Mededeling

Collapse
No announcement yet.

Live.Messenger.com-Virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Live.Messenger.com-Virus

    Goedemiddag,

    ik zat gister met mijn vriendin te chatten op MSN en toen stuurde ze me een link naar een internetsite. Dit deed haar PC zonder dat ze dat zelf wist.
    De link had zo'n soort naam: I hope this isent you true =]" with a PIC006- JPEG file en het was een MS DOS Applicatie.
    En elke keer als ik nu mij laptop opstart komt er een pop-up van mijn MCAfee scanner met de naam live.messenger.com het zegt tevens dat het een MS-DOS applicatie is met de vraag of ik hem wil uitvoeren.
    Heb eerst bij McAfee gekeken maar daar kwam ik niet uit toen gezocht met google en zag dat jullie al meer mensen hadden geholpen met dit probleem.
    Ik heb de volgende acties gedaan:

    - MCAfee laten scannen: geen resultaat
    - Spybot Search & Destroy laten scannen: vond een aantal trackers heb ik verwijderd maar heb nog steeds die pop-up bij het starten.
    - MSN messenger verwijderd daarna niet meer geïnstallerd
    - Hijackthis logje gemaakt: zie hieronder

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:33:14, on 2-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\EzButton\CPLDBL10.EXE
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Virus Detectors\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Virus Detectors\IMsecure\IMsecure.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\WESSEL~1\LOCALS~1\Temp\Rar$EX01.765\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
    O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Virus Detectors\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Anubis P2P.lnk = C:\Program Files\Media search tools\Anubis P2P\Anubis.exe
    O4 - Startup: IMsecure.lnk = C:\Program Files\Virus Detectors\IMsecure\IMsecure.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

    --
    End of file - 8042 bytes

    Hoop dat jullie me kunnen helpen,

    Groeten Wessel Boer

  • #2
    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    Klik op 'Fix checked' om de items te verwijderen.
    Sluit hijackthis.

    Open de verkenner ("Deze Computer") en kies Extra -> Mapopties...
    Controleer onder Weergave de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Druk daarna op Toepassen gevolgd door Ok.

    Verwijder het volgende bestand:
    C:\Windows\live.messenger.com

    En de volgende map:
    C:\Program Files\MSN Messenger

    Herstart de computer en post een nieuw log van hijackthis.

    Comment


    • #3
      Ik heb alle stappen die je hebt voorgestelt gedaan alleen ik kan C:\Windows\live.messenger.com niet vinden, die andere heb ik wel weg gegooit zal ik toch herstarten nu?

      Comment


      • #4
        ik heb met de zoek functie van windows gezocht en die heeft dit gevonden: LIVE.MESSENGER.COM-34C2DB23.pf in de map c:\windows\prefetch...
        bedoel je die?

        Comment


        • #5
          ik ga zo slapen dus ik heb het volgende gedaan..
          - Ik heb de file LIVE.MESSENGER.COM-34C2DB23.pf verwijderd en op een memorystick gezet.
          - toen heb ik op nieuw opgestart.
          - geen pop-up meer
          -en zoals gevraagt heb ik nog maals een log gemaakt

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 22:07:37, on 2-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.6000.16608)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
          C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
          C:\Program Files\McAfee\Common Framework\FrameworkService.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\igfxtray.exe
          C:\WINDOWS\System32\hkcmd.exe
          C:\Program Files\Apoint2K\Apoint.exe
          C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
          C:\Program Files\EzButton\CPLDBL10.EXE
          C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
          C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
          C:\Program Files\McAfee\Common Framework\UdaterUI.exe
          C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
          C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\WINDOWS\system32\LVCOMSX.EXE
          C:\Program Files\TomTom HOME 2\HOMERunner.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\Virus Detectors\Spybot - Search & Destroy\TeaTimer.exe
          C:\Program Files\McAfee\Common Framework\McTray.exe
          C:\Program Files\Virus Detectors\IMsecure\IMsecure.exe
          C:\Program Files\Apoint2K\Apntex.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Media search tools\WinRAR.exe
          C:\DOCUME~1\WESSEL~1\LOCALS~1\Temp\Rar$EX00.110\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
          O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
          O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
          O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
          O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
          O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
          O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
          O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
          O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
          O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Virus Detectors\Spybot - Search & Destroy\TeaTimer.exe
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Startup: Anubis P2P.lnk = C:\Program Files\Media search tools\Anubis P2P\Anubis.exe
          O4 - Startup: IMsecure.lnk = C:\Program Files\Virus Detectors\IMsecure\IMsecure.exe
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
          O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
          O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
          O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
          O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

          --
          End of file - 7934 bytes

          ik lees morgen wel wat je ervan vindt,

          Groetjes Wessel

          Comment


          • #6
            Het bestand live.messenger.com is een verborgen systeembestand.
            Door die regel met hijackthis te fixen wordt deze niet meer geactiveerd.
            Het bestand in de Prefetch directory is een hulp bestand. (niet het virus bestand)
            Je mag het bestand van de memorystick verwijderen.

            Download Deckard's System Scanner naar je Bureaublad.
            • Sluit alle toepassingen en vensters.
            • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
            • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
            • Kopi?er (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

            Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
            - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
            Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
            Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

            Comment


            • #7
              als ik dss.exe wil laten uitvoeren zegt ie dat ie de uitgever niet kan bevestigen, weet u zeker dat u deze software wilt laten uitvoeren?
              als ik dan op uitvoeren druk komt ie met een fout melding:
              C:\documents and settings\wessel boer\bureaublad\dss.exe is geen geldige win32 toepassing.

              Comment


              • #8
                Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

                Is er iets niet duidelijk, dan vraag je het.
                Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
                Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                Comment


                • #9
                  de handleiding voor combofix spreekt over een herstel/recovery console is dat het zelfde als een setup-opstartdiskette zoals het op de microsite wordt genoemd?

                  Comment


                  • #10
                    Bij Windows98 was er nog een opstart diskette. Dat is bij Windows XP niet meer mogelijk. Hiervoor is de Herstel Console gekomen. Een programma dat je installeert en bij problemen kan je via opstarten met F8 dit programma gebruiken.

                    Comment


                    • #11
                      hier volgen eerst de combifix log en daarna de hyjackthis log:
                      ComboFix 08-03-03.12 - WesselBoer 2008-03-03 20:52:52.1 - NTFSx86
                      Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.224 [GMT 1:00]
                      Gestart vanuit: C:\Documents and Settings\WesselBoer\Bureaublad\ComboFix.exe
                      .

                      (((((((((((((((((((( Bestanden Gemaakt van 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))
                      .

                      2008-03-02 18:48 . 2008-03-02 18:48 <DIR> d-------- C:\Documents and Settings\WesselBoer\Application Data\InterVideo
                      2008-03-02 13:53 . 2008-03-02 15:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
                      2008-03-02 10:00 . 2008-03-02 10:01 4,212 ---h----- C:\WINDOWS\system32\imlictbl.dat
                      2008-03-02 09:57 . 2008-03-02 10:00 <DIR> d-------- C:\WINDOWS\Internet Logs
                      2008-03-02 09:57 . 2004-09-30 11:21 2,200,832 --a------ C:\WINDOWS\system32\imslsp.dll
                      2008-03-02 09:57 . 2004-09-30 11:21 345,352 --a------ C:\WINDOWS\system32\lockbox.dll
                      2008-03-02 09:57 . 2004-07-27 14:56 110,950 --a------ C:\WINDOWS\system32\zlimclnup.exe
                      2008-03-02 09:57 . 1996-08-09 03:30 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
                      2008-03-02 09:55 . 2004-09-30 11:21 603,400 --a------ C:\WINDOWS\system32\imsinstall.dll
                      2008-03-02 09:51 . 2008-03-02 15:32 <DIR> d-------- C:\Program Files\Virus Detectors
                      2008-03-01 16:22 . 2008-03-01 16:22 140,288 -r-hs---- C:\WINDOWS\live.messenger.com

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2008-03-02 12:11 --------- d-----w C:\Program Files\McAfee
                      2008-02-26 22:16 --------- d-----w C:\Documents and Settings\WesselBoer\Application Data\LimeWire
                      2008-01-03 22:54 --------- d-----w C:\Program Files\TomTom HOME 2
                      2008-01-03 22:54 --------- d-----w C:\Documents and Settings\WesselBoer\Application Data\TomTom
                      2008-01-03 22:54 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
                      2008-01-03 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2008-01-03 22:53 --------- d-----w C:\Documents and Settings\WesselBoer\Application Data\InstallShield
                      2008-01-03 22:52 23,630,592 ----a-w C:\Program Files\TomTomHOME.exe
                      2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
                      2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 17:25 68856]
                      "SpybotSD TeaTimer"="C:\Program Files\Virus Detectors\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-05-29 16:26 155648]
                      "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-05-29 16:14 114688]
                      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-06-18 13:44 151552]
                      "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2003-07-23 17:03 135168]
                      "CPLDBL10"="C:\Program Files\EzButton\CPLDBL10.EXE" [2003-07-03 19:34 204800]
                      "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 15:19 638976]
                      "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2003-07-18 14:24 49152]
                      "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 12:39 136768]
                      "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 07:50 112216]
                      "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2004-02-19 10:07 147514]
                      "McAfeeFireTray"="C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2006-07-20 14:21 655427]
                      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-21 16:39 185896]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
                      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
                      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
                      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                      C:\Documents and Settings\WesselBoer\Menu Start\Programma's\Opstarten\
                      Anubis P2P.lnk - C:\Program Files\Media search tools\Anubis P2P\Anubis.exe [2007-07-30 10:34:06 2438656]
                      IMsecure.lnk - C:\Program Files\Virus Detectors\IMsecure\IMsecure.exe [2008-03-02 09:57:12 746760]

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                      "EnableFirewall"= 0 (0x0)

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "C:\\Program Files\\Media search tools\\LimeWire\\LimeWire.exe"=
                      "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
                      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

                      R2 DPortIO;Dritek Port I/O Driver;C:\WINDOWS\system32\Drivers\DPortIO.sys [2001-04-12 15:04]
                      R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-09-17 15:12]
                      S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\System32\ASNDIS5.SYS [2002-09-09 18:54]

                      .
                      **************************************************************************

                      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2008-03-03 20:54:39
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      --------------------- DLLs Geladen Onder Lopende Processen ---------------------

                      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
                      -> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
                      .
                      Voltooingstijd: 2008-03-03 20:55:20
                      .
                      2008-02-13 21:00:56 --- E O F ---


                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 20:57:12, on 3-3-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
                      C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
                      C:\Program Files\McAfee\Common Framework\FrameworkService.exe
                      C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
                      C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\System32\igfxtray.exe
                      C:\WINDOWS\System32\hkcmd.exe
                      C:\Program Files\Apoint2K\Apoint.exe
                      C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
                      C:\Program Files\EzButton\CPLDBL10.EXE
                      C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
                      C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
                      C:\Program Files\McAfee\Common Framework\UdaterUI.exe
                      C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
                      C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
                      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                      C:\Program Files\McAfee\Common Framework\McTray.exe
                      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
                      C:\Program Files\QuickTime\qttask.exe
                      C:\WINDOWS\system32\LVCOMSX.EXE
                      C:\Program Files\TomTom HOME 2\HOMERunner.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\Apoint2K\Apntex.exe
                      C:\Program Files\Virus Detectors\IMsecure\IMsecure.exe
                      C:\WINDOWS\system32\wscntfy.exe
                      C:\WINDOWS\explorer.exe
                      C:\Program Files\Virus Detectors\Spybot - Search & Destroy\TeaTimer.exe
                      C:\WINDOWS\system32\notepad.exe
                      C:\DOCUME~1\WESSEL~1\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
                      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
                      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
                      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
                      O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
                      O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
                      O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
                      O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
                      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
                      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
                      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
                      O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
                      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
                      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Virus Detectors\Spybot - Search & Destroy\TeaTimer.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                      O4 - Startup: Anubis P2P.lnk = C:\Program Files\Media search tools\Anubis P2P\Anubis.exe
                      O4 - Startup: IMsecure.lnk = C:\Program Files\Virus Detectors\IMsecure\IMsecure.exe
                      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\VIRUSD~1\SPYBOT~1\SDHelper.dll
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                      O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
                      O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
                      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
                      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

                      --
                      End of file - 7886 bytes

                      Comment


                      • #12
                        Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

                        File::
                        C:\WINDOWS\live.messenger.com


                        Sla dit op op je Bureaublad als CFScript.txt.

                        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                        Dit zal ComboFix doen herstarten.

                        Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

                        Comment


                        • #13
                          Heb ik gedaan...

                          ComboFix 08-03-03.12 - WesselBoer 2008-03-04 21:57:56.2 - NTFSx86
                          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.262 [GMT 1:00]
                          Gestart vanuit: C:\Documents and Settings\WesselBoer\Bureaublad\ComboFix.exe
                          Command switches used :: C:\Documents and Settings\WesselBoer\Bureaublad\CFScript.txt
                          * Nieuw herstelpunt werd aangemaakt

                          FILE ::
                          C:\WINDOWS\live.messenger.com
                          .

                          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                          .

                          C:\WINDOWS\live.messenger.com

                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))
                          .

                          2008-03-02 18:48 . 2008-03-02 18:48 <DIR> d-------- C:\Documents and Settings\WesselBoer\Application Data\InterVideo
                          2008-03-02 13:53 . 2008-03-02 15:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
                          2008-03-02 10:00 . 2008-03-02 10:01 4,212 ---h----- C:\WINDOWS\system32\imlictbl.dat
                          2008-03-02 09:57 . 2008-03-02 10:00 <DIR> d-------- C:\WINDOWS\Internet Logs
                          2008-03-02 09:57 . 2004-09-30 11:21 2,200,832 --a------ C:\WINDOWS\system32\imslsp.dll
                          2008-03-02 09:57 . 2004-09-30 11:21 345,352 --a------ C:\WINDOWS\system32\lockbox.dll
                          2008-03-02 09:57 . 2004-07-27 14:56 110,950 --a------ C:\WINDOWS\system32\zlimclnup.exe
                          2008-03-02 09:57 . 1996-08-09 03:30 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
                          2008-03-02 09:55 . 2004-09-30 11:21 603,400 --a------ C:\WINDOWS\system32\imsinstall.dll
                          2008-03-02 09:51 . 2008-03-02 15:32 <DIR> d-------- C:\Program Files\Virus Detectors

                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2008-03-02 12:11 --------- d-----w C:\Program Files\McAfee
                          2008-02-26 22:16 --------- d-----w C:\Documents and Settings\WesselBoer\Application Data\LimeWire
                          2008-01-03 22:52 23,630,592 ----a-w C:\Program Files\TomTomHOME.exe
                          2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
                          2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
                          .

                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          REGEDIT4
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
                          "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 17:25 68856]
                          "SpybotSD TeaTimer"="C:\Program Files\Virus Detectors\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-05-29 16:26 155648]
                          "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-05-29 16:14 114688]
                          "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-06-18 13:44 151552]
                          "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2003-07-23 17:03 135168]
                          "CPLDBL10"="C:\Program Files\EzButton\CPLDBL10.EXE" [2003-07-03 19:34 204800]
                          "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 15:19 638976]
                          "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2003-07-18 14:24 49152]
                          "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 12:39 136768]
                          "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 07:50 112216]
                          "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2004-02-19 10:07 147514]
                          "McAfeeFireTray"="C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe" [2006-07-20 14:21 655427]
                          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-21 16:39 185896]
                          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
                          "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
                          "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
                          "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]

                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

                          C:\Documents and Settings\WesselBoer\Menu Start\Programma's\Opstarten\
                          Anubis P2P.lnk - C:\Program Files\Media search tools\Anubis P2P\Anubis.exe [2007-07-30 10:34:06 2438656]
                          IMsecure.lnk - C:\Program Files\Virus Detectors\IMsecure\IMsecure.exe [2008-03-02 09:57:12 746760]

                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                          "EnableFirewall"= 0 (0x0)

                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                          "%windir%\\system32\\sessmgr.exe"=
                          "C:\\Program Files\\Media search tools\\LimeWire\\LimeWire.exe"=
                          "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
                          "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
                          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

                          R2 DPortIO;Dritek Port I/O Driver;C:\WINDOWS\system32\Drivers\DPortIO.sys [2001-04-12 15:04]
                          R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-09-17 15:12]
                          S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\System32\ASNDIS5.SYS [2002-09-09 18:54]

                          .
                          **************************************************************************

                          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2008-03-04 22:00:38
                          Windows 5.1.2600 Service Pack 2 NTFS

                          scannen van verborgen processen ...

                          scannen van verborgen autostart items ...

                          scannen van verborgen bestanden ...

                          Scan succesvol afgerond
                          verborgen bestanden: 0

                          **************************************************************************
                          .
                          --------------------- DLLs Geladen Onder Lopende Processen ---------------------

                          PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
                          -> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
                          .
                          Voltooingstijd: 2008-03-04 22:01:24
                          ComboFix-quarantined-files.txt 2008-03-04 21:01:22
                          ComboFix2.txt 2008-03-03 19:55:21
                          .
                          2008-02-13 21:00:56 --- E O F ---

                          Comment


                          • #14
                            Probleem nu opgelost?

                            Comment


                            • #15
                              ja volgens mij wel, ik heb geen pop-ups meer tijdens het opstarten hardstikke bedankt hoor .
                              Last edited by Steggel; 05-03-08, 17:33.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X