Volledige versie bekijken : Virussen?
Bongers 29 August 2009, 22:06 Hallo,
Zojuist kreeg ik een melding dat er een aantal virussen op mijn computer zijn gevonden. Wat kan ik doen? Alvast bedankt!
Hier mijn HJT logje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:23, on 29-8-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Apps\RecordNow\RecordNow.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\Documents and Settings\All Users\Application Data\12928434\12928434.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [12928434] C:\Documents and Settings\All Users\Application Data\12928434\12928434.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249040690656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
--
End of file - 6087 bytes
Bongers 29 August 2009, 22:13 Dit virus kreeg ik dus ook:
http://remove-malware.net/how-to-remove-total-security-452-rogue-anti-spyware/
Ik ben echter een leek als het om computers gaat, vandaar dat ik om deskundig advies vraag. bvd.
Rosty 30 August 2009, 08:44 Download MBAM (Malwarebytes' Anti-Malware) via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.
Bongers 30 August 2009, 14:25 MBAM meldt een fout als ik het programma probeer op te starten. Het opent dus niet. Gisteren werkte hij wel nog, de log is dus iets verouderd.
Malwarebytes' Anti-Malware 1.40
Database versie: 2551
Windows 5.1.2600 Service Pack 2
29-8-2009 22:57:34
mbam-log-2009-08-29 (22-57-34).txt
Scan type: Snelle Scan
Objecten gescand: 104670
Verstreken tijd: 8 minute(s), 19 second(s)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 3
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 9
Geheugenprocessen geïnfecteerd:
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\glaide32 (Rootkit.Rustok) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\12928434 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\12928434 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Documents and Settings\All Users\Application Data\12928434\12928434 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12928434\12928434.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12928434\pc12928434ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\TMP7F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\OBM9QDEH\sys[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv331250826839.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Rosty 30 August 2009, 14:28 Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.
Bongers 30 August 2009, 14:42 Tijdens het starten van Combofix kreeg ik idd de melding van mijn AVG scanner. Hoe krijg ik deze uitgeschakeld? In het AVG menu zie ik het niet staan.
Edit: gevonden.
Bongers 30 August 2009, 15:13 Het Combofix logje:
ComboFix 09-08-29.01 - Rob 30-08-2009 14:59.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.232 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Rob\Mijn documenten\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\11268284
c:\documents and settings\All Users\Application Data\11268284\11268284
c:\documents and settings\All Users\Application Data\11268284\11268284.exe
c:\documents and settings\All Users\Application Data\11268284\pc11268284ins
c:\documents and settings\Rob\Application Data\wiaserva.log
c:\documents and settings\Rob\Menu Start\Programma's\Opstarten\ikowin32.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-1068597934-3841017837-2964589304-1003
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
(((((((((((((((((((( Bestanden Gemaakt van 2009-07-28 to 2009-08-30 ))))))))))))))))))))))))))))))
.
2009-08-30 12:21 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 12:20 . 2009-08-30 12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 12:20 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-29 22:21 . 2009-08-30 12:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-29 21:01 . 2009-08-29 22:00 81152 ----a-w- c:\windows\system32\drivers\7e4d70e1.sys
2009-08-29 20:45 . 2009-08-29 20:45 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2009-08-29 20:45 . 2009-08-29 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-29 20:27 . 2009-08-29 20:27 -------- d-----w- c:\program files\Enigma Software Group
2009-08-29 20:02 . 2009-08-29 20:02 -------- d-----w- c:\program files\Trend Micro
2009-08-24 21:59 . 2009-08-30 12:25 -------- d--h--r- c:\documents and settings\Rob\Onlangs geopend
2009-08-24 21:48 . 2009-08-24 21:48 -------- d-----w- c:\program files\CCleaner
2009-08-22 13:43 . 2009-08-22 13:43 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\MicroVision Applications
2009-08-12 10:05 . 2009-07-10 13:42 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 10:05 . 2009-06-05 07:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-09 10:19 . 2009-08-30 12:46 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-05 18:56 . 2009-08-05 18:56 -------- d-----w- c:\documents and settings\Rob\Application Data\Sonic
2009-08-05 18:56 . 2009-08-05 18:56 -------- d-----w- c:\documents and settings\Rob\Application Data\Leadertech
2009-08-05 11:11 . 2009-08-05 11:11 -------- d-----w- c:\documents and settings\Rob\Application Data\AdobeUM
2009-08-05 10:58 . 2009-08-05 10:58 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Adobe
2009-08-05 09:07 . 2009-08-05 09:07 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 15:03 . 2009-08-04 15:03 -------- d-----w- c:\documents and settings\Koen\Local Settings\Application Data\AVG Security Toolbar
2009-08-04 15:02 . 2009-08-04 15:02 -------- d-----w- c:\documents and settings\Koen\Local Settings\Application Data\Mozilla
2009-08-04 15:00 . 2009-08-04 15:01 -------- d-----w- c:\documents and settings\Koen\Application Data\Winamp
2009-08-04 14:58 . 2009-06-14 14:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-04 14:54 . 2009-08-04 14:54 80144 ----a-w- c:\documents and settings\Koen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-04 10:11 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-08-04 10:08 . 2009-08-04 10:10 -------- d-----w- c:\windows\SHELLNEW
2009-08-04 10:07 . 2009-08-04 10:07 -------- d-----w- c:\program files\Microsoft.NET
2009-08-04 10:06 . 2009-08-04 10:06 -------- d--h--r- C:\MSOCache
2009-08-04 10:04 . 2009-08-04 10:04 4 ----a-w- c:\windows\system32\postinstall.cmd
2009-08-04 10:04 . 2009-08-04 10:04 128 ----a-w- c:\windows\system32\batch.cmd
2009-08-03 17:39 . 2009-08-03 17:39 -------- d-----w- c:\program files\Wanadoo
2009-08-02 13:09 . 2002-08-29 17:00 1703936 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-02 13:09 . 2000-05-01 21:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2009-08-02 13:09 . 2009-08-02 13:09 -------- d-----w- c:\program files\PIXresizer
2009-08-01 10:02 . 2009-08-01 10:02 -------- d-----w- c:\program files\MSXML 4.0
2009-08-01 09:37 . 2009-04-28 20:20 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-08-01 09:37 . 2009-04-28 20:20 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-08-01 09:37 . 2009-04-28 20:20 129520 ------w- c:\windows\system32\pxafs.dll
2009-08-01 09:37 . 2009-08-01 11:38 -------- d-----w- c:\documents and settings\Rob\Application Data\Winamp
2009-08-01 09:37 . 2009-08-01 09:48 -------- d-----w- c:\program files\Winamp
2009-08-01 09:13 . 2009-08-01 09:13 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\AVG Security Toolbar
2009-08-01 08:53 . 2009-08-16 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-01 08:53 . 2009-08-01 08:53 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-01 08:53 . 2009-08-16 09:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-01 08:53 . 2009-08-16 09:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-01 08:52 . 2009-08-29 20:09 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-01 08:52 . 2009-08-04 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-01 08:51 . 2009-08-01 08:51 -------- d-----w- c:\program files\AVG
2009-08-01 08:51 . 2009-08-25 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-01 08:31 . 2009-08-01 08:58 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-01 08:29 . 2008-06-14 18:00 272640 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-01 08:27 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-08-01 08:27 . 2008-04-11 18:51 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-01 08:26 . 2008-10-03 10:17 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-01 08:26 . 2008-04-21 21:28 218624 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-01 08:22 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-01 08:22 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-31 19:03 . 2009-07-31 19:03 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Identities
2009-07-31 18:38 . 2009-07-31 18:38 -------- d-----w- c:\program files\SopCast
2009-07-31 17:47 . 2001-09-06 19:27 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-31 17:47 . 2004-08-04 08:03 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-31 15:06 . 2009-08-30 07:14 -------- d-----w- c:\documents and settings\Rob\Tracing
2009-07-31 15:05 . 2009-07-31 15:05 -------- d-----w- c:\program files\Microsoft
2009-07-31 15:05 . 2009-07-31 15:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-31 15:04 . 2009-07-31 15:05 -------- d-----w- c:\program files\Windows Live
2009-07-31 15:01 . 2009-07-31 15:01 -------- d-----w- c:\documents and settings\Eigenaar\Mijn documenten
2009-07-31 15:01 . 2009-07-31 15:01 -------- d-----w- c:\documents and settings\Eigenaar
2009-07-31 15:00 . 2009-07-31 15:00 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-31 14:55 . 2009-08-05 11:33 80144 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 14:55 . 2009-07-31 14:55 -------- d-----w- c:\documents and settings\LocalService\Menu Start
2009-07-31 14:54 . 2009-08-04 10:11 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-07-31 14:18 . 2009-07-31 14:18 -------- d-----w- c:\windows\peernet
2009-07-31 14:17 . 2009-07-31 14:17 -------- d-----w- c:\windows\provisioning
2009-07-31 14:15 . 2009-08-13 15:55 -------- d-----w- c:\windows\ServicePackFiles
2009-07-31 14:09 . 2009-07-31 14:09 -------- d-----w- c:\windows\EHome
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-29 20:58 . 2009-07-31 10:52 -------- d-----w- c:\documents and settings\Rob\Application Data\BitTorrent
2009-08-29 18:57 . 2009-07-31 11:35 -------- d-----w- c:\documents and settings\Rob\Application Data\vlc
2009-08-19 10:54 . 2003-01-29 12:46 70426 ----a-w- c:\windows\system32\perfc013.dat
2009-08-19 10:54 . 2003-01-29 12:46 444960 ----a-w- c:\windows\system32\perfh013.dat
2009-08-08 15:21 . 2009-07-30 18:11 29397 ----a-w- c:\windows\hpoins03.dat
2009-08-08 15:19 . 2009-08-08 15:19 80144 ----a-w- c:\documents and settings\Anja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 10:07 . 2009-07-30 15:41 -------- d-----w- c:\program files\Microsoft Works
2009-08-05 09:07 . 2002-12-11 22:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 14:21 . 2003-01-29 13:06 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-31 10:52 . 2009-07-31 10:52 -------- d-----w- c:\program files\BitTorrent
2009-07-31 10:48 . 2009-07-31 10:48 -------- d-----w- c:\program files\VideoLAN
2009-07-31 09:48 . 2009-07-31 09:48 0 ----a-w- c:\windows\nsreg.dat
2009-07-30 17:21 . 2009-07-30 18:11 -------- d-----w- c:\program files\HP
2009-07-30 17:21 . 2009-07-30 17:21 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-07-30 17:19 . 2009-07-30 17:19 -------- d-----w- c:\program files\Common Files\HP
2009-07-30 15:46 . 2009-07-30 15:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-30 15:46 . 2009-08-08 15:19 -------- d-----w- c:\documents and settings\Anja\Application Data\InterTrust
2009-07-30 15:46 . 2009-07-30 17:43 -------- d-----w- c:\documents and settings\Rob\Application Data\InterTrust
2009-07-30 15:46 . 2009-07-30 15:54 -------- d-----w- c:\documents and settings\Koen\Application Data\InterTrust
2009-07-30 15:42 . 2009-07-30 15:42 -------- d-----w- c:\program files\Virtual CD v4 SDK
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\aod
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Common Files\Real
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Real
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Sonic
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\QuickTime
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-07-30 15:39 . 2009-07-30 15:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 15:39 . 2009-07-30 15:39 -------- d-----w- c:\program files\CyberLink
2009-07-30 15:31 . 2009-07-30 15:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-17 19:01 . 2003-01-29 12:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2009-07-30 15:32 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:20 . 2006-06-23 11:29 662528 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:20 . 2004-08-04 08:03 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-25 08:48 . 2005-06-15 17:52 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:48 . 2003-01-29 12:46 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:48 . 2003-01-29 12:46 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:48 . 2003-01-29 12:46 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:48 . 2003-01-29 12:45 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:48 . 2003-01-29 12:45 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-22 11:34 . 2003-01-29 12:45 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2005-10-17 21:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2003-01-29 12:45 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:33 . 2003-01-29 12:46 79872 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:26 . 2003-01-29 12:44 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2003-01-29 12:46 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:55 . 2003-01-29 13:01 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2005-08-30 07:26 1294848 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-14 57344]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [30-7-2009 17:40 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1-8-2009 10:53 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1-8-2009 10:53 108552]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsm pdrv.sys [30-7-2009 17:42 49024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1-8-2009 10:52 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1-8-2009 10:52 297752]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [30-7-2009 17:42 139264]
.
Inhoud van de 'Gedeelde Taken' map
2009-08-13 c:\windows\Tasks\Herinnering voor registratie 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 08:03]
2009-08-25 c:\windows\Tasks\WebReg 20090730192606.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-06 23:43]
2009-08-25 c:\windows\Tasks\WebReg 20090808172312.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-06 23:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = www.google.nl/
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\izqkwcdx.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 15:07
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\ð•€|ÿÿÿÿ.•€|ù•Ñw�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(3184)
c:\windows\system32\msi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\hpzipm12.exe
c:\program files\HP\hpcoretech\comp\hpdarc.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-08-30 15:11 - machine werd herstart
ComboFix-quarantined-files.txt 2009-08-30 13:11
Pre-Run: 30.972.207.104 bytes beschikbaar
Post-Run: 31.113.375.744 bytes beschikbaar
318 --- E O F --- 2009-08-27 16:44
Rosty 30 August 2009, 19:52 Nog problemen nu?
Bongers 31 August 2009, 12:44 Nee ik geloof het niet. Heb de virusscanner (AVG) er eens overheen laten gaan en 1 threat gevonden. Die is, als het goed is, verwijderd. Heel erg bedankt!
Rosty 31 August 2009, 13:13 Hoi,
Lees alvast deze Preventie pagina (http://users.telenet.be/bluepatchy/miekiemoes/preventie.html) met info en tips hoe dit in de toekomst te voorkomen.
En lees deze pagina (http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html) om je computer terug te optimaliseren na het verwijderen van malware.
Extra nota: Zorg ervoor dat je programma's up to date zijn - want oudere versies kunnen Security Leaks bevatten. Om na te gaan welke programma's je moet updaten, voer de Secunia Software Inspector (http://secunia.com/software_inspector/) Scan uit.
Bongers 2 September 2009, 18:11 Ok bedankt.
Nu heb ik zojuist weer geprobeerd te downloaden met Bittorrent, en wat krijg ik? Alweer een melding dat er spyware is gevonden op de computer :(
Een pop-up van het Resident Shield meld dit: Trojan horse Generic 14.AJKE
het logje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:10, on 2-9-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sys32_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sys32_nov] C:\Documents and Settings\Rob\sys32_nov.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249040690656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
--
End of file - 5067 bytes
Rosty 2 September 2009, 19:13 Ok bedankt.
Nu heb ik zojuist weer geprobeerd te downloaden met Bittorrent, en wat krijg ik? Alweer een melding dat er spyware is gevonden op de computer :(
Een pop-up van het Resident Shield meld dit: Trojan horse Generic 14.AJKE
Is dit wel een veilige download??????
Bongers 2 September 2009, 19:17 de download was verified volgens torrentz.com. blijkbaar was ie dus toch niet veilig. ik download al jaren met torrents, nooit problemen gehad. alleen nu, sinds een paar weken heb ik mijn oude pc opnieuw geïnstalleerd en heb ik in 1 week tijd dus 2 keer de melding van een virus.
Bongers 2 September 2009, 19:32 Ik krijg trouwens mijn firewall (windows beveiligingscentrum) niet ingeschakeld :S
Rosty 2 September 2009, 20:23 Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.
Bongers 2 September 2009, 22:32 Ik heb Combofix gedownload, maar als ik er op dubbelklik opent ie niet. heb het al meerdere keren geprobeerd :S
Rosty 3 September 2009, 09:17 Download Dr.Web CureIt en plaats het op je bureaublad: cureit.exe (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe).
Dubbelklik op cureit.exe, en klik daarna op Start om het programma een snelle scan te laten uitvoeren.
Deze snelle scan zal de bestanden scannen die momenteel in het geheugen geladen zijn.
Wordt er wat gevonden, dan laat je CureIt dit repareren.
- Verschijnt er een venster met een aanbieding tot kopen met 50% korting, dan klik je deze weg met het kruisje.
Daarna zal het hoofdvenster zichtbaar worden.
- Kies bovenaan in het menu Optie voor Taal en wijzig deze naar Dutch (Nederlands), indien deze anders ingesteld staat.
- In het menu Opties kies je voor Instellingen veranderen (F9).
Op het tabblad "Scan" haal je het vinkje weg bij Heuristic Analyse.
Druk op Toepassen.
Op het tabblad "Bestandstypen" moet bij Scan mode geselecteerd zijn: Alle bestanden.
Op het tabblad "Acties" stel je het volgende in bij Malware:
-Adware: Verplaats
-Dialers: Verplaats
-Jokes: Rapportage
-Riskware: Rapportage
-Hacktools: Verplaats
Nog steeds op het tabblad "Acties" stel je het volgende in bij Objecten:
- Geïnfecteerde objecten: Repareer
- Onrepareerbare: Verplaats
- Verdachte objecten: Rapportage
Haal dan het vinkje weg bij: Prompt bij actie.
Druk op Toepassen.
Druk daarna op OK.
Terug in het hoofdvenster kan je selecteren welke scan je wil uitvoeren.
- Selecteer Volledige scan
Klik op de groene pijl aan de rechterkant om de scan te starten.
Indien de geïnfecteerde bestanden niet kunnen gedesinfecteerd worden, zullen deze verplaatst worden naar de map %userprofile%\DoctorWeb\Quarantine.
- Als de scan klaar is kies je in het menu voor Bestand voor Rapportagelijst opslaan en sla je de log op op je bureaublad.
- Sluit daarna Dr.Web Cureit.
Herstart je computer.
Dit moet je zeker uitvoeren, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen of verwijderen na een herstart.
Als de computer opnieuw gestart is, kopieer en plak je de inhoud van de log die je eerder hebt opgeslagen op je bureaublad, in je volgende post.
Post ook een nieuwe hijackthislog.
Bongers 3 September 2009, 11:15 Hier hetzelfde verhaal, Cure It start ook niet :(
Verder kreeg ik gisteren en vanmorgen ook een melding van PC Antispyware 2010. Ik heb het gegoogled en dat bleek dus ook zoiets te zijn als Total Security 2009 (wat ik vorige week had).
Rosty 3 September 2009, 12:07 Download RootRepeal
Gebruik je Winzip RootRepeal (http://ad13.geekstogo.com/RootRepeal.zip) of van hier (http://rootrepeal.psikotick.com/RootRepeal.zip)
Gebruik je WinRar RootRepeal (http://ad13.geekstogo.com/RootRepeal.rar) of van hier (http://rootrepeal.psikotick.com/RootRepeal.rar)
Unzip het in een eigen map.
Dubbelklik op RootRepeal.exe om het programma te starten.
Klik op de knop "Report”en dan op “Scan"
Plaats een vinkje in Select Scan bij Drivers Processes SSDT Hidden ServicesSluit alle Programma’s en gebruik je PC niet tijdends de scan
Klik op OK.
Wanneer de scan klaar is klik Save Report en sla het op als RootRepeal.txt
Plaats dit op je bureaublad en post de inhoud van dit rapport in je volgende antwoord.
Bongers 3 September 2009, 12:47 Bij deze:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/03 12:45
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2C0E000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A9E000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2173000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: C:\WINDOWS\system32\braviax.exe
PID: 1744 Status: Hidden from the Windows API!
SSDT
-------------------
#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\Drivers\Beep.SYS" at address 0xf87281a0
==EOF==
Bongers 3 September 2009, 19:44 Hijackthis start trouwens ook niet..
Bongers 4 September 2009, 11:31 Heb zojuist MBAM toch aan de praat gekregen. Niet alle bestanden konden verwijderd worden. In de C schijf staat nog steeds de map PC Antispyware 2010, deze krijg ik niet verwijderd. De pop-ups zijn wel weg. HijackThis opent nog steeds niet trouwens.
Het MBAM logje:
Malwarebytes' Anti-Malware 1.40
Database versie: 2738
Windows 5.1.2600 Service Pack 2
4-9-2009 11:12:18
mbam-log-2009-09-04 (11-12-18).txt
Scan type: Snelle Scan
Objecten gescand: 106606
Verstreken tijd: 7 minute(s), 37 second(s)
Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 4
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 6
Registerdata bestanden geïnfecteerd: 6
Mappen geïnfecteerd: 3
Bestanden geïnfecteerd: 50
Geheugenprocessen geïnfecteerd:
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.PC_AntiSpyware2010) -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro) -> Delete on reboot.
C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_AntiSpyware2010) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_AntiSpyware2010) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\pc_antispyware2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\pc antispyware 2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\ForceClassicControlPan el (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.
Registerdata bestanden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
C:\Program Files\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\data (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\Temporary Internet Files\Content.IE5\G41D40F3\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\OBM9QDEH\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\OBM9QDEH\Install[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\AVEngn.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\PC_Antispyware2010.cfg (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\PC_Antispyware2010.exe (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\pthreadVC2.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Uninstall.exe (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\wscui.cpl (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\data\daily.cvd (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT\Micros oft.VC80.CRT.manifest (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcm8 0.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcp8 0.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcr8 0.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_AntiSpyware2010.lnk (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\temp\tmpwr2 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\temp\tmpwr3 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\temp\tmpwr4 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\temp\tmpwr5 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\temp\tmpwr6 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\temp\tmpwr7 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\temp\tmpwr8 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Local Settings\temp\tmpwr9 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\temp\tmpwr2 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\temp\tmpwr3 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\temp\tmpwr4 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\temp\tmpwr5 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\temp\tmpwr6 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\temp\tmpwr7 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv101251705172.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\etagadadan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashd iuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Rosty 4 September 2009, 12:49 Hoi,
doe even volgende:
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
Belangrijk: herstart je PC!!!
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.
Bongers 4 September 2009, 13:43 Combofix start niet... Heb het bovenstaande gedaan, maar na herstarten stond Combofix gewoon nog op de pc. Na het herstarten kwamen de pop-ups ook weer terug (de meldingen van spyware en PC Antispyware 2010). Heb Combofix nog eens gedownload, maar ik kan er zo vaak op klikken als ik wil, het programma start niet.
Rosty 5 September 2009, 08:22 Download en installeer Superantispyware (http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE)
Start Superantispyware en klik de check for updates knop.
Na het updaten, klik de scan your computer knop.
Vink aan: Perform Complete Scan en klik daarna op next.
Superantispyware zal je computer scannen. Daarna zal het een lijst weergeven van alles die gevonden werd.
Vink al hetgeen gevonden werd aan en klik op next.
Klik finish om terug naar het hoofdvenster te keren.
Klik Preferences en klik daarna de statistics/logs tab. Klik op de gedateerde log en selecteer view log.
Dit zal de log openen. Deze heb ik nadien nodig.
Herstart daarna je pc. Belangrijk!!! Post de log van SAS samen met een nieuw HijackThis log.
Bongers 5 September 2009, 11:02 Ik had Superantispyware gisteren al gedownload, maar nu doet ie het niet meer... snap er niks van. Ik heb het programma al een paar keer verwijderd en opnieuw gedownload, maar er gebeurt niks :(
EDIT: Ik heb iemand ernaar laten kijken, die heeft het één en ander verwijderd. Heb MBAM nog eens laten lopen en één bestand kon niet verwijderd worden (wilt U dat ik deze log plaats?).
Nog steeds krijg ik pop-ups van AVG Resident Shield die threats vindt. SAS doet het nu wel, die loopt nu. De log zal ik zo plaatsen.
Rosty 5 September 2009, 12:55 Post de log van MBAM ook maar hoor!
Bongers 5 September 2009, 14:45 Bij deze de logjes:
MBAM
Malwarebytes' Anti-Malware 1.40
Database versie: 2744
Windows 5.1.2600 Service Pack 2
5-9-2009 12:16:56
mbam-log-2009-09-05 (12-16-56).txt
Scan type: Volledige Scan (C:\|)
Objecten gescand: 138442
Verstreken tijd: 33 minute(s), 37 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 6
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.
Registerdata bestanden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashd iuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
SAS
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/05/2009 at 01:38 PM
Application Version : 4.28.1010
Core Rules Database Version : 4086
Trace Rules Database Version: 2026
Scan type : Complete Scan
Total Scan Time : 00:59:15
Memory items scanned : 593
Memory threats detected : 0
Registry items scanned : 5408
Registry threats detected : 0
File items scanned : 18641
File threats detected : 27
Adware.Tracking Cookie
C:\Documents and Settings\Rob\Cookies\rob@atdmt[2].txt
Trojan.Agent/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002292.EXE
Rootkit.Agent/Gen-Rustock
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002293.SYS
Rootkit.BraviaX-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002340.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002324.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002328.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002330.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002350.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002351.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002357.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002366.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002367.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP4\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP5\A0002390.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP7\A0002449.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP7\A0002450.SYS
Trojan.Agent/Gen-FakeDrop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002323.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002338.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002339.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002355.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP3\A0002356.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP7\A0002453.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP7\A0002454.EXE
Rogue.XPSecurityCenter
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP7\A0002489.CPL
Rogue.Agent/Gen-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP7\A0002486.EXE
Trojan.Downloader-Gen/Win
C:\WINDOWS\CRUDD629.DAT
C:\WINDOWS\SYSTEM32\CRDDU629.DAT
[B]Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:09, on 5-9-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Documents and Settings\Rob\Bureaublad\pchulplijntools 09005555533\HiJais202.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249040690656
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
--
End of file - 4676 bytes
Bongers 5 September 2009, 14:47 Ik weet niet of het er veel mee te maken heeft, maar mijn firewall (van Windows beveiligingscentrum) krijg ik al een paar dagen niet ingeschakeld. Het lijkt wel alsof het virus die uitgeschakeld heeft. Weet U hoe ik dit kan oplossen? Bvd.
Rosty 5 September 2009, 15:01 Kun je MBAM eens updaten en een nieuwe scan doen, aub?
Probeer ComboFix ook nog eens aub?
Bongers 5 September 2009, 17:43 MBAM (snelle scan)
Malwarebytes' Anti-Malware 1.40
Database versie: 2744
Windows 5.1.2600 Service Pack 2
5-9-2009 17:13:35
mbam-log-2009-09-05 (17-13-35).txt
Scan type: Snelle Scan
Objecten gescand: 106121
Verstreken tijd: 16 minute(s), 2 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\WINDOWS\temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashd iuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
Combofix
ComboFix 09-09-04.02 - Rob 05-09-2009 17:32.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.221 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Rob\Mijn documenten\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documenten\edeculu.scr
c:\documents and settings\All Users\Documenten\erices.ban
c:\documents and settings\All Users\Documenten\hijihityge.dll
c:\documents and settings\All Users\Documenten\kokexy.scr
c:\documents and settings\All Users\Documenten\ribek.bin
c:\documents and settings\All Users\Documenten\suxykam.bin
c:\documents and settings\All Users\Documenten\vaqajit.sys
c:\documents and settings\All Users\Documenten\yqurih.bat
c:\documents and settings\LocalService\Application Data\diticutuw.vbs
c:\documents and settings\LocalService\Application Data\idodojogat.pif
c:\documents and settings\LocalService\Application Data\jizuf.inf
c:\documents and settings\LocalService\Application Data\jotijun.bat
c:\documents and settings\LocalService\Application Data\setetisapu.exe
c:\documents and settings\LocalService\Application Data\ulevuzu.dll
c:\documents and settings\LocalService\Application Data\usosidat.exe
c:\documents and settings\LocalService\Application Data\ywopojuxux.dll
c:\documents and settings\LocalService\Application Data\zepyp.reg
c:\documents and settings\LocalService\Local Settings\Application Data\dykadariz._dl
c:\documents and settings\LocalService\Local Settings\Application Data\ixylevahul.bin
c:\documents and settings\LocalService\Local Settings\Application Data\nimuse.exe
c:\documents and settings\LocalService\Local Settings\Application Data\omuzagi.inf
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\fetox._dl
c:\documents and settings\Rob\Local Settings\Application Data\ybyzygazyx.exe
c:\documents and settings\Rob\Local Settings\Temporary Internet Files\fuhezufaw.sys
c:\documents and settings\Rob\Local Settings\Temporary Internet Files\igylecij.bat
c:\documents and settings\Rob\Local Settings\Temporary Internet Files\nabowaxit.lib
c:\documents and settings\Rob\Local Settings\Temporary Internet Files\wybofotawi.reg
c:\program files\Common Files\dividip.exe
c:\program files\Common Files\jujytulyra.scr
c:\program files\Common Files\jyhurofas.com
c:\program files\Common Files\lituxilaj.pif
c:\program files\Common Files\nehican._dl
c:\program files\Common Files\qajyxorejo._dl
c:\program files\Common Files\ryqyb.scr
c:\program files\Common Files\suka.vbs
c:\program files\Common Files\vikutyx.ban
c:\program files\Common Files\zitebido.ban
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-08-05 to 2009-09-05 ))))))))))))))))))))))))))))))
.
2009-09-05 10:34 . 2009-09-05 10:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-05 10:33 . 2009-09-05 10:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-05 08:23 . 2009-09-05 08:23 12483 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\onyv.dat
2009-09-04 15:04 . 2002-09-11 10:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-04 15:04 . 2002-09-11 10:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-09-04 13:40 . 2009-09-04 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-04 13:40 . 2009-09-04 13:40 -------- d-----w- c:\documents and settings\Rob\Application Data\SUPERAntiSpyware.com
2009-09-04 12:10 . 2009-09-04 12:10 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\AVG Security Toolbar
2009-09-04 12:08 . 2009-09-04 12:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-04 12:08 . 2009-09-04 12:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-04 12:08 . 2009-09-04 12:08 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-04 12:08 . 2009-09-04 12:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-04 12:07 . 2009-09-05 08:27 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-04 12:07 . 2009-09-04 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-04 12:04 . 2009-09-04 12:04 -------- d-----w- c:\documents and settings\Rob\Application Data\AVG8
2009-09-04 09:28 . 2009-09-04 09:28 12597 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\yxiwav.dat
2009-09-03 16:41 . 2009-09-03 16:41 -------- d-----w- c:\program files\Norton
2009-09-03 15:42 . 2009-09-03 16:17 -------- d-----w- c:\documents and settings\Koen\Application Data\BitTorrent
2009-09-03 15:41 . 2009-09-03 15:41 -------- d-sh--w- c:\documents and settings\Koen\IETldCache
2009-09-03 15:36 . 2009-09-03 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-03 08:56 . 2009-09-05 15:27 94272 ----a-w- c:\windows\system32\dllcache\agp440.sys
2009-09-02 20:50 . 2009-09-02 20:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-02 20:47 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 20:47 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 20:47 . 2009-09-04 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 20:25 . 2009-09-02 20:25 -------- d-sh--w- c:\documents and settings\Rob\PrivacIE
2009-09-02 20:20 . 2009-09-02 20:20 17491 ----a-w- c:\program files\Common Files\omexiz.dat
2009-09-02 17:24 . 2009-09-02 17:24 -------- d-sh--w- c:\documents and settings\Rob\IECompatCache
2009-09-02 16:35 . 2009-09-02 16:35 -------- d-sh--w- c:\documents and settings\Rob\IETldCache
2009-09-02 16:30 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-02 16:28 . 2009-09-02 16:28 -------- d-----w- c:\windows\ie8updates
2009-09-02 16:26 . 2009-07-03 17:00 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-02 16:26 . 2009-07-03 17:00 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-02 16:26 . 2009-07-03 17:00 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-02 16:26 . 2009-07-03 17:00 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-09-02 16:26 . 2009-07-03 17:00 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-02 16:26 . 2009-07-19 16:48 11067392 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-09-02 16:24 . 2009-09-03 16:19 -------- dc-h--w- c:\windows\ie8
2009-09-02 16:24 . 2009-09-02 16:26 -------- d-----w- c:\windows\system32\nl-NL
2009-09-01 08:08 . 2009-09-01 08:08 -------- d-----w- c:\documents and settings\Anja\Local Settings\Application Data\AVG Security Toolbar
2009-09-01 08:07 . 2009-09-01 08:07 -------- d-----w- c:\documents and settings\Anja\Local Settings\Application Data\Mozilla
2009-08-29 22:21 . 2009-08-30 12:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-29 20:45 . 2009-08-29 20:45 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2009-08-29 20:45 . 2009-08-29 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-29 20:27 . 2009-08-29 20:27 -------- d-----w- c:\program files\Enigma Software Group
2009-08-29 20:02 . 2009-08-29 20:02 -------- d-----w- c:\program files\Trend Micro
2009-08-24 21:59 . 2009-09-05 12:45 -------- d--h--r- c:\documents and settings\Rob\Onlangs geopend
2009-08-24 21:48 . 2009-08-24 21:48 -------- d-----w- c:\program files\CCleaner
2009-08-22 13:43 . 2009-08-22 13:43 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\MicroVision Applications
2009-08-12 10:05 . 2009-07-10 13:42 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 10:05 . 2009-06-05 07:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-09 10:19 . 2009-09-05 15:28 -------- d--h--w- C:\$AVG8.VAULT$
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-05 15:27 . 2003-01-29 13:36 94272 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-09-05 08:23 . 2009-09-05 08:23 19555 ----a-w- c:\program files\Common Files\iregipuda.db
2009-09-04 13:35 . 2009-08-01 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-04 12:03 . 2009-09-04 12:03 10402 ----a-w- c:\documents and settings\LocalService\Application Data\otityt.dat
2009-09-03 16:42 . 2009-09-03 15:37 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-03 16:42 . 2009-09-03 15:37 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-03 16:19 . 2009-07-31 10:52 -------- d-----w- c:\documents and settings\Rob\Application Data\BitTorrent
2009-09-02 16:24 . 2009-08-01 09:37 -------- d-----w- c:\program files\Winamp
2009-09-02 16:01 . 2009-07-31 14:55 80144 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 23:01 . 2009-07-31 11:35 -------- d-----w- c:\documents and settings\Rob\Application Data\vlc
2009-08-19 10:54 . 2003-01-29 12:46 70426 ----a-w- c:\windows\system32\perfc013.dat
2009-08-19 10:54 . 2003-01-29 12:46 444960 ----a-w- c:\windows\system32\perfh013.dat
2009-08-08 15:21 . 2009-07-30 18:11 29397 ----a-w- c:\windows\hpoins03.dat
2009-08-08 15:19 . 2009-08-08 15:19 80144 ----a-w- c:\documents and settings\Anja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 10:07 . 2009-07-30 15:41 -------- d-----w- c:\program files\Microsoft Works
2009-08-05 18:56 . 2009-08-05 18:56 -------- d-----w- c:\documents and settings\Rob\Application Data\Sonic
2009-08-05 18:56 . 2009-08-05 18:56 -------- d-----w- c:\documents and settings\Rob\Application Data\Leadertech
2009-08-05 11:11 . 2009-08-05 11:11 -------- d-----w- c:\documents and settings\Rob\Application Data\AdobeUM
2009-08-05 09:07 . 2002-12-11 22:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:01 . 2009-08-04 15:00 -------- d-----w- c:\documents and settings\Koen\Application Data\Winamp
2009-08-04 14:54 . 2009-08-04 14:54 80144 ----a-w- c:\documents and settings\Koen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-04 10:07 . 2009-08-04 10:07 -------- d-----w- c:\program files\Microsoft.NET
2009-08-04 10:04 . 2009-08-04 10:04 128 ----a-w- c:\windows\system32\batch.cmd
2009-08-03 17:39 . 2009-08-03 17:39 -------- d-----w- c:\program files\Wanadoo
2009-08-02 13:09 . 2009-08-02 13:09 -------- d-----w- c:\program files\PIXresizer
2009-08-01 11:38 . 2009-08-01 09:37 -------- d-----w- c:\documents and settings\Rob\Application Data\Winamp
2009-08-01 10:02 . 2009-08-01 10:02 -------- d-----w- c:\program files\MSXML 4.0
2009-08-01 08:51 . 2009-08-01 08:51 -------- d-----w- c:\program files\AVG
2009-07-31 18:38 . 2009-07-31 18:38 -------- d-----w- c:\program files\SopCast
2009-07-31 15:05 . 2009-07-31 15:05 -------- d-----w- c:\program files\Microsoft
2009-07-31 15:05 . 2009-07-31 15:04 -------- d-----w- c:\program files\Windows Live
2009-07-31 15:05 . 2009-07-31 15:05 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-31 15:00 . 2009-07-31 15:00 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-31 10:52 . 2009-07-31 10:52 -------- d-----w- c:\program files\BitTorrent
2009-07-31 10:48 . 2009-07-31 10:48 -------- d-----w- c:\program files\VideoLAN
2009-07-31 09:48 . 2009-07-31 09:48 0 ----a-w- c:\windows\nsreg.dat
2009-07-30 17:21 . 2009-07-30 18:11 -------- d-----w- c:\program files\HP
2009-07-30 17:21 . 2009-07-30 17:21 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-07-30 17:19 . 2009-07-30 17:19 -------- d-----w- c:\program files\Common Files\HP
2009-07-30 15:46 . 2009-07-30 15:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-30 15:46 . 2009-08-08 15:19 -------- d-----w- c:\documents and settings\Anja\Application Data\InterTrust
2009-07-30 15:46 . 2009-07-30 17:43 -------- d-----w- c:\documents and settings\Rob\Application Data\InterTrust
2009-07-30 15:46 . 2009-07-30 15:54 -------- d-----w- c:\documents and settings\Koen\Application Data\InterTrust
2009-07-30 15:46 . 2009-07-30 15:54 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\InterTrust
2009-07-30 15:42 . 2009-07-30 15:42 -------- d-----w- c:\program files\Virtual CD v4 SDK
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\aod
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Common Files\Real
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Real
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\Sonic
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\program files\QuickTime
2009-07-30 15:40 . 2009-07-30 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-07-30 15:39 . 2009-07-30 15:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-30 15:39 . 2009-07-30 15:39 -------- d-----w- c:\program files\CyberLink
2009-07-30 15:31 . 2009-07-30 15:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-17 19:01 . 2003-01-29 12:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2009-07-30 15:32 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:00 . 2006-06-23 11:29 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:48 . 2005-06-15 17:52 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:48 . 2003-01-29 12:46 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:48 . 2003-01-29 12:46 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:48 . 2003-01-29 12:46 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:48 . 2003-01-29 12:45 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:48 . 2003-01-29 12:45 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-22 11:34 . 2003-01-29 12:45 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2005-10-17 21:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2003-01-29 12:45 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:33 . 2003-01-29 12:46 79872 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:26 . 2003-01-29 12:44 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2003-01-29 12:46 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-04 2007832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-14 57344]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-04 12:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [30-7-2009 17:40 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4-9-2009 14:08 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4-9-2009 14:08 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4-9-2009 14:50 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4-9-2009 14:49 74480]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsm pdrv.sys [30-7-2009 17:42 49024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4-9-2009 14:07 297752]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [30-7-2009 17:42 139264]
S0 nmbw;nmbw;c:\windows\system32\drivers\ouurpbyq.sys --> c:\windows\system32\drivers\ouurpbyq.sys [?]
S0 pgoufua;pgoufua;c:\windows\system32\drivers\qmrv.s ys --> c:\windows\system32\drivers\qmrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4-9-2009 14:50 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-08-13 c:\windows\Tasks\Herinnering voor registratie 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-01-29 08:03]
2009-09-02 c:\windows\Tasks\WebReg 20090730192606.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-06 23:43]
2009-09-05 c:\windows\Tasks\WebReg 20090808172312.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-06 23:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\izqkwcdx.default\
FF - prefs.js: keyword.URL - hxxp://nl.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_nl&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 17:38
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-3286202725-1258470527-2574915927-1006\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\ð•€|ÿÿÿÿ.•€|ù•Ñw�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(552)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Voltooingstijd: 2009-09-05 17:40
ComboFix-quarantined-files.txt 2009-09-05 15:39
ComboFix2.txt 2009-08-30 13:11
Pre-Run: 35.579.957.248 bytes beschikbaar
Post-Run: 35.548.766.208 bytes beschikbaar
304 --- E O F --- 2009-09-02 16:31
Rosty 5 September 2009, 20:50 Nog problemen nu?
Bongers 6 September 2009, 16:36 Nope, geen problemen meer. Bedankt! Als laatste vraag, momenteel heb ik dus alleen de AVG 8.5 (gratis versie) plus het Windows Beveiligingscentrum (waar ook de firewall in zit). Is dit voldoende beveiliging?
Rosty 6 September 2009, 17:20 Nope, geen problemen meer. Bedankt! Als laatste vraag, momenteel heb ik dus alleen de AVG 8.5 (gratis versie) plus het Windows Beveiligingscentrum (waar ook de firewall in zit). Is dit voldoende beveiliging?
Ik zou toch een externe FireWall gebruiken hoor!! Hier kun je alvast een vinden: http://users.telenet.be/bluepatchy/miekiemoes/Links.html#Firewalls
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
|
|