents and Settings\JeePee\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\JeePee\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

          FILE
          C:\DOCUME~1\JeePee\LOCALS~1\Temp\~DP9.dll
          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\system32\drivers\usbintell.sys
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\system32\drivers\usbintell.sys
          C:\temp\tn3
          C:\WINDOWS\system32\drivers\core.cache.dsk
          C:\WINDOWS\system32\drivers\usbintell.sys

          .
          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

          .
          -------\LEGACY_USBINTELL
          -------\usbintell


          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))
          .

          2008-02-13 20:49 . 2008-02-13 20:49 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
          2008-02-12 21:40 . 2008-02-12 21:43 <DIR> d-------- C:\RVAXO
          2008-02-12 21:27 . 2008-02-12 21:32 <DIR> d-------- C:\Program Files\XoftSpySE
          2008-02-11 20:51 . 2008-02-11 01:13 685,095 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-02-11 20:51 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-02-11 20:49 . 2008-02-11 20:49 <DIR> d-------- C:\Program Files\Trend Micro
          2008-02-11 19:46 . 2008-02-11 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
          2008-02-11 19:31 . 2008-02-11 19:38 <DIR> d-------- C:\Program Files\EsetOnlineScanner
          2008-02-10 19:24 . 2008-02-11 19:46 <DIR> d-------- C:\Program Files\Eset
          2008-02-10 17:00 . 2008-02-10 17:52 <DIR> d-------- C:\Program Files\Registry Clean Expert
          2008-02-10 16:40 . 2008-02-11 19:58 59 --a------ C:\WINDOWS\[email protected]
          2008-02-10 16:25 . 2008-02-10 16:25 <DIR> d-------- C:\Program Files\BankingTools
          2008-02-10 15:49 . 2008-02-10 15:49 <DIR> d-------- C:\Program Files\Belastingdienst
          2008-01-20 20:32 . 2008-01-20 20:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
          2008-01-20 19:58 . 2008-02-13 21:15 <DIR> dr-h----- C:\Documents and Settings\JeePee\Onlangs geopend

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-13 20:18 --------- d-----w C:\Documents and Settings\JeePee\Application Data\uTorrent
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
          "H/PC Connection Agent"="G:\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:34 1289000]
          "RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-01-31 02:09 604920]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SoundMan"="SOUNDMAN.EXE" [2002-08-15 11:46 46592 C:\WINDOWS\SOUNDMAN.EXE]
          "nwiz"="nwiz.exe" [2002-07-30 14:50 372736 C:\WINDOWS\system32\nwiz.exe]
          "Dit"="Dit.exe" [2002-08-28 12:43 73728 C:\WINDOWS\Dit.exe]
          "iTunesHelper"="G:\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          StatBar.lnk - G:\StatBar\StatBar.exe [2003-07-25 02:40:06 335872]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
          --a------ 2007-05-11 03:06 40048 G:\Reader 8.0\Reader\Reader_sl.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
          --a------ 2007-09-20 14:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
          --a------ 2004-05-05 09:51 491520 C:\WINDOWS\system32\hphmon05.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
          --a------ 2004-04-01 16:03 49152 G:\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
          --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
          --a------ 2007-09-20 08:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
          --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]


          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
          --a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

          S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys
          S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys

          .
          Inhoud van de 'Gedeelde Taken' map
          "2007-10-16 13:52:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          "2008-02-11 18:20:09 C:\WINDOWS\Tasks\HP Usg Daily.job"
          - G:\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-13 21:19:45
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          ------------------------ Other Running Processes ------------------------
          .
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\system32\wdfmgr.exe
          C:\WINDOWS\system32\wscntfy.exe
          G:\MICROS~2\rapimgr.exe
          C:\WINDOWS\DitExp.exe
          C:\Program Files\iPod\bin\iPodService.exe
          .
          **************************************************************************
          .
          Voltooingstijd: 2008-02-13 21:21:08 - machine was rebooted
          ComboFix-quarantined-files.txt 2008-02-13 20:21:05
          ComboFix2.txt 2008-02-13 19:49:16
          ComboFix3.txt 2008-02-13 19:03:18
          ComboFix4.txt 2008-02-12 20:46:32
          ComboFix5.txt 2008-02-12 20:10:13
          .
          2008-01-20 19:36:42 --- E O F ---



          en hieronder van hijackthis


          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 21:24:10, on 13-2-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Bonjour\mDNSResponder.exe
          C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\WINDOWS\Dit.exe
          G:\iTunes\iTunesHelper.exe
          C:\Program Files\MSN Messenger\MsnMsgr.Exe
          G:\Microsoft ActiveSync\Wcescomm.exe
          C:\Program Files\Registry Clean Expert\RCHelper.exe
          G:\StatBar\StatBar.exe
          C:\WINDOWS\System32\svchost.exe
          G:\MICROS~2\rapimgr.exe
          C:\WINDOWS\DitExp.exe
          C:\WINDOWS\explorer.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\notepad.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
          O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [Dit] Dit.exe
          O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Microsoft ActiveSync\Wcescomm.exe"
          O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
          O4 - Global Startup: StatBar.lnk = G:\StatBar\StatBar.exe
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\MICROS~2\INetRepl.dll
          O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\MICROS~2\INetRepl.dll
          O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\MICROS~2\INetRepl.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188587429522
          O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - http://www.cadcollege.com/tools/symbolen/whip.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{E7F992C8-1314-4021-B99B-AB48CF90A18C}: NameServer = 195.18.114.5,195.18.115.5
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
          O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
          O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
          O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

          --
          End of file - 4520 bytes


          Hartelijke dank!!!!
            • Citaat

            Comment

            • #4
              Graag gedaan!

              Je mag de gebruikte tools verwijderen. ComboFix verwijder je zo:

              Ga naar Start -> Uitvoeren
              Typ in: ComboFix /U en druk op OK.

              Ik zie geen (actieve) anti virus software op je systeem staan, waarom is dit? Download eens een anti virus programma via de onderstaande link, installeer deze vervolgens, haal de nieuwste updates binnen en voer een volledig systeem scan uit.

              http://www.jawwi.nl/software/antivirus.html

              Post daarna eens een nieuw logje van HijackThis.


              - Daniël
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X
                😀
                🥰
                🤢
                😎
                😡
                👍
                👎