Mededeling

Collapse
No announcement yet.

Infected by unkown trojan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Infected by unkown trojan

    Heb al een aantal treads doorgelezen maar blijf de onderstaande melding houden:

    Your computer was infected by unkown trojan. It's dangerous for your system..enz enz.

    Hierbij de log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:46:26, on 31-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\WINDOWS\Explorer.EXE
    G:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    G:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    G:\Program Files\Winamp\winampa.exe
    G:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    G:\Program Files\QuickTime\qttask.exe
    G:\WINDOWS\System32\ShellExt\mncntray.exe
    G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    G:\WINDOWS\ATKKBService.exe
    G:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    G:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    G:\WINDOWS\System32\drivers\CDAC11BA.EXE
    G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    G:\Program Files\Eset\nod32krn.exe
    G:\Program Files\Eset\nod32kui.exe
    G:\WINDOWS\system32\RUNDLL32.EXE
    G:\Program Files\Spyware Doctor\pctsTray.exe
    G:\WINDOWS\system32\nvsvc32.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\MSN Messenger\msnmsgr.exe
    G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    G:\WINDOWS\System32\svchost.exe
    G:\Program Files\DAEMON Tools Lite\daemon.exe
    G:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    G:\WINDOWS\system32\wscntfy.exe
    G:\Program Files\MSN Messenger\usnsvc.exe
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\Documents and Settings\WJ\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Media Player Codec - {8B65F8A9-BAD5-4261-BB6F-25B2020C3098} - G:\WINDOWS\dsaip32b.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [WinampAgent] G:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Smapp] G:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MNCN USB] G:\WINDOWS\System32\ShellExt\mncntray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] G:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "G:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISTray] "G:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [AdobeUpdater] G:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Ralink Wireless Utility.lnk = G:\Program Files\RALINK\Common\RaUI.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Append to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: g:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - G:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - G:\WINDOWS\ATKKBService.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - G:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - G:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - G:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    --
    End of file - 10122 bytes

  • #2
    Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: Media Player Codec - {8B65F8A9-BAD5-4261-BB6F-25B2020C3098} - G:\WINDOWS\dsaip32b.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O20 - Winlogon Notify: AutorunsDisabled - G:\WINDOWS\
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

    Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

    Herstart je PC.

    Download MBAM (Malwarebytes' Anti-Malware) via hier of hier.
    • Dubbelklik op mbam-setup.exe om het programma te installeren.
      • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
      • Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
      • Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
      • De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
      • Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

      Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
      Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.


    Plaats ook een nieuw Hijackthis logje.
    Nog problemen?
    Groet,
    Pimmerd

    Comment


    • #3
      Probleem lijkt te zijn verholpen . In ieder geval na 5 a 10 min. intensief gebruik van IE7 en windows verkenner is de popup niet meer langs gekomen. Ook de zoekresultaten bij Google zien er weer normaal uit.

      Dank U voor de snelle reactie en oplossing!


      MBAM LOG:

      Malwarebytes' Anti-Malware 1.09
      Database versie: 573

      Scan type: Snelle Scan
      Objecten gescand: 46276
      Verstreken tijd: 9 minute(s), 5 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 0
      Registersleutels geïnfecteerd: 2
      Registerwaarden geïnfecteerd: 0
      Registerdata bestanden geïnfecteerd: 0
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 1

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\dsaip32b.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dsaip32b.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Registerdata bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      G:\WINDOWS\IE4 Error Log.txt (Malware.Trace) -> Quarantined and deleted successfully.

      HijackThis LOG:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:21:55, on 31-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      G:\WINDOWS\System32\smss.exe
      G:\WINDOWS\system32\winlogon.exe
      G:\WINDOWS\system32\services.exe
      G:\WINDOWS\system32\lsass.exe
      G:\WINDOWS\system32\svchost.exe
      G:\WINDOWS\System32\svchost.exe
      G:\WINDOWS\system32\spoolsv.exe
      G:\WINDOWS\Explorer.EXE
      G:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
      G:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
      G:\WINDOWS\ATKKBService.exe
      G:\WINDOWS\System32\drivers\CDAC11BA.EXE
      G:\Program Files\Eset\nod32krn.exe
      G:\WINDOWS\system32\nvsvc32.exe
      G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      G:\WINDOWS\System32\svchost.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      G:\Program Files\Winamp\winampa.exe
      G:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      G:\Program Files\QuickTime\qttask.exe
      G:\WINDOWS\System32\ShellExt\mncntray.exe
      G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      G:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
      G:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
      G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
      G:\Program Files\Eset\nod32kui.exe
      G:\WINDOWS\system32\RUNDLL32.EXE
      G:\Program Files\Spyware Doctor\pctsTray.exe
      G:\WINDOWS\system32\ctfmon.exe
      G:\Program Files\MSN Messenger\msnmsgr.exe
      G:\Program Files\DAEMON Tools Lite\daemon.exe
      G:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      G:\Program Files\RALINK\Common\RaUI.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
      G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      G:\WINDOWS\system32\wuauclt.exe
      G:\Program Files\Mozilla Firefox\firefox.exe
      G:\WINDOWS\system32\WgaTray.exe
      G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      G:\WINDOWS\system32\NOTEPAD.EXE
      G:\Program Files\Internet Explorer\IEXPLORE.EXE
      G:\Documents and Settings\WJ\Bureaublad\HiJackThis.exe

      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar2.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [anvshell] anvshell.exe
      O4 - HKLM\..\Run: [WinampAgent] G:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Smapp] G:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [MNCN USB] G:\WINDOWS\System32\ShellExt\mncntray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [TrueImageMonitor.exe] G:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
      O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "G:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [ISTray] "G:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = G:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: AutorunsDisabled
      O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Ralink Wireless Utility.lnk = G:\Program Files\RALINK\Common\RaUI.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: Append to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: g:\windows\system32\nwprovau.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - G:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - G:\WINDOWS\ATKKBService.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - G:\WINDOWS\System32\drivers\CDAC11BA.EXE
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Macromedia Licensing Service - Unknown owner - G:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - G:\Program Files\Intel\NCS\Sync\NetSvc.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\Eset\nod32krn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
      O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - G:\WINDOWS\System32\TuneUpDefragService.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

      --
      End of file - 10140 bytes

      Comment


      • #4
        Ziet er inderdaad weer goed uit

        Fix onderstaande regel met Hijackthis:
        O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

        * Clean de Cache and Cookies in IE:

        * Sluit Internet Explorer.
        * Ga naar Configuratiescherm > Internet Opties > tab Algemeen
        * Klik de Cookies verwijderen knop
        * Klik op de Bestanden verwijderen knop ernaast
        * Vink aan: Ook alle off line items verwijderen, klik OK

        * Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

        * Go to Extra > Opties.
        * Klik Privacy in het menu.
        * Klik op de knop wissen (Geschiedenis, Cookies, Cache).
        * Klik OK om het venster opnieuw te sluiten.

        * Clean andere Temporary files + Prullenbak

        * Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
        * Laat het je systeem scannen op bestanden die moeten verwijderd worden
        * Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
        * Klik daarna op OK.


        Nog problemen?
        Groet,
        Pimmerd

        Comment


        • #5
          Nee geen problemen meer.

          Comment


          • #6
            Gelukkig maar
            Groet,
            Pimmerd

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X