Volledige versie bekijken : Trage Pc/virus
Gangsta007 15 June 2009, 19:36 Hoi
Reden dat ik dit logje plaats is omdat mijn pc de laatste dagen ontzettend traag werkt in vergelijking met pakweg een paar weken geleden.
Sinds eergisteren wordt mijn AVG 8.5 overstelpt met meldingen van een virus Win32/Heur. Na het scannen verwijder ik dit en start ik mijn pc opnieuw op, zoals AVG aangeeft. Wederom na enkele minuten krijg ik weer de meldingen van AVG i.v.m hetzelfde virus.
Verder heb ik al gescand met A-Squared en toch ook maar eens Ad-Aware. Beiden hebben niets anders gevonden...
Als er iemand eens zou kunnen checken of er iets mis is want ik heb een sterk vermoeden van wel.
Alvast bedankt!
Hier het logje
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:30, on 15/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\MSI\US54SE_Utility\ZDWlan.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {151508A4-7BF5-4F3B-9BC8-0A5666FA13F4} - C:\WINDOWS\system32\szzqlaim.dll
O2 - BHO: (no name) - {15A3BC8A-F800-4C86-AC6D-1C6304646A45} - c:\windows\system32\zafcbrj.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MSI US54SE 802.11b+g USB Stick Utility.lnk = C:\Program Files\MSI\US54SE_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167497494687
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: lmudsuzs - C:\WINDOWS\SYSTEM32\zafcbrj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10742 bytes
Roelof 16 June 2009, 20:06 Hoi,
Je hebt inderdaad nog een virus.
Wil je de volgende stappen nemen om het virus te verwijderen.
1) De eerste stap is om Ad-watch van Ad-aware even stop te zetten omdat dit programma anders de veranderingen tegenhoudt die je wilt maken om de malware te verwijderen.
Neem daarvoor de volgende stappen :
Open Ad-Aware SE en ga naar de optie AdWatch.
(of rechtsklik op het Ad-Watch-icoontje rechtsonder in de systeembalk op je Bureaublad.)
Ga naar instellingen en voorkeuren.
Onderaan in het venster zal je zien: Actief en Automatisch.
Vink beiden uit.
2) Teatimer van Spybot is actief, deze kan de fix hinderen dus schakelen we deze tijdelijk uit.
- Start Spybot
- Ga naar Mode > selecteer Advanced Mode
- Ga naar Tools en klik op het Resident-icoon in de lijst
- Haal het vinkje weg bij Resident TeaTimer en klik OK
- Herstart de computer
- Download vervolgens ResetTeaTimer.bat (http://downloads.subratam.org/ResetTeaTimer.bat) naar je Bureaublad.
Dubbelklik opResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
3) Start HijackThis op.
- Kies nu voor "Do a system scan only..
- Zet nu een vinkje voor de volgende items:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {151508A4-7BF5-4F3B-9BC8-0A5666FA13F4} - C:\WINDOWS\system32\szzqlaim.dll
O2 - BHO: (no name) - {15A3BC8A-F800-4C86-AC6D-1C6304646A45} - c:\windows\system32\zafcbrj.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O20 - Winlogon Notify: lmudsuzs - C:\WINDOWS\SYSTEM32\zafcbrj.dll
- Sluit nu alle vensters behalve die van HijackThis en kies nu voor "fix checked".
4) Herstart je computer.
5) Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Post dit logje in je volgende reactie.
6) Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.
Groetjes,
Roelof
Gangsta007 16 June 2009, 22:34 Hoi.
Allereerst bedankt voor je reactie !
Dan volgt hier het mbam-logje...
Malwarebytes' Anti-Malware 1.37
Database versie: 2289
Windows 5.1.2600 Service Pack 3
16/06/2009 22:05:30
mbam-log-2009-06-16 (22-05-30).txt
Scan type: Snelle Scan
Objecten gescand: 100251
Verstreken tijd: 5 minute(s), 59 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 7
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 4
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{15a3bc8a-f800-4c86-ac6d-1c6304646a45} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lmudsuzs (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{15a3bc8a-f800-4c86-ac6d-1c6304646a45} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u uigqbbm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\u uigqbbm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\uuigqbbm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{15a3bc8a-f800-4c86-ac6d-1c6304646a45} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
c:\WINDOWS\system32\zafcbrj.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\szzqlaim.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\hniaeuo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\drivers\SKYNETxrtcoxie.sys (Trojan.Agent) -> Quarantined and deleted successfully.
En dan nu de ComboFix log... een hele brok weliswaar.
ComboFix 09-06-16.01 - Pc 16/06/2009 22:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1501 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Pc\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\NetworkService\Application Data\xzsmqyuq
c:\documents and settings\NetworkService\Local Settings\Application Data\xzsmqyuq
c:\documents and settings\Pc\Application Data\xzsmqyuq
c:\documents and settings\Pc\Local Settings\Application Data\xzsmqyuq
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\profiles.ini
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\cert8.db
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\compatibil ity.ini
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\compreg.da t
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\cookies.sq lite
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\key3.db
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\permission s.sqlite
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\places.sql ite
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\pluginreg. dat
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\prefs.js
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\secmod.db
c:\documents and settings\NetworkService\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\xpti.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\urlclassif ier3.sqlite
c:\documents and settings\NetworkService\Local Settings\Application Data\xzsmqyuq\Profiles\4s7pwfpc.default\XPC.mfl
c:\documents and settings\Pc\Application Data\xzsmqyuq\profiles.ini
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\cert8.db
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\compatibil ity.ini
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\compreg.da t
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\cookies.sq lite
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\key3.db
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\permission s.sqlite
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\places.sql ite
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\places.sql ite-journal
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\pluginreg. dat
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\prefs.js
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\secmod.db
c:\documents and settings\Pc\Application Data\xzsmqyuq\Profiles\itpyct24.default\xpti.dat
c:\documents and settings\Pc\Local Settings\Application Data\xzsmqyuq\Profiles\itpyct24.default\urlclassif ier3.sqlite
c:\documents and settings\Pc\Local Settings\Application Data\xzsmqyuq\Profiles\itpyct24.default\XPC.mfl
c:\windows\system32\drivers\pqgpzqim.sys . . . . konden niet verwijderd worden
c:\windows\system32\drivers\qqesjddq.sys . . . . konden niet verwijderd worden
c:\windows\system32\hniaeuo.dll . . . . konden niet verwijderd worden
c:\windows\system32\kungsfmrvdyfdx.dat
c:\windows\system32\szzqlaim.dll . . . . konden niet verwijderd worden
c:\windows\system32\zafcbrj.dll . . . . konden niet verwijderd worden
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PQGPZQIM
-------\Service_kungsfntfgmcqa
-------\Service_pqgpzqim
-------\Service_SKYNETdmdipysc
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-16 to 2009-06-16 ))))))))))))))))))))))))))))))
.
2009-06-16 19:57 . 2009-06-16 19:57 -------- d-----w- c:\documents and settings\Pc\Application Data\Malwarebytes
2009-06-16 19:57 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 19:57 . 2009-06-16 19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 19:57 . 2009-06-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 19:57 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 12:42 . 2009-06-16 12:42 -------- d-----w- c:\documents and settings\Pc\Application Data\Xerox
2009-06-16 12:42 . 2001-09-06 19:27 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-06-16 12:42 . 2001-09-06 19:27 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-06-16 12:42 . 2001-09-06 19:27 23040 ----a-w- c:\windows\system32\xrxwbtmp.dll
2009-06-16 12:42 . 2001-09-06 19:27 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-06-16 12:42 . 2008-04-14 17:02 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-06-16 12:42 . 2008-04-14 17:02 116736 ----a-w- c:\windows\system32\xrxwiadr.dll
2009-06-16 12:42 . 2001-09-06 18:47 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-16 12:42 . 2001-09-06 18:47 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-06-16 12:42 . 2008-04-14 17:02 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-06-16 12:42 . 2008-04-14 17:02 18944 ----a-w- c:\windows\system32\xrxscnui.dll
2009-06-16 12:35 . 2009-06-16 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-16 10:25 . 2009-06-16 19:38 -------- d--h--r- c:\documents and settings\Pc\Onlangs geopend
2009-06-15 17:22 . 2009-06-15 17:22 -------- d-----w- c:\program files\Trend Micro
2009-06-15 14:23 . 2009-06-15 13:32 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-15 13:50 . 2009-06-15 13:50 -------- d-----w- c:\documents and settings\Pc\Application Data\Thinstall
2009-06-15 13:33 . 2009-06-15 13:32 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-15 13:26 . 2009-06-15 13:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-15 13:26 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-15 13:26 . 2009-06-15 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-05 22:01 . 2009-06-05 22:01 47124 ----a-w- c:\documents and settings\Pc\Local Settings\Application Data\prvlcl.dat
2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\documents and settings\Pc\Application Data\iolo
2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-16 20:24 . 2006-12-30 17:35 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-16 20:21 . 2006-03-02 12:00 23424 ----a-w- c:\windows\system32\drivers\qqesjddq.sys
2009-06-16 19:41 . 2008-09-14 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-16 19:40 . 2007-05-09 10:34 10047686 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-06-16 19:31 . 2006-12-30 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-16 17:26 . 2009-03-05 20:27 -------- d-----w- c:\program files\a-squared Free
2009-06-16 05:46 . 2009-03-30 19:36 -------- d-----w- c:\documents and settings\Pc\Application Data\DNA
2009-06-16 05:07 . 2009-03-30 19:36 -------- d-----w- c:\program files\DNA
2009-06-15 21:02 . 2008-11-16 17:22 -------- d-----w- c:\program files\Steam
2009-06-15 20:03 . 2009-03-28 16:59 -------- d-----w- c:\documents and settings\Pc\Application Data\mIRC
2009-06-15 19:18 . 2009-03-28 16:59 -------- d-----w- c:\program files\mIRC
2009-06-15 13:26 . 2006-12-30 20:15 -------- d-----w- c:\program files\Lavasoft
2009-06-15 13:01 . 2006-12-30 20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-15 12:55 . 2008-10-20 14:47 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-06-14 21:29 . 2008-10-20 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 16:34 . 2008-06-07 14:48 -------- d-----w- c:\program files\SwiftKit
2009-06-10 20:06 . 2009-06-10 20:07 1565184 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-01 20:36 . 2008-01-19 15:19 138512 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-01 20:36 . 2008-01-19 15:19 201440 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-07 15:34 . 2006-03-02 12:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 15:12 . 2009-01-16 12:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 15:12 . 2009-01-16 12:39 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-04 15:12 . 2009-01-16 12:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 15:12 . 2009-03-25 22:43 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-03 17:48 . 2009-03-30 19:36 -------- d-----w- c:\documents and settings\Pc\Application Data\BitTorrent
2009-04-29 04:49 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 12:57 . 2007-03-09 21:08 -------- d-----w- c:\documents and settings\Pc\Application Data\Ventrilo
2009-04-24 12:45 . 2009-04-24 12:45 -------- d-----w- c:\program files\Ventrilo
2009-04-24 12:44 . 2009-04-24 12:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w- c:\program files\AskBarDis
2009-04-20 16:21 . 2009-04-20 16:21 0 ----a-w- C:\XES4.tmp
2009-04-20 16:21 . 2009-04-20 16:21 0 ----a-w- C:\XES2.tmp
2009-04-19 19:51 . 2006-03-02 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 20:10 . 2006-03-02 12:00 92052 ----a-w- c:\windows\system32\perfc013.dat
2009-04-16 20:10 . 2006-03-02 12:00 512410 ----a-w- c:\windows\system32\perfh013.dat
2009-04-15 14:55 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 12:13 . 2008-07-01 12:21 34 ----a-w- c:\documents and settings\Pc\jagex_runescape_preferences.dat
2009-04-09 09:17 . 2006-12-30 10:53 70392 ----a-w- c:\documents and settings\Pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 20:17 . 2009-04-02 20:17 50938 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_47_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 50536 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_45_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 45728 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_28_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 44959 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_26_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 46092 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_22_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 45184 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_14_small.dmp.zip
2009-03-31 19:48 . 2009-03-31 19:48 152576 ----a-w- c:\documents and settings\Pc\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-10-19 18:34 . 2008-10-19 18:34 80773 -c--a-w- c:\program files\MS_Office_2007_Enterprise_EN_ES_DE_IT_NL_PL_ PT___ISO_rar.torrent
2007-08-05 12:41 . 2007-08-05 12:47 31341447 ----a-w- c:\program files\GC2GoldDemo_setup.exe
2007-03-28 20:40 . 2007-03-28 20:40 1395712 ----a-w- c:\program files\SteamInstall.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7618560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-08-24 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
MSI US54SE 802.11b+g USB Stick Utility.lnk - c:\program files\MSI\US54SE_Utility\ZDWlan.exe [2007-7-29 483328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 15:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Aoe\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\simon_standard_liege\\cou nter-strike\\hl.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15/06/2009 15:33 64160]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29/07/2004 4:33 138780]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/01/2009 14:39 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/03/2009 0:43 108552]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIM ount.sys [29/07/2004 5:13 46779]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/03/2009 0:43 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/01/2009 14:39 298776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/03/2009 21:06 1005904]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [29/07/2007 19:56 20608]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [28/09/2008 20:04 33752]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - PQGPZQIM
*Deregistered* - pqgpzqim
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uuigqbbm
.
Inhoud van de 'Gedeelde Taken' map
2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:32]
2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]
2009-06-05 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-06-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 22:24
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ�•€|ù•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(5324)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\gearsec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\WGATray.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CF31093.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Mozilla Firefox\firefox.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-06-16 22:28 - machine werd herstart
ComboFix-quarantined-files.txt 2009-06-16 20:28
Pre-Run: 53.055.258.624 bytes beschikbaar
Post-Run: 53.053.239.296 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
292 --- E O F --- 2009-06-14 21:29
Groetjes,
Gangsta
Roelof 17 June 2009, 08:03 Hoi Gangsta,
Wil je je computer eens herstarten en daarna Combofix nog een keer laten scannen.
Roelof
Gangsta007 17 June 2009, 13:23 Hoi Roelof
Hier het nieuwe logje van ComboFix...
Verder loopt hij nog altijd redelijk traag, vooral bij het opstarten.
Kan ik stellen dat ik van dat virus verlost ben, of toch nog niet?
ComboFix 09-06-16.05 - Pc 17/06/2009 12:55.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1497 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Pc\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\qqesjddq.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-05-17 to 2009-06-17 ))))))))))))))))))))))))))))))
.
2009-06-16 21:40 . 2009-06-16 21:41 -------- d--h--r- c:\documents and settings\Pc\Onlangs geopend
2009-06-16 19:57 . 2009-06-16 19:57 -------- d-----w- c:\documents and settings\Pc\Application Data\Malwarebytes
2009-06-16 19:57 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 19:57 . 2009-06-16 19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 19:57 . 2009-06-16 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-16 19:57 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 12:42 . 2009-06-16 12:42 -------- d-----w- c:\documents and settings\Pc\Application Data\Xerox
2009-06-16 12:42 . 2001-09-06 19:27 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-06-16 12:42 . 2001-09-06 19:27 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-06-16 12:42 . 2001-09-06 19:27 23040 ----a-w- c:\windows\system32\xrxwbtmp.dll
2009-06-16 12:42 . 2001-09-06 19:27 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-06-16 12:42 . 2008-04-14 17:02 116736 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-06-16 12:42 . 2008-04-14 17:02 116736 ----a-w- c:\windows\system32\xrxwiadr.dll
2009-06-16 12:42 . 2001-09-06 18:47 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-16 12:42 . 2001-09-06 18:47 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-06-16 12:42 . 2008-04-14 17:02 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-06-16 12:42 . 2008-04-14 17:02 18944 ----a-w- c:\windows\system32\xrxscnui.dll
2009-06-16 12:35 . 2009-06-16 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-15 17:22 . 2009-06-15 17:22 -------- d-----w- c:\program files\Trend Micro
2009-06-15 14:23 . 2009-06-15 13:32 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-15 13:50 . 2009-06-15 13:50 -------- d-----w- c:\documents and settings\Pc\Application Data\Thinstall
2009-06-15 13:33 . 2009-06-15 13:32 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-15 13:26 . 2009-06-15 13:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-15 13:26 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-15 13:26 . 2009-06-15 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-05 22:01 . 2009-06-05 22:01 47124 ----a-w- c:\documents and settings\Pc\Local Settings\Application Data\prvlcl.dat
2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\documents and settings\Pc\Application Data\iolo
2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-17 10:39 . 2006-12-30 17:35 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-16 21:40 . 2006-12-30 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-16 19:41 . 2008-09-14 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-16 19:40 . 2007-05-09 10:34 10047686 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-06-16 17:26 . 2009-03-05 20:27 -------- d-----w- c:\program files\a-squared Free
2009-06-16 05:46 . 2009-03-30 19:36 -------- d-----w- c:\documents and settings\Pc\Application Data\DNA
2009-06-16 05:07 . 2009-03-30 19:36 -------- d-----w- c:\program files\DNA
2009-06-15 21:02 . 2008-11-16 17:22 -------- d-----w- c:\program files\Steam
2009-06-15 20:03 . 2009-03-28 16:59 -------- d-----w- c:\documents and settings\Pc\Application Data\mIRC
2009-06-15 19:18 . 2009-03-28 16:59 -------- d-----w- c:\program files\mIRC
2009-06-15 13:26 . 2006-12-30 20:15 -------- d-----w- c:\program files\Lavasoft
2009-06-15 13:01 . 2006-12-30 20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-15 12:55 . 2008-10-20 14:47 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-06-14 21:29 . 2008-10-20 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 16:34 . 2008-06-07 14:48 -------- d-----w- c:\program files\SwiftKit
2009-06-10 20:06 . 2009-06-10 20:07 1565184 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-01 20:36 . 2008-01-19 15:19 138512 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-01 20:36 . 2008-01-19 15:19 201440 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-07 15:34 . 2006-03-02 12:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 15:12 . 2009-01-16 12:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 15:12 . 2009-01-16 12:39 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-04 15:12 . 2009-01-16 12:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 15:12 . 2009-03-25 22:43 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-03 17:48 . 2009-03-30 19:36 -------- d-----w- c:\documents and settings\Pc\Application Data\BitTorrent
2009-04-29 04:49 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:49 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 12:57 . 2007-03-09 21:08 -------- d-----w- c:\documents and settings\Pc\Application Data\Ventrilo
2009-04-24 12:45 . 2009-04-24 12:45 -------- d-----w- c:\program files\Ventrilo
2009-04-24 12:44 . 2009-04-24 12:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-20 16:24 . 2009-04-20 16:24 -------- d-----w- c:\program files\AskBarDis
2009-04-20 16:21 . 2009-04-20 16:21 0 ----a-w- C:\XES4.tmp
2009-04-20 16:21 . 2009-04-20 16:21 0 ----a-w- C:\XES2.tmp
2009-04-19 19:51 . 2006-03-02 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 20:10 . 2006-03-02 12:00 92052 ----a-w- c:\windows\system32\perfc013.dat
2009-04-16 20:10 . 2006-03-02 12:00 512410 ----a-w- c:\windows\system32\perfh013.dat
2009-04-15 14:55 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 12:13 . 2008-07-01 12:21 34 ----a-w- c:\documents and settings\Pc\jagex_runescape_preferences.dat
2009-04-09 09:17 . 2006-12-30 10:53 70392 ----a-w- c:\documents and settings\Pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 20:17 . 2009-04-02 20:17 50938 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_47_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 50536 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_45_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 45728 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_28_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 44959 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_26_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 46092 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_22_small.dmp.zip
2009-04-02 20:17 . 2009-04-02 20:17 45184 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_02_21_40_14_small.dmp.zip
2009-03-31 19:48 . 2009-03-31 19:48 152576 ----a-w- c:\documents and settings\Pc\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-10-19 18:34 . 2008-10-19 18:34 80773 -c--a-w- c:\program files\MS_Office_2007_Enterprise_EN_ES_DE_IT_NL_PL_ PT___ISO_rar.torrent
2007-08-05 12:41 . 2007-08-05 12:47 31341447 ----a-w- c:\program files\GC2GoldDemo_setup.exe
2007-03-28 20:40 . 2007-03-28 20:40 1395712 ----a-w- c:\program files\SteamInstall.msi
.
((((((((((((((((((((((((((((( SnapShot@2009-06-16_20.24.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-17 10:21 . 2009-06-17 10:21 16384 c:\windows\Temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7618560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-08-24 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
MSI US54SE 802.11b+g USB Stick Utility.lnk - c:\program files\MSI\US54SE_Utility\ZDWlan.exe [2007-7-29 483328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 15:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Aoe\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\simon_standard_liege\\cou nter-strike\\hl.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15/06/2009 15:33 64160]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29/07/2004 4:33 138780]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/01/2009 14:39 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/03/2009 0:43 108552]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIM ount.sys [29/07/2004 5:13 46779]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/03/2009 0:43 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/01/2009 14:39 298776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/03/2009 21:06 1005904]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [29/07/2007 19:56 20608]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [28/09/2008 20:04 33752]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uuigqbbm
.
Inhoud van de 'Gedeelde Taken' map
2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:32]
2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34]
2009-06-05 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-06-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 12:58
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-06-17 12:59
ComboFix-quarantined-files.txt 2009-06-17 10:59
ComboFix2.txt 2009-06-16 20:28
Pre-Run: 53.121.462.272 bytes beschikbaar
Post-Run: 53.103.742.976 bytes beschikbaar
206 --- E O F --- 2009-06-14 21:29
Roelof 17 June 2009, 13:47 Hoi,
Je lijkt schoon.
Voer voor de traagheid dit stappenplan (http://www.hijackthis.nl/forum/viewtopic.php?t=4442) eens uit.
Groetjes,
Roelof
Gangsta007 17 June 2009, 17:35 Ok, bedankt voor de hulp!
Groetjes
Roelof 17 June 2009, 17:56 Hoi,
Geen dank.
Geen problemen meer dan ?
Roelof
Gangsta007 18 June 2009, 21:18 Hoi,
Geen problemen meer nee, irritante virusmeldingen zijn verdwenen:)
Gangsta
Roelof 18 June 2009, 21:43 Oke,
Dan gaan we afsluiten.
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U, en Enter.
Dit verwijdert zowel ComboFix als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
Lees om herhaling te voorkomen deze beveiligingstips (http://www.jawwi.nl/beveiliging/basis.htmll) nog eens door.
Groetjes,
Roelof
|
|