Archief - browser crashed bij bepaalde lettercombinatie in url

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
h

highsk8

Legacy Member
Hallo iedereen,

Mijn browser (FF / GC) crashed wanner de lettercombinatie "nod" in de url-balk verschijnt.
Dus bij elk url of google/youtube/wiki zoekopdracht waar "nod" in voorkomt sluit die af, gewoon, poef, weg, zonder errorreport of iet...

Al lang sluit mijn browser soms zonder reden af op bepaalde pagina's.
Dacht toen dat er gewoon een conflict was tussen die paginas en mijn pc en hechte er niet veel belang aan, toen ik echter een hotlink op wiki naar krasnodar wou volgen crashte men browser weer, toen google geprobeerd, weer gecrashed, dan altavista, etc.
Dacht al even dat het een complot was, tot ik ontdekte dat het enkel aan de lettercombinatie "nod" lag... :p

Pc herstarten heb ik al geprobeerd...
Iemand nog suggesties?
E

Exit

Legacy Member
wrs een virus/spyware die de pc 'beveiligd' tegen het zoeken naar de virusscanner om zichzelf te beschermen
(van zodra die deze term in het geheugen tegenkomt of zoekvensters enzo het laat crashen)

post eens een hijackthis logje
h

highsk8

Legacy Member
Ok, blijkbaar kan hem ook niet tegen hijackthis.
Kan er niet naar zoeken en ook niet het subforum erover openen.
Zal eens in safe mode proberen (dak daar nog ni aan gedacht heb :p)
Maar da begint wel serieus naar een virus te ruiken, zal formatje worden :(

Welke veiligheidsmaatregelen pak ik best tussen nu en mijn format? (moet nog redelijk wat files backuppen)

EDIT:
Firefox in safemode opstarten haalt niets uit en systeem in safemode opstarten blijkbaar ook niet.
Ben nu in safemode met netwerkmogelijkheden.
Gelukkig had ik nog de install van a-squared hijackfree 3.1 staan.
Deze geïnstalleerd en ik denk dat dit het logje is dat jullie nodig hebben?
http://analyze.hijackfree.com/analyze/?id=88400fe8-d0f5-4896-bf17-a32ac84c8d86
(gelukkig kan crashed hij niet bij "hijackfree") :p
Owja, deze log is gemaakt in safe mode met netwerkmogelijkheden, weet niet of dat uitmaakt?

Het is wel mijn schuld hoor, wou deze pc perfect in form houden, en gebruikte als gids the tweaking guide companion (xp)
http://www.tweakguides.com/TGTC.html
Maar voor 1 of andere reden was ik meer bezig met herstelpunten dan wat anders, blijkbaar reageert mijn pc niet goed op antivirussen en firewalls, was het even beu dus ben ik met enkel windows firewall het i-net op getrokken en heb geprobeerd gewoon mijn ogen wat open te houden en foute sites en software te vermijden.
Maar dit moest vroeg of laat gebeuren.

Maar alvast enorm veel dank aan ieder die hier helpt, alle tips zijn welkom!!!
E

Exit

Legacy Member
virusscanners moogt ge maar 1 per pc installeren om geen problemen te krijgen
is er een scanner geinstalleerd?

probeer eens malwarebytes te downen, installen en scannen
anders zal ik eventueel eens wat files uploaden en andere naam geven zodat ge het kunt downen

en post eens de inhoud van die log gewoon in de thread hier
h

highsk8

Legacy Member
Heb geen antivir atm.
Heb wel de installs van ad-aware, avg en zonealarm staan.
Dat zijn de progs die ik gebruikte maar voor fouten zorgde, heb ook al andere combos geprobeerd (niet zo heel veel) maar er waren toch steeds fouten.

Het dowloaden en installeren van malwarebytes is gelukt en is atm aan full system scan bezig.
Al 11 infected files :o

Ach, binnekort nog is format en nog eens proberen men pc goed beveiligt te krijgen.
Toevallig een suggestie voor een combo aan progs?
Eventueel betaald, maar liefst niet te veel want heb het al niet te breed ;)

hier nog de Hijack this log:
Version info: Result ToDo
Bad
Your used version of Emsisoft HiJackFree: 3.1.0.22
The current version of Emsisoft HiJackFree: 4.0.0.29
Please download the latest version of Emsisoft HiJackFree!
Good
Your used operating system version: Windows XP Service Pack 3
The current version of your operating system: Windows XP Service Pack 3

Registry Autoruns: Result ToDo
Good
Name: IMJPMIG8.1
Path: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Good
Name: MSPY2002
Path: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Good
Name: PHIME2002ASync
Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Good
Name: PHIME2002A
Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Good
Name: StartCCC
Path: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Good
Name: RTHDCPL
Path: RTHDCPL.EXE
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Good
Name: Adobe Reader Speed Launcher
Path: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 5 - Bad: 0
View Details
Good
Name: Adobe ARM
Path: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Not Sure - may be bad
Name: QuickTime Task
Path: C:\Program Files\QuickTime\qttask.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 4
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Not Sure - may be bad
Name: MSConfig
Path: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 17
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Good
Name: AlcoholAutomount
Path: C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Not Sure - may be bad
Name: ctfmon.exe
Path: C:\WINDOWS\system32\ctfmon.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 4 - Bad: 10
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Not Sure - may be bad
Name: Google Update
Path: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Tricky and Other Autoruns: Result ToDo
Unknown - may be bad
Name: shell
Path: Explorer.exe
Location: system.ini
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SET BLASTER
Path: A220 I5 D1 P330 T3
Location: autoexec.nt
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: dos
Path: high, umb
Location: config.nt
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: device
Path: %SystemRoot%\system32\himem.sys
Location: config.nt
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: files
Path: 40
Location: config.nt
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Ad-Aware Update (Weekly)
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: GoogleUpdateTaskUserS-1-5-21-583907252-1644491937-1801674531-1003Core
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: GoogleUpdateTaskUserS-1-5-21-583907252-1644491937-1801674531-1003UA
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SA
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: CTFMON.EXE
Path: C:\WINDOWS\system32\CTFMON.EXE
Location: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Shell
Path: Explorer.exe
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: $GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: $GT;{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\WINDOWS\system32\shmgrate.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: $GT;{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: C:\WINDOWS\system32\shmgrate.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: C:\WINDOWS\system32\regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: C:\Program Files\Outlook Express\setup50.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Path: rundll32.exe advpack.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {4b218e3e-bc98-4770-93d3-2731b9329278}
Path: C:\WINDOWS\System32\rundll32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: C:\Program Files\Outlook Express\setup50.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\WINDOWS\system32\Rundll32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: VBScript Script File
Path: C:\WINDOWS\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: VBScript Encoded Script File
Path: C:\WINDOWS\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: JScript Script File
Path: C:\WINDOWS\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: JScript Encoded Script File
Path: C:\WINDOWS\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Windows Script Host Settings File
Path: C:\WINDOWS\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Windows Script File
Path: C:\WINDOWS\System32\WScript.exe
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Application
Path: %1
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MS-DOS Application
Path: %1
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: MS-DOS Batch File
Path: %1
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Screen Saver
Path: %1
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: Shortcut to MS-DOS Program
Path: %1
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: PostBootReminder
Path: C:\WINDOWS\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: CDBurn
Path: C:\WINDOWS\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: WebCheck
Path: C:\WINDOWS\system32\webcheck.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Unknown - may be bad
Name: SysTray
Path: C:\WINDOWS\system32\stobject.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Good
Name: mswsock.dll
Path: %SystemRoot%\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Good
Name: rsvpsp.dll
Path: %SystemRoot%\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Explorer And Browser Addons: Result ToDo
Unknown - may be bad
Name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Unknown - may be bad
Name: ALO
Path: C:\WINDOWS\system32\lastmon.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {506CD401-5203-4B27-BB5A-03C97758FD02}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Unknown - may be bad
Name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\jp2ssv.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Unknown - may be bad
Name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Unknown - may be bad
Name: URL Exec Hook
Path: shell32.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Local Open Ports: Result ToDo
Good
Port: 135 TCP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1000)
Good: 1 - Bad: 0
View Details
Good
Port: 139 TCP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Good
Port: 445 TCP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Unknown - may be bad
Port: 1128 TCP
Path: \??\C:\WINDOWS\system32\winlogon.exe (Process ID: 684)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Good
Port: 137 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Good
Port: 138 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Good
Port: 445 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Unknown - may be bad
Port: 1028 UDP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1176)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Good
Port: 1034 UDP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1176)
Good: 1 - Bad: 0
View Details
Good
Port: 1035 UDP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1176)
Good: 1 - Bad: 0
View Details
Running Processes: Result ToDo

Kan het hijackthis subforum niet openen dus weet wel niet wat de gebruikelijke vorm is om het te posten...

Groet!

Edit:
Waarschijnlijk wil je het op deze manier:
Logfile of HiJackFree v3.0
Scan saved at 20:12:44, on 31/07/2010
Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 6.0 Service Pack 3 (6.0.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ALO - {506CD401-5203-4B27-BB5A-03C97758FD02} - C:\WINDOWS\system32\lastmon.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O7 - Regedit - Enabled
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: bcdfdbaaccbfc - C:\WINDOWS\system32\bcdfdbaaccbfc.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O21 - ShellServiceObjectDelayLoad: PostBootReminder -
O21 - ShellServiceObjectDelayLoad: CDBurn -
O21 - ShellServiceObjectDelayLoad: WebCheck -
O21 - ShellServiceObjectDelayLoad: SysTray -
O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe
O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe
O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe
O23 - Service: Canon Camera Access Library 8 - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Cryptographic Services - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost
O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wired AutoConfig - C:\WINDOWS\System32\svchost.exe
O23 - Service: Extensible Authentication Protocol Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe
O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe
O23 - Service: Human Interface Device Access - C:\WINDOWS\System32\svchost.exe
O23 - Service: Health Key and Certificate Management Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Server - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe
O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe
O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Registry - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
O23 - Service: SiSoftware Deployment Agent Service - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2010c\RpcAgentSrv.exe
O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\system32\svchost.exe
O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe
O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: StarWind AE Service - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe
O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe
E

Exit

Legacy Member
wacht die scan van malwarebytes af en post dan nog eens een logje en test of het probleem er nog is
en die 2de log is inderdaad de manier waarop het gemakkelijk overlopen is
h

highsk8

Legacy Member
Ach ik zie het al, tis goe omzeep hier :p

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4374

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

31/07/2010 22:06:41
mbam-log-2010-07-31 (22-06-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 362734
Time elapsed: 1 hour(s), 40 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\bcdfdbaaccbfc.dll (Worm.AutoRun) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bcdfdbaaccbfc (Worm.AutoRun) -> No action taken.
HKEY_CLASSES_ROOT\apar (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ae17dd77-e0f3-44dd-8cba-1ebce6b5ed55} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4cbcc4e2-073c-4109-a719-458d8cf9900e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{506cd401-5203-4b27-bb5a-03c97758fd02} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{506cd401-5203-4b27-bb5a-03c97758fd02} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{506cd401-5203-4b27-bb5a-03c97758fd02} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\parttimeb (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bcdfdbaaccbfc.dll (Worm.AutoRun) -> No action taken.
C:\WINDOWS\system32\lastmon.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8XE7GXU3\u822[1].ini (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GH2FWP67\u684[1].ini (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\SPMF4LQR\u834[1].ini (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP103\A0049702.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP42\A0011150.dll (Worm.AutoRun) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP46\A0017777.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP48\A0020159.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP55\A0021254.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP57\A0021403.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP61\A0029607.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP62\A0030623.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP67\A0036532.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP81\A0041482.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{D231EC31-072F-4908-861A-72424B4819AE}\RP82\A0041536.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\notify.log (Extension.Mismatch) -> No action taken.

Mag ik die dingen gewoon verwijderen?

Anyway, backup -> format -> security
En als ik weer van die gekke probs hem met men virus/spywarescanner of firewall kom ik hier nog wel eens langs ipv zonder zonder die dingen het internet op te gaan. :)
Wist wel al langer dat dat slecht zou aflopen, maar ongeduld en frustratie worden me snel te veel...

Bedankt voor de hulp!
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan