Volledige versie bekijken : Internet explorer loopt ineens trager
Keno 3 November 2009, 21:28 Goedenavond
Zouden jullie eens mijn logfile willen bekijken. Vanaf dit weekend doet mijne explorer, Mozilla Firefox raar. Hij blijft hangen als ik een webpagina wil opvragen, na een heel lange tijd kom het er wel door maar het is niet normaal meer. Ad-Aware en een virus scanner vinden geen problemen maar bij malwarebytes zijn er 7 die ik nie kan verwijderen maar ik denk da ik die al langer heb. Zouden jullie dat kunnen oplossen? Tis al een oude laptop van enkele jaren oud dus er kan wel achtergebleven rommel opstaan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:51, on 3/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {377B8674-8B07-4731-929F-C388B0166C6A} - c:\windows\system32\whkonck.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BC7D59E2-08A5-49E1-A7AE-4D913330C6D1} - C:\DOCUME~1\Koen\LOCALS~1\Temp\dmE.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253050177560
O16 - DPF: {89869334-AA13-489A-9A07-2BA062714A29} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/en/MessengerInstaller.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5534/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: vklcjrfi - C:\WINDOWS\SYSTEM32\whkonck.dll
O21 - SSODL: UpxFna - {0CE52581-A64F-8F2B-20D9-C5D250089592} - (no file)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
--
End of file - 7331 bytes
Rosty 4 November 2009, 18:56 Download MalwareBytes' Anti-Malware (http://www.besttechie.net/mbam/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.
MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
Plaats dit logje samen met een nieuw logje van HijackThis .
Keno 4 November 2009, 22:38 Dankjewel voor je reactie. Is zijn mijn nieuwe logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:45, on 4/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {377B8674-8B07-4731-929F-C388B0166C6A} - c:\windows\system32\whkonck.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BC7D59E2-08A5-49E1-A7AE-4D913330C6D1} - C:\DOCUME~1\Koen\LOCALS~1\Temp\dmE.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253050177560
O16 - DPF: {89869334-AA13-489A-9A07-2BA062714A29} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/en/MessengerInstaller.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5534/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: vklcjrfi - C:\WINDOWS\SYSTEM32\whkonck.dll
O21 - SSODL: UpxFna - {0CE52581-A64F-8F2B-20D9-C5D250089592} - (no file)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
--
End of file - 7332 bytes
Malwarebytes' Anti-Malware 1.41
Database versie: 3101
Windows 5.1.2600 Service Pack 2
4/11/2009 21:26:13
mbam-log-2009-11-04 (21-26-13).txt
Scan type: Snelle Scan
Objecten gescand: 122262
Verstreken tijd: 13 minute(s), 52 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 8
Registerwaarden geïnfecteerd: 5
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 4
Bestanden geïnfecteerd: 168
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{377b8674-8b07-4731-929f-c388b0166c6a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vklcjrfi (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{377b8674-8b07-4731-929f-c388b0166c6a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{bc7d59e2-08a5-49e1-a7ae-4d913330c6d1} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bc7d59e2-08a5-49e1-a7ae-4d913330c6d1} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run\svcho (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\Documents and Settings\Koen\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550 (Rogue.RegTool) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
c:\WINDOWS\system32\whkonck.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\DOCUME~1\Koen\LOCALS~1\Temp\dmE.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\results.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Logs\2008-11-29 17-43-190.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Logs\2008-11-29 17-51-030.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Koen\Application Data\RegTool\Quarantine\2008-11-29 17-45-550\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
Rosty 5 November 2009, 12:15 Hoi,
open HijackThis, klik op do a scan only en vink volgende regels aan:
O2 - BHO: (no name) - {377B8674-8B07-4731-929F-C388B0166C6A} - c:\windows\system32\whkonck.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BC7D59E2-08A5-49E1-A7AE-4D913330C6D1} - C:\DOCUME~1\Koen\LOCALS~1\Temp\dmE.dll (file missing)
O20 - Winlogon Notify: vklcjrfi - C:\WINDOWS\SYSTEM32\whkonck.dll
O21 - SSODL: UpxFna - {0CE52581-A64F-8F2B-20D9-C5D250089592} - (no file)
Sluit alle open vensters, behalve Hijackthis, en klik op Fix Checked. Sluit HijackThis.
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord samen met een nieuw Hijackthis log.
Keno 5 November 2009, 16:16 oke. Ik heb Combofix 2 keer laten lopen omdat ik niet zeker was of dat het juist was geweest. Daarom eerst 2 log file's van combofix met de laatste als de meest resente.
ComboFix 09-11-04.05 - Koen 05/11/2009 12:35.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.495.74 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Koen\Application Data\Opera\Opera\profile\cache4\temporary_download \ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000004_.tmp.dll
c:\windows\system32\cnqdfmt.dll
c:\windows\system32\drivers\cxxdxxis.sys
c:\windows\system32\drivers\mvqttwxg.sys
c:\windows\system32\whkonck.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MVQTTWXG
-------\Service_mvqttwxg
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-05 to 2009-11-05 ))))))))))))))))))))))))))))))
.
2009-11-05 10:56 . 2009-11-05 10:56 -------- d-----w- c:\documents and settings\Koen\Application Data\AVG9
2009-11-05 10:42 . 2009-11-05 10:42 3564534 ----a-r- c:\documents and settings\Koen\Application Data\Opera\Opera\profile\cache4\temporary_download \ComboFix.exe
2009-11-04 19:51 . 2009-11-04 19:52 4045544 ----a-w- c:\documents and settings\Koen\Application Data\Opera\Opera\profile\cache4\temporary_download \mbam-setup.exe
2009-11-03 09:46 . 2009-11-05 10:36 -------- d--h--r- c:\documents and settings\Koen\Onlangs geopend
2009-11-02 17:06 . 2009-11-02 17:06 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2009-11-02 16:36 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-02 16:34 . 2009-11-02 16:34 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-11-02 16:34 . 2009-11-02 16:34 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-11-02 16:34 . 2009-11-02 16:34 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-11-02 16:34 . 2009-11-02 16:34 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-11-02 16:34 . 2009-11-02 16:34 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-02 16:34 . 2009-11-02 16:34 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-11-02 16:34 . 2009-11-02 16:34 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-11-02 16:34 . 2009-11-02 16:34 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-11-02 16:34 . 2009-11-02 16:34 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-11-02 16:34 . 2009-11-02 16:34 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-11-02 16:06 . 2009-11-02 16:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-02 16:06 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-02 11:57 . 2009-11-02 11:57 -------- d-----w- C:\$AVG
2009-11-02 11:57 . 2009-11-02 11:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-02 11:57 . 2009-11-02 11:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 11:57 . 2009-11-02 11:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-02 11:57 . 2009-11-05 10:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-02 11:56 . 2009-11-02 11:56 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-02 11:56 . 2009-11-02 11:56 -------- d-----w- c:\program files\AVG
2009-11-02 11:56 . 2009-11-05 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-02 10:43 . 2009-11-02 10:43 -------- d-----w- c:\program files\MSConfig CleanUp
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-04 19:57 . 2008-12-08 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 11:09 . 2007-06-23 15:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-02 11:09 . 2007-06-23 15:41 -------- d-----w- c:\program files\Symantec
2009-11-02 11:09 . 2007-06-23 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-02 11:08 . 2007-06-23 15:40 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-31 17:39 . 2004-04-20 10:05 445512 ----a-w- c:\windows\system32\perfh013.dat
2009-10-31 17:39 . 2004-04-20 10:05 70858 ----a-w- c:\windows\system32\perfc013.dat
2009-10-03 11:32 . 2009-10-03 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-03 10:04 . 2009-10-03 10:04 -------- d-----w- c:\program files\MSXML 4.0
2009-10-03 09:41 . 2009-10-03 09:41 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-17 18:53 . 2007-06-23 16:13 70632 ----a-w- c:\documents and settings\Koen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 19:15 . 2009-09-16 18:01 -------- d-----w- c:\program files\Windows Live
2009-09-16 18:11 . 2009-09-16 18:02 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-09-16 18:01 . 2009-09-16 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-09-16 17:12 . 2007-06-23 15:52 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 16:34 . 2009-09-16 16:34 -------- d-----w- c:\program files\Microsoft
2009-09-16 16:28 . 2009-09-16 16:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-16 15:04 . 2004-04-20 10:18 77155 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-09-10 13:54 . 2008-12-08 20:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2008-12-08 20:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2004-03-29 253952]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe" [2003-08-03 86073]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-02 2010904]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-04-01 266240]
"TFncKy"="TFncKy.exe" [BU]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2003-12-02 73728]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-02 11:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"WebClient"=2 (0x2)
"usnjsvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"Schedule"=2 (0x2)
"SCardDrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"Messenger"=2 (0x2)
"helpsvc"=2 (0x2)
"CCALib8"=2 (0x2)
"BITS"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"aawservice"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/11/2009 17:36 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/11/2009 12:56 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/11/2009 12:57 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/11/2009 12:56 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1179232]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mvqttwxg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bpjwpzni
.
Inhoud van de 'Gedeelde Taken' map
2009-11-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\program files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
DPF: {89869334-AA13-489A-9A07-2BA062714A29} - hxxp://img.lnm.eu/be.lnm.eu/client/en/MessengerInstaller.cab
DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} - hxxp://img.lnm.eu/be.lnm.eu/client/LNMClientInstaller.cab
FF - ProfilePath - c:\documents and settings\Koen\Application Data\Mozilla\Firefox\Profiles\xlgx64m3.default\
FF - prefs.js: browser.startup.homepage - hxxps://cas.kuleuven.be/cas/login?service=https%3A%2F%2Fidp.kuleuven.be%2Fshib boleth-idp%2FSSO%3Bjsessionid%3D5461CB888E4C4FFD4104C4808 FB4CA5E%3Fshire%3Dhttps%253A%252F%252Fcygnus.cc.ku leuven.be%252FShibboleth.sso%252FSAML%252FArtifact %26time%3D1225970665%26target%3Dcookie%26providerI d%3Dhttps%253A%252F%252Fcygnus.cc.kuleuven.be
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
.
- - - - ORPHANS VERWIJDERD - - - -
Notify-NavLogon - (no file)
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 13:33
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ�•€|ù•Ñw�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\windows\System32\LgNotify.dll
- - - - - - - > 'explorer.exe'(4020)
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\S24EvMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\ZCfgSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\flexnet\i486_nt\obj\lmgrd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\flexnet\i486_nt\obj\lmgrd.exe
c:\windows\System32\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\1XConfig.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-11-05 14:19 - machine werd herstart
ComboFix-quarantined-files.txt 2009-11-05 13:19
ComboFix2.txt 2009-02-23 23:32
ComboFix3.txt 2008-12-18 12:34
ComboFix4.txt 2008-12-16 12:27
ComboFix5.txt 2009-11-05 11:29
Pre-Run: 9.373.696.000 bytes beschikbaar
Post-Run: 9.329.315.840 bytes beschikbaar
ComboFix 09-11-04.05 - Koen 05/11/2009 14:23.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.495.104 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Koen\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-10-05 to 2009-11-05 ))))))))))))))))))))))))))))))
.
2009-11-05 10:56 . 2009-11-05 10:56 -------- d-----w- c:\documents and settings\Koen\Application Data\AVG9
2009-11-05 10:42 . 2009-11-05 10:42 3564534 ----a-r- c:\documents and settings\Koen\Application Data\Opera\Opera\profile\cache4\temporary_download \ComboFix.exe
2009-11-04 19:51 . 2009-11-04 19:52 4045544 ----a-w- c:\documents and settings\Koen\Application Data\Opera\Opera\profile\cache4\temporary_download \mbam-setup.exe
2009-11-03 09:46 . 2009-11-05 13:20 -------- d--h--r- c:\documents and settings\Koen\Onlangs geopend
2009-11-02 17:06 . 2009-11-02 17:06 -------- d-----w- c:\documents and settings\LocalService\Bureaublad
2009-11-02 16:36 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-02 16:34 . 2009-11-02 16:34 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-11-02 16:34 . 2009-11-02 16:34 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-11-02 16:34 . 2009-11-02 16:34 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-11-02 16:34 . 2009-11-02 16:34 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-11-02 16:34 . 2009-11-02 16:34 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-02 16:34 . 2009-11-02 16:34 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-11-02 16:34 . 2009-11-02 16:34 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-11-02 16:34 . 2009-11-02 16:34 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-11-02 16:34 . 2009-11-02 16:34 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-11-02 16:34 . 2009-11-02 16:34 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-11-02 16:06 . 2009-11-02 16:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-02 16:06 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-02 11:57 . 2009-11-02 11:57 -------- d-----w- C:\$AVG
2009-11-02 11:57 . 2009-11-02 11:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-02 11:57 . 2009-11-02 11:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 11:57 . 2009-11-02 11:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-02 11:57 . 2009-11-05 10:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-02 11:56 . 2009-11-02 11:56 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-02 11:56 . 2009-11-02 11:56 -------- d-----w- c:\program files\AVG
2009-11-02 11:56 . 2009-11-05 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-02 10:43 . 2009-11-02 10:43 -------- d-----w- c:\program files\MSConfig CleanUp
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-04 19:57 . 2008-12-08 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 11:09 . 2007-06-23 15:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-02 11:09 . 2007-06-23 15:41 -------- d-----w- c:\program files\Symantec
2009-11-02 11:09 . 2007-06-23 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-02 11:08 . 2007-06-23 15:40 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-31 17:39 . 2004-04-20 10:05 445512 ----a-w- c:\windows\system32\perfh013.dat
2009-10-31 17:39 . 2004-04-20 10:05 70858 ----a-w- c:\windows\system32\perfc013.dat
2009-10-03 11:32 . 2009-10-03 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-03 10:04 . 2009-10-03 10:04 -------- d-----w- c:\program files\MSXML 4.0
2009-10-03 09:41 . 2009-10-03 09:41 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-17 18:53 . 2007-06-23 16:13 70632 ----a-w- c:\documents and settings\Koen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 19:15 . 2009-09-16 18:01 -------- d-----w- c:\program files\Windows Live
2009-09-16 18:11 . 2009-09-16 18:02 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-09-16 18:01 . 2009-09-16 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-09-16 17:12 . 2007-06-23 15:52 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 16:34 . 2009-09-16 16:34 -------- d-----w- c:\program files\Microsoft
2009-09-16 16:28 . 2009-09-16 16:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-16 15:04 . 2004-04-20 10:18 77155 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-09-10 13:54 . 2008-12-08 20:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2008-12-08 20:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2004-03-29 253952]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe" [2003-08-03 86073]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-02 2010904]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-04-01 266240]
"TFncKy"="TFncKy.exe" [BU]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2003-12-02 73728]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 15:49 110592 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-02 11:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"WebClient"=2 (0x2)
"usnjsvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"Schedule"=2 (0x2)
"SCardDrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"Messenger"=2 (0x2)
"helpsvc"=2 (0x2)
"CCALib8"=2 (0x2)
"BITS"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"aawservice"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/11/2009 17:36 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/11/2009 12:56 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/11/2009 12:57 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/11/2009 12:56 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1179232]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - mvqttwxg
*Deregistered* - PROCEXP113
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bpjwpzni
.
Inhoud van de 'Gedeelde Taken' map
2009-11-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\program files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
DPF: {89869334-AA13-489A-9A07-2BA062714A29} - hxxp://img.lnm.eu/be.lnm.eu/client/en/MessengerInstaller.cab
DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} - hxxp://img.lnm.eu/be.lnm.eu/client/LNMClientInstaller.cab
FF - ProfilePath - c:\documents and settings\Koen\Application Data\Mozilla\Firefox\Profiles\xlgx64m3.default\
FF - prefs.js: browser.startup.homepage - hxxps://cas.kuleuven.be/cas/login?service=https%3A%2F%2Fidp.kuleuven.be%2Fshib boleth-idp%2FSSO%3Bjsessionid%3D5461CB888E4C4FFD4104C4808 FB4CA5E%3Fshire%3Dhttps%253A%252F%252Fcygnus.cc.ku leuven.be%252FShibboleth.sso%252FSAML%252FArtifact %26time%3D1225970665%26target%3Dcookie%26providerI d%3Dhttps%253A%252F%252Fcygnus.cc.kuleuven.be
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 14:52
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ�•€|ù•Ñw�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\windows\System32\LgNotify.dll
- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Voltooingstijd: 2009-11-05 15:08
ComboFix-quarantined-files.txt 2009-11-05 14:08
ComboFix2.txt 2009-11-05 13:19
ComboFix3.txt 2009-02-23 23:32
ComboFix4.txt 2008-12-18 12:34
ComboFix5.txt 2009-11-05 13:22
Pre-Run: 9.332.174.848 bytes beschikbaar
Post-Run: 9.319.174.144 bytes beschikbaar
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:23, on 5/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253050177560
O16 - DPF: {89869334-AA13-489A-9A07-2BA062714A29} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/en/MessengerInstaller.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/LNMClientInstaller.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5534/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
--
End of file - 6824 bytes
Al vast bedankt
Rosty 5 November 2009, 16:33 Nog problemen nu?
Keno 5 November 2009, 17:01 Precies niet meer! meestal had ik het savonds maar ik denk dat het inorde is :)
Ik heb nog eens Malwarebytes laten lopen en hij heeft niets meer gevonden :)
Mag ik dieje Combofix erop laten staan ook als mijn anti-virus actief is?
En mag ik bij Hjackthis de O16 van lnm laten verwijderen?
O16 - DPF: {89869334-AA13-489A-9A07-2BA062714A29} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/e...rInstaller.cab
O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://img.lnm.eu/be.lnm.eu/client/L...tInstaller.cab
Dat was namelijk een balk specifiek voor lnm maar heb dat al lang verwijderend
In ieder geval bedankt!!
Rosty 5 November 2009, 19:07 Die 2 016 regels mag je laten fixen hoor!
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
Keno 7 November 2009, 00:21 euh Rosty
Wat bedoel je me reset van systeemherstel?
ik heb nu een ander probleem, meer iets vervelend.
Ipv dat mijn scherm zwart wordt, heb geen screensaver gaat hij in slaapstand.
Zou dat van Combofix komen? ik heb nog niets verwijderd en tijdens het scannen van combofix had ik het ook.
Groetjes
Rosty 7 November 2009, 10:40 Voer even gewoon de instructies uit aub?
Keno 9 November 2009, 15:09 Ik heb het uitgevoerd maar heb het nog.
Als je het niet kan oplossen dan is dat zo hoor
Malware vind niets terug en mijn hijachthis logje is hetvolgende:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:51, on 9/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253050177560
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5534/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
--
End of file - 7002 bytes
Moest je er onregelmatigheden in vinden mag je het mij altijd zeggen
anders bedankt voor de moeite
Rosty 9 November 2009, 17:12 Niets verdachts te zien hoor!!
Keno 9 November 2009, 21:20 oke geen probleem, dan mag je dit hier sluiten.
Nog eens bedankt om mij te helpen!
|
|