Volledige versie bekijken : trojaans paard generic22.cpem en cryptic.cyk
sp-riderke 20 June 2011, 18:40 Hallo
Ik ben via via op jullie forum beland en hoop hier een antwoord te vinden
Mijn pc die op XP home draaid heeft het zitten in tien jaar nog nooit zo'n lastig paarden gehad namelijk éné met de naam GENERIC 22.CPEM en als tweede CRYPTIC.CYK
Na een onvoorzichtigheid van mijnentwege,heb namelijk een hele tijd mijn pc online gelaten onbewaakt tijdens het downloaden, en toen ik er terug bij kwam was het kwaad geschied
Op mijn bureaublad zijn alle snelkoppelingen weg alsook het herstelbestand-punt is foetsie ik heb wel via een andere acount van mijn pc gezien dat er veel mappen verborgen waren en enkele heb ik terug kunnen openen door de vinkjes terug te plaatsen als voorgeen maar lang alle dingen marcheren niet naar behoren
Nu wil ik uit veiligheidsoverwegingen mijn pc formateren en alles er opnieuw opzetten en is mijn vraag is dit veilig genoeg om het virrus weg te werken( het staat in quarantaine bij avg maar kan het niet verwijderen) of is er iets eenvoudiger want nen echten ben ik niet met de knopkens hoor en durf maar hoogstnoodzakelijk op het net te gaan voor mijn e-mails te zien
Ik heb ondertussen de nodige stappen ondernomen en hoop dit alles juist te hebben uitgevoerd, alsook heb ik eens bekeken wat ik al wel weer terugvind maar er is niks bijgekomen,bij mijn account is het bureablad nog steeds leeg en kan het niet aanpassen. Indien alles hersted zou worden is het dan nog veilig om on-line banking te doen of is een herinstalatie veiliger?
Alvast bedankt op voorhand
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:29:47, on 20/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\nancy lecluyse\Bureaublad\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dutch.ircfast.com/nl/index.php?rvs=google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://dutch.ircfast.com/nl/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ircfast.com/nl/index.php?rvs=google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MP3 Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telenet.be
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://steffozz.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132902092734
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://steffozz.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 9693 bytes
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Databaseversie (http://www.malwarebytes.orgDatabaseversie): 6902
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20/06/2011 18:01:32
mbam-log-2011-06-20 (18-01-32).txt
Scantype: Snelle scan
Objecten gescand: 198695
Verstreken tijd: 16 minuut/minuten, 29 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
sp-riderke 20 June 2011, 18:47 aja heb ondertussen eens gezien in de quarantaine van AVG en de paardjes zitten er nog in ???
Bedankt
EvelineGirl 21 June 2011, 13:30 Hoi,
Zolang ze in quarantine zitten dan kan het geen kwaad meer, dan zijn ze onschadelijk. Of blijf je meldingen krijgen?
1.
Start MalwareBytes' Anti-Malware (MBAM)
Klik op het tabblad "Update" en vervolgens op "Controleer op updates"
Klik op het tabblad "scanner"
Kies de optie "snelle scan" en klik op "scannen"
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Post dit logje met je volgende antwoord
2.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download (http://download.bleepingcomputer.com/sUBs/dds.scr).
DDS - Bleeping Computer download (http://download.bleepingcomputer.com/sUBs/dds.com).
DDS - Infospyware (http://www.infospyware.net/sUBs/dds).
http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
3.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) naar het bureaublad.
Dubbelklik op "aswMBR.exe" om de tool te starten.
Vista en Windows 7 gebruikers: Reschtsklik -> uitvoeren als Administrator.
Klik op de knop "scan"
http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif
Als de scan gereed is klikt u op de knop "save log"
http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif
Plaats dit log bestand in het volgende bericht.
Succes,
Eveline.
sp-riderke 21 June 2011, 20:51 aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-21 20:38:17
-----------------------------
20:38:17.468 OS Version: Windows 5.1.2600 Service Pack 3
20:38:17.468 Number of processors: 1 586 0x207
20:38:17.468 ComputerName: FIREBLADE UserName:
20:38:17.937 Initialize success
20:41:37.812 AVAST engine defs: 11062100
20:41:51.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:41:51.734 Disk 0 Vendor: ST3120023A 3.30 Size: 114473MB BusType: 3
20:41:51.765 Disk 0 MBR read error 0
20:41:51.765 Disk 0 MBR scan
20:41:51.765 Disk 0 unknown MBR code
20:41:51.765 MBR BIOS signature not found 0
20:41:51.781 Disk 0 scanning sectors +234436545
20:41:51.781 Disk 0 scanning C:\WINDOWS\system32\drivers
20:42:08.968 Service scanning
20:42:12.609 Disk 0 trace - called modules:
20:42:12.625 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprp.sys >>UNKNOWN [0x83391938]<<
20:42:12.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8332bab8]
20:42:12.625 3 CLASSPNP.SYS[f88d5fd7] -> nt!IofCallDriver -> \Device\00000061[0x8330cf18]
20:42:13.156 5 ACPI.sys[f8720620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83350940]
20:42:15.656 AVAST engine scan C:\WINDOWS
20:42:55.875 AVAST engine scan C:\Documents and Settings\nancy lecluyse
20:42:56.000 AVAST engine scan C:\Documents and Settings\All Users
20:42:56.000 Scan finished successfully
20:43:23.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nancy lecluyse\Bureaublad\MBR.dat"
20:43:23.343 The log file has been saved successfully to "C:\Documents and Settings\nancy lecluyse\Bureaublad\aswMBR.txt"
aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-21 20:38:17
-----------------------------
20:38:17.468 OS Version: Windows 5.1.2600 Service Pack 3
20:38:17.468 Number of processors: 1 586 0x207
20:38:17.468 ComputerName: FIREBLADE UserName:
20:38:17.937 Initialize success
20:41:37.812 AVAST engine defs: 11062100
20:41:51.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:41:51.734 Disk 0 Vendor: ST3120023A 3.30 Size: 114473MB BusType: 3
20:41:51.765 Disk 0 MBR read error 0
20:41:51.765 Disk 0 MBR scan
20:41:51.765 Disk 0 unknown MBR code
20:41:51.765 MBR BIOS signature not found 0
20:41:51.781 Disk 0 scanning sectors +234436545
20:41:51.781 Disk 0 scanning C:\WINDOWS\system32\drivers
20:42:08.968 Service scanning
20:42:12.609 Disk 0 trace - called modules:
20:42:12.625 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprp.sys >>UNKNOWN [0x83391938]<<
20:42:12.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8332bab8]
20:42:12.625 3 CLASSPNP.SYS[f88d5fd7] -> nt!IofCallDriver -> \Device\00000061[0x8330cf18]
20:42:13.156 5 ACPI.sys[f8720620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83350940]
20:42:15.656 AVAST engine scan C:\WINDOWS
20:42:55.875 AVAST engine scan C:\Documents and Settings\nancy lecluyse
20:42:56.000 AVAST engine scan C:\Documents and Settings\All Users
20:42:56.000 Scan finished successfully
20:43:23.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nancy lecluyse\Bureaublad\MBR.dat"
20:43:23.343 The log file has been saved successfully to "C:\Documents and Settings\nancy lecluyse\Bureaublad\aswMBR.txt"
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by nancy lecluyse at 20:35:17 on 2011-06-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.119 [GMT 2:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearch Page = hxxp://dutch.ircfast.com/nl/index.php?rvs=google
uWindow Title = Microsoft Internet Explorer aangeboden door Telenet Internet
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Page = hxxp://dutch.ircfast.com/nl/index.php?rvs=google
mStart Page = hxxp://dutch.ircfast.com/nl/index.php?rvs=google
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\s wg.dll
BHO: MP3 Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MP3 Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Dit] Dit.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Agent] c:\program files\medion\powercinema\my_tv\Agent.exe
mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb0 5.exe
mRun: [Motive SmartBridge] c:\progra~1\telene~1\smartb~1\MotiveSB.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://steffozz.spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132902092734
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://steffozz.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C6211E3C-6084-4F54-8A2D-C6D2096FADB5} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2011-5-2 28552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-23 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-23 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-23 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-8 308136]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sy s [2008-11-28 35840]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2002-9-5 24288]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664]
.
=============== Created Last 30 ================
.
2011-06-20 16:26:02 388096 ----a-r- c:\documents and settings\nancy lecluyse\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-20 16:26:01 -------- d-----w- c:\program files\Trend Micro
2011-06-20 15:39:44 -------- d-----w- c:\documents and settings\nancy lecluyse\application data\Malwarebytes
2011-06-20 15:38:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 15:38:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-20 15:38:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 15:38:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-15 18:36:40 -------- d--h--r- c:\documents and settings\nancy lecluyse\Onlangs geopend
2011-06-15 18:15:21 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-06-15 18:15:01 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{26edf9d6-0fcd-44b4-9767-4a747049e798}\mpengine.dll
2011-06-15 18:14:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-15 17:20:22 -------- d-----w- c:\documents and settings\nancy lecluyse\local settings\application data\AskToolbar
2011-06-15 16:44:22 -------- d-----w- c:\program files\Ask.com
2011-06-13 17:16:56 -------- d-----w- c:\documents and settings\all users\application data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-13 15:19:39 -------- d-----w- c:\windows\pss
2011-06-13 13:55:11 -------- d-----w- c:\documents and settings\nancy lecluyse\application data\AVG9
2011-06-13 12:43:38 -------- d-----w- c:\program files\Cryptic Trojan Removal Tool [1]
2011-06-13 12:29:42 -------- d-----w- c:\documents and settings\nancy lecluyse\local settings\application data\PackageAware
2011-06-13 12:16:30 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2011-06-13 12:16:30 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2011-06-13 12:16:30 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2011-06-13 12:16:30 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
.
==================== Find3M ====================
.
2011-05-20 09:32:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 12:51:06 16704 ----a-w- c:\windows\system32\roboot.exe
2011-05-05 16:29:38 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 20:35:52,21 ===============
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by nancy lecluyse at 20:35:17 on 2011-06-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.119 [GMT 2:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearch Page = hxxp://dutch.ircfast.com/nl/index.php?rvs=google
uWindow Title = Microsoft Internet Explorer aangeboden door Telenet Internet
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Page = hxxp://dutch.ircfast.com/nl/index.php?rvs=google
mStart Page = hxxp://dutch.ircfast.com/nl/index.php?rvs=google
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\s wg.dll
BHO: MP3 Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MP3 Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Dit] Dit.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Agent] c:\program files\medion\powercinema\my_tv\Agent.exe
mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb0 5.exe
mRun: [Motive SmartBridge] c:\progra~1\telene~1\smartb~1\MotiveSB.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://steffozz.spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132902092734
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://steffozz.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C6211E3C-6084-4F54-8A2D-C6D2096FADB5} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2011-5-2 28552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-23 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-23 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-23 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-8 308136]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sy s [2008-11-28 35840]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2002-9-5 24288]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-18 135664]
.
=============== Created Last 30 ================
.
2011-06-20 16:26:02 388096 ----a-r- c:\documents and settings\nancy lecluyse\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-20 16:26:01 -------- d-----w- c:\program files\Trend Micro
2011-06-20 15:39:44 -------- d-----w- c:\documents and settings\nancy lecluyse\application data\Malwarebytes
2011-06-20 15:38:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 15:38:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-20 15:38:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 15:38:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-15 18:36:40 -------- d--h--r- c:\documents and settings\nancy lecluyse\Onlangs geopend
2011-06-15 18:15:21 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-06-15 18:15:01 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{26edf9d6-0fcd-44b4-9767-4a747049e798}\mpengine.dll
2011-06-15 18:14:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-15 17:20:22 -------- d-----w- c:\documents and settings\nancy lecluyse\local settings\application data\AskToolbar
2011-06-15 16:44:22 -------- d-----w- c:\program files\Ask.com
2011-06-13 17:16:56 -------- d-----w- c:\documents and settings\all users\application data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-13 15:19:39 -------- d-----w- c:\windows\pss
2011-06-13 13:55:11 -------- d-----w- c:\documents and settings\nancy lecluyse\application data\AVG9
2011-06-13 12:43:38 -------- d-----w- c:\program files\Cryptic Trojan Removal Tool [1]
2011-06-13 12:29:42 -------- d-----w- c:\documents and settings\nancy lecluyse\local settings\application data\PackageAware
2011-06-13 12:16:30 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2011-06-13 12:16:30 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2011-06-13 12:16:30 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2011-06-13 12:16:30 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
.
==================== Find3M ====================
.
2011-05-20 09:32:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 12:51:06 16704 ----a-w- c:\windows\system32\roboot.exe
2011-05-05 16:29:38 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 20:35:52,21 ===============
sp-riderke 21 June 2011, 20:53 kon geen woordje van dank plaatsen maar weet niet waardoor of hoe en ik zie dat ik blijkbaar tweemaal heb gekopieerd
EvelineGirl 22 June 2011, 14:20 1.
Verwijder Ask.com, Ask Toolbar en MP3 Toolbar. Dit zijn dubieuze toolbars en dus niet aan te raden.
2.
Verwijder nu ook AVG tijdelijk. Combofix kan niet werken als AVG is geintalleerd. Verwijder hem eerst via het configuratiescherm.
Daarna download je de removal tool naar je bureaublad: http://www.avg.com/nl-nl/36
Neem de 32-bits versie dus de eerste die je tegen komt.
Dubbelklik erop om hem uit te voeren.
3.
Laat de computer opnieuw opstarten.
Verwijder nu de onderstaande vetgedrukte mappen indien aanwezig.
Windows XP
C:\Program Files\AVG
C:\Documents and settings\All users\Application data\AVG
Leeg je prullenbak.
4.
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
1. Bij Windows XP gebruikers zal er indien nodig gevraagd worden om de "Recovery Console" te installeren, sta dit dan toe (hiervoor is een actieve internet verbinding vereist)
2. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)
3. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
4. Dubbelklik op "Combofix.exe" om de tool te starten.
5. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
6. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
5.
Installeer een andere AV. Je mag eventueel terug naar AVG als ik je computer schoon heb verklaard.
Avast (http://www.avast.com/eng/download-avast-home.html)
Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/)
Succes,
Eveline.
sp-riderke 22 June 2011, 20:43 ComboFix 11-06-22.01 - nancy lecluyse 22/06/2011 20:26:53.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.511.261 [GMT 2:00]
Gestart vanuit: c:\documents and settings\nancy lecluyse\Bureaublad\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\evy vanthournout\WINDOWS
c:\documents and settings\luc vercruysse\WINDOWS
c:\documents and settings\nancy lecluyse\WINDOWS
c:\documents and settings\stephanie vanthourno\WINDOWS
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\IsUn0413.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\STEC3.sys
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPYWARECLEANERSERVICE
-------\Legacy_STEC3
-------\Service_STEC3
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-22 to 2011-06-22 ))))))))))))))))))))))))))))))
.
.
2011-06-20 16:26 . 2011-06-20 16:26 388096 ----a-r- c:\documents and settings\nancy lecluyse\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-20 16:26 . 2011-06-20 16:26 -------- d-----w- c:\program files\Trend Micro
2011-06-20 15:39 . 2011-06-20 15:39 -------- d-----w- c:\documents and settings\nancy lecluyse\Application Data\Malwarebytes
2011-06-20 15:38 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 15:38 . 2011-06-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-20 15:38 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 15:38 . 2011-06-20 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-19 15:26 . 2011-06-19 15:26 -------- d-----w- c:\documents and settings\luc vercruysse\Local Settings\Application Data\PCHealth
2011-06-15 18:36 . 2011-06-21 18:46 -------- d--h--r- c:\documents and settings\nancy lecluyse\Onlangs geopend
2011-06-15 18:15 . 2007-03-09 09:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-15 18:15 . 2011-05-24 17:12 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{26EDF9D6-0FCD-44B4-9767-4A747049E798}\mpengine.dll
2011-06-15 18:14 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-15 18:12 . 2011-06-15 18:12 -------- d-----w- c:\program files\Windows Defender
2011-06-13 17:16 . 2011-06-15 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-13 12:43 . 2011-06-15 16:32 -------- d-----w- c:\program files\Cryptic Trojan Removal Tool [1]
2011-06-13 12:29 . 2011-06-13 12:29 -------- d-----w- c:\documents and settings\nancy lecluyse\Local Settings\Application Data\PackageAware
2011-06-13 12:16 . 2001-09-07 12:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2011-06-13 12:16 . 2001-09-07 12:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2011-06-13 12:16 . 2001-09-07 12:00 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2011-06-13 12:16 . 2001-09-07 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2011-06-12 08:09 . 2011-06-15 16:17 -------- d--h--r- c:\documents and settings\luc vercruysse\Onlangs geopend
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-20 09:32 . 2011-05-20 09:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 12:51 . 2011-05-22 09:14 16704 ----a-w- c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 46592]
"Dit"="Dit.exe" [2002-08-28 73728]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"Agent"="c:\program files\Medion\PowerCinema\My_TV\Agent.exe" [2002-09-26 69632]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-29 28739]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb0 5.exe" [2002-06-06 188416]
"Motive SmartBridge"="c:\progra~1\TELENE~1\SMARTB~1\MotiveSB.exe" [2004-04-07 385024]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-08-12 2060288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"nwiz"="nwiz.exe" [2002-07-30 372736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"c:\\Program Files\\Escient\\FireBall PC\\fireball.exe"=
"c:\\Program Files\\devolo\\informer\\devinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2/05/2011 9:05 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/03/2010 9:41 691696]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sy s [28/11/2008 14:34 35840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [5/09/2002 5:53 24288]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/03/2010 19:05 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/03/2010 19:05 135664]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-25 10:31]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 17:05]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 17:05]
.
2011-06-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://dutch.ircfast.com/nl/index.php?rvs=google
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-22 20:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1664)
c:\progra~1\TELENE~1\SMARTB~1\SBHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\snmp.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\Dit.exe
c:\windows\system32\rundll32.exe
c:\windows\DitExp.exe
.
************************************************** ************************
.
Voltooingstijd: 2011-06-22 20:43:25 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-22 18:43
.
Pre-Run: 4.527.509.504 bytes beschikbaar
Post-Run: 4.477.861.888 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - F1DEFD1EE82023D6A8289F19F31F00D6
alvast nogmaals bedankt, is het ook mogelijk om te zien vanwaar de besmetting kwam?Mvg Luc
sp-riderke 22 June 2011, 21:31 Hallo,
Ik heb,denk ik, alles gedaan wat u gevraagd hebt en dit ter zake (mss hebt u er wat aan) maar mijn bureaublad is nog niet te herstellen alsook een systeemherstel naar vorige maand blijkt ook niet te gaan en in de lijst programma's staat ook maar een beperkt aantal ik weet niet of u er mee iets kan aanvangen??Ik heb er in ieder geval AVAST opgeplaatst en die heeft geen virussen in de kluis dus die zouden dan wegzijn??
mVG lUC
EvelineGirl 23 June 2011, 11:49 Ja die zijn verwijderd met AVG.
1.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.
Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.
http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Herstart de pc als TDSSKiller die optie geeft. (Reboot now)
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
2.
Download Unhide.exe (http://download.bleepingcomputer.com/grinler/unhide.exe) naar het bureaublad, als u een melding krijgt dat het bestand mogelijk onveilig is kunt u dit negeren.
Dubbelklik op "Unhide.exe" om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen "Unhide.exe" als administrator uit te voeren "Rechtermuisknop uitvoeren als administrator",
Wacht rustig af totdat de tool gereed is en doe in de tussentijd verder niets op de computer.
Als de tool gereed is krijgt u het onderstaande scherm te zien, met de melding "Your files should now be visible"
http://www.imgdumper.nl/uploads4/4d9d78e7013bd/4d9d78e700801-unhide..jpg
Vermeld in uw volgende bericht of u deze melding heeft gekregen.
Herstart de computer.
3.
Laat het volgende bestand scannen bij Virustotal: http://www.virustotal.com/
c:\windows\system32\roboot.exe
Laat hem heranalyseren als het bestand eerder is gescant. Post hier het resultaat. Plak de URL maar.
Succes,
Eveline.:)
sp-riderke 23 June 2011, 21:38 2011/06/23 21:33:17.0687 1796 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/23 21:33:20.0125 1796 ================================================== ==============================
2011/06/23 21:33:20.0125 1796 SystemInfo:
2011/06/23 21:33:20.0140 1796
2011/06/23 21:33:20.0140 1796 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/23 21:33:20.0140 1796 Product type: Workstation
2011/06/23 21:33:20.0140 1796 ComputerName: FIREBLADE
2011/06/23 21:33:20.0140 1796 UserName: nancy lecluyse
2011/06/23 21:33:20.0140 1796 Windows directory: C:\WINDOWS
2011/06/23 21:33:20.0140 1796 System windows directory: C:\WINDOWS
2011/06/23 21:33:20.0140 1796 Processor architecture: Intel x86
2011/06/23 21:33:20.0140 1796 Number of processors: 1
2011/06/23 21:33:20.0140 1796 Page size: 0x1000
2011/06/23 21:33:20.0140 1796 Boot type: Normal boot
2011/06/23 21:33:20.0140 1796 ================================================== ==============================
2011/06/23 21:33:37.0187 1796 Initialize success
2011/06/23 21:33:53.0531 3872 ================================================== ==============================
2011/06/23 21:33:53.0531 3872 Scan started
2011/06/23 21:33:53.0531 3872 Mode: Manual;
2011/06/23 21:33:53.0531 3872 ================================================== ==============================
2011/06/23 21:33:56.0328 3872 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/23 21:33:57.0906 3872 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/23 21:33:58.0718 3872 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/23 21:34:00.0187 3872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/23 21:34:00.0937 3872 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/23 21:34:03.0156 3872 ALCXWDM (72963c1dc6f9e2e25165bae8d2444000) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/23 21:34:05.0359 3872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/23 21:34:08.0046 3872 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/06/23 21:34:08.0250 3872 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/23 21:34:08.0812 3872 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/23 21:34:09.0437 3872 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/23 21:34:10.0468 3872 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/23 21:34:11.0187 3872 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/23 21:34:11.0781 3872 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/23 21:34:12.0578 3872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/23 21:34:13.0343 3872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/23 21:34:14.0515 3872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/23 21:34:15.0078 3872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/23 21:34:15.0671 3872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/23 21:34:16.0734 3872 btaudio (5d0ba6d229996a5f640f571ad478e532) C:\WINDOWS\system32\drivers\btaudio.sys
2011/06/23 21:34:17.0828 3872 BTDriver (0cd9a9aadabe621b3872e54283cd4bee) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/06/23 21:34:18.0296 3872 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/06/23 21:34:18.0500 3872 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/06/23 21:34:18.0703 3872 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/06/23 21:34:18.0859 3872 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/06/23 21:34:19.0093 3872 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/06/23 21:34:19.0359 3872 BTSERIAL (ca33ae514a49105f2b6b9bd48c49d4de) C:\WINDOWS\system32\drivers\btserial.sys
2011/06/23 21:34:19.0578 3872 BTSLBCSP (2718bb436b801b32b3bce8b1ee23968d) C:\WINDOWS\system32\drivers\btslbcsp.sys
2011/06/23 21:34:20.0375 3872 BTWDNDIS (59a6c89408366364ad3d8ab66c771bd5) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/06/23 21:34:20.0906 3872 btwmodem (cb66cd60bd2e82507d9ec84d683d39ce) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/06/23 21:34:21.0328 3872 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/06/23 21:34:21.0484 3872 Cap7134 (729bf1fe5a9e72b19476d0d2d0c46530) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
2011/06/23 21:34:21.0718 3872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/23 21:34:22.0078 3872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/23 21:34:22.0625 3872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/23 21:34:23.0359 3872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/23 21:34:24.0125 3872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/23 21:34:27.0593 3872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/23 21:34:28.0750 3872 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/23 21:34:31.0312 3872 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/23 21:34:32.0734 3872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/23 21:34:33.0609 3872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/23 21:34:35.0062 3872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/23 21:34:36.0109 3872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/23 21:34:37.0234 3872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/23 21:34:38.0312 3872 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/23 21:34:39.0343 3872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/23 21:34:40.0265 3872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/23 21:34:42.0093 3872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/23 21:34:42.0828 3872 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/23 21:34:43.0187 3872 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/23 21:34:43.0906 3872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/23 21:34:45.0718 3872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/23 21:34:47.0531 3872 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/23 21:34:48.0484 3872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/23 21:34:50.0593 3872 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/23 21:34:51.0343 3872 Intels51 (bb801eb1898a22dfd412064e5c952ea5) C:\WINDOWS\system32\DRIVERS\ctxs51.sys
2011/06/23 21:34:52.0609 3872 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/23 21:34:53.0234 3872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/23 21:34:53.0750 3872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/23 21:34:54.0421 3872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/23 21:34:55.0281 3872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/23 21:34:56.0062 3872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/23 21:34:57.0171 3872 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/23 21:34:58.0156 3872 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/23 21:34:58.0718 3872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/23 21:34:59.0437 3872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/23 21:35:00.0687 3872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/23 21:35:01.0375 3872 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/23 21:35:02.0187 3872 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/23 21:35:02.0984 3872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/23 21:35:04.0359 3872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/23 21:35:05.0250 3872 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/23 21:35:06.0140 3872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/23 21:35:06.0703 3872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/23 21:35:07.0406 3872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/23 21:35:08.0000 3872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/23 21:35:08.0765 3872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/23 21:35:09.0437 3872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/23 21:35:10.0093 3872 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/06/23 21:35:10.0703 3872 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/23 21:35:11.0421 3872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/23 21:35:11.0984 3872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/23 21:35:12.0875 3872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/23 21:35:13.0468 3872 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/23 21:35:14.0156 3872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/23 21:35:14.0718 3872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/23 21:35:15.0343 3872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/23 21:35:15.0968 3872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/23 21:35:16.0812 3872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/23 21:35:17.0734 3872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/23 21:35:18.0937 3872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/23 21:35:19.0406 3872 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys
2011/06/23 21:35:19.0781 3872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/23 21:35:20.0093 3872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/23 21:35:20.0406 3872 nv (cf6896702f8c2af241dd27d0220ae80e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/23 21:35:20.0875 3872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/23 21:35:21.0484 3872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/23 21:35:22.0062 3872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/23 21:35:22.0875 3872 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/23 21:35:23.0781 3872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/23 21:35:24.0078 3872 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/23 21:35:24.0328 3872 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/06/23 21:35:24.0656 3872 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/23 21:35:25.0000 3872 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/23 21:35:25.0234 3872 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/23 21:35:29.0484 3872 pfc (c4aa89518e8a2934eaf503c9587ff157) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/23 21:35:30.0140 3872 PhTVTune (db44c88e83fe085ebb30bf466d67a46c) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
2011/06/23 21:35:30.0812 3872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/23 21:35:31.0296 3872 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/23 21:35:31.0640 3872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/23 21:35:33.0859 3872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/23 21:35:34.0218 3872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/23 21:35:34.0687 3872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/23 21:35:35.0031 3872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/23 21:35:35.0359 3872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/23 21:35:35.0906 3872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/23 21:35:36.0468 3872 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/23 21:35:36.0968 3872 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/23 21:35:37.0375 3872 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/06/23 21:35:37.0843 3872 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/06/23 21:35:38.0453 3872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/23 21:35:39.0062 3872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/23 21:35:39.0593 3872 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/23 21:35:40.0031 3872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/23 21:35:40.0671 3872 sisagp (497ce69d7222df2758bec383cfd3638f) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/23 21:35:41.0031 3872 SISNIC (b0a33495fa3c31a96941d37258912bda) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/06/23 21:35:41.0359 3872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/23 21:35:41.0828 3872 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/23 21:35:42.0375 3872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/23 21:35:42.0843 3872 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/23 21:35:42.0906 3872 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/23 21:35:42.0921 3872 sptd - detected LockedFile.Multi.Generic (1)
2011/06/23 21:35:43.0296 3872 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/23 21:35:43.0750 3872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/23 21:35:44.0421 3872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/23 21:35:44.0875 3872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/23 21:35:45.0437 3872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/23 21:35:46.0953 3872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/23 21:35:47.0531 3872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/23 21:35:48.0343 3872 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/06/23 21:35:49.0062 3872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/23 21:35:49.0671 3872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/23 21:35:50.0203 3872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/23 21:35:50.0937 3872 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/06/23 21:35:51.0343 3872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/23 21:35:52.0015 3872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/23 21:35:52.0484 3872 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/06/23 21:35:53.0000 3872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/23 21:35:53.0578 3872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/23 21:35:53.0921 3872 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/23 21:35:54.0390 3872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/23 21:35:54.0718 3872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/23 21:35:55.0062 3872 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/23 21:35:55.0234 3872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/23 21:35:55.0468 3872 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/23 21:35:55.0843 3872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/23 21:35:56.0046 3872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/23 21:35:56.0296 3872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/23 21:35:56.0437 3872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/23 21:35:56.0703 3872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/23 21:35:56.0843 3872 MBR (0x1B8) (205060f860aa1ec25b607a1b5b40a40c) \Device\Harddisk0\DR0
2011/06/23 21:35:58.0828 3872 ================================================== ==============================
2011/06/23 21:35:58.0828 3872 Scan finished
2011/06/23 21:35:58.0828 3872 ================================================== ==============================
2011/06/23 21:35:58.0859 3256 Detected object count: 1
2011/06/23 21:35:58.0859 3256 Actual detected object count: 1
2011/06/23 21:36:29.0062 3256 LockedFile.Multi.Generic(sptd) - User select action: Skip
sp-riderke 23 June 2011, 22:04 VT Community Sign in ▼ My account ▼ Sign out Signing out... http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif
Languages ▼
VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com (http://www.minatica.be/support/contact.html?id=35668977899a80dee3d81aef4563285b6e 4bcba692a490063d58fea844a2b13c)
Sign in to VT Community
Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email
password
Keep me logged in
Sign in
Signing in, please wait... http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif
Login failed, please try again
Forgot your password? (http://www.minatica.be/vt-community/forgot-password.html?id=35668977899a80dee3d81aef4563285b6 e4bcba692a490063d58fea844a2b13c)
Create an account (http://www.minatica.be/vt-community/register.html?id=35668977899a80dee3d81aef4563285b6 e4bcba692a490063d58fea844a2b13c)
Edit my profile (http://www.minatica.be/vt-community/edit-profile.html)
View my profile (http://www.minatica.be/vt-community/user-profile.html)
Inbox (http://www.minatica.be/vt-community/inbox.html)
http://virustotal.hispasecsistemas.netdna-cdn.com/img/VirusTotal-logo.png (http://www.minatica.be/index.html)
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... (http://www.minatica.be/about.html)
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
roboot.exe
Submission date:
2011-06-23 19:51:00 (UTC)
Current status:
queued queued analysing finished
http://virustotal.hispasecsistemas.netdna-cdn.com/img/loader.gif
Result:
0/ 42 (0.0%)
VT Community
http://virustotal.hispasecsistemas.netdna-cdn.com/img/qmark.jpg
not reviewed
Safety score: -
Compact (http://www.minatica.be/)
Print results (http://javascript<strong></strong>:window.print())
AhnLab-V3
2011.06.24.00
2011.06.23
-
AntiVir
7.11.10.82
2011.06.23
-
Antiy-AVL
2.0.3.7
2011.06.22
-
Avast
4.8.1351.0
2011.06.23
-
Avast5
5.0.677.0
2011.06.23
-
AVG
10.0.0.1190
2011.06.23
-
BitDefender
7.2
2011.06.23
-
CAT-QuickHeal
11.00
2011.06.23
-
ClamAV
0.97.0.0
2011.06.23
-
Commtouch
5.3.2.6
2011.06.23
-
Comodo
9169
2011.06.23
-
DrWeb
5.0.2.03300
2011.06.23
-
eSafe
7.0.17.0
2011.06.23
-
eTrust-Vet
36.1.8403
2011.06.23
-
F-Prot
4.6.2.117
2011.06.23
-
F-Secure
9.0.16440.0
2011.06.23
-
Fortinet
4.2.257.0
2011.06.23
-
GData
22
2011.06.23
-
Ikarus
T3.1.1.104.0
2011.06.23
-
Jiangmin
13.0.900
2011.06.23
-
K7AntiVirus
9.106.4837
2011.06.23
-
Kaspersky
9.0.0.837
2011.06.23
-
McAfee
5.400.0.1158
2011.06.23
-
McAfee-GW-Edition
2010.1D
2011.06.23
-
Microsoft
1.7000
2011.06.23
-
NOD32
6234
2011.06.23
-
Norman
6.07.10
2011.06.23
-
nProtect
2011-06-23.01
2011.06.23
-
Panda
10.0.3.5
2011.06.23
-
PCTools
8.0.0.5
2011.06.23
-
Prevx
3.0
2011.06.23
-
Rising
23.63.03.03
2011.06.23
-
Sophos
4.66.0
2011.06.23
-
SUPERAntiSpyware
4.40.0.1006
2011.06.23
-
Symantec
20111.1.0.186
2011.06.23
-
TheHacker
6.7.0.1.239
2011.06.23
-
TrendMicro
9.200.0.1012
2011.06.23
-
TrendMicro-HouseCall
9.200.0.1012
2011.06.23
-
VBA32
3.12.16.2
2011.06.23
-
VIPRE
9671
2011.06.23
-
ViRobot
2011.6.23.4529
2011.06.23
-
VirusBuster
14.0.92.1
2011.06.23
-
MD5 : bf9b9cbb371a72043722a6bdf533cc11
SHA1 : 8c5ef2c2a2dc0bd0233c0a12d2f37e7b7c46486a
SHA256: 89521e3068573e6056aab6a01935c1b9e311a91ea926444d20 6fc4b67351da5f
ssdeep: 192:fuzN8ACZd07P/u9+eNPL+T7XTPMG4QW/O5YSnEXt85S1jcHZs9yowJL/6GjVB+eU:8DahLE
7XbM/zHjcu9YJLrVXbCOO1Gs0y
File size : 16704 bytes
First seen: 2011-05-20 18:43:00
Last seen : 2011-06-23 19:51:00
TrID:
Windows Screen Saver (51.1%)
Win32 Executable Generic (33.2%)
Generic Win/DOS Executable (7.8%)
DOS Executable Generic (7.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: ReviverSoft
copyright....: Copyright (c) 2010 ReviverSoft
product......: ReviverSoft Registry Reviver
description..: ReviverSoft Registry Reviver
original name: n/a
internal name: n/a
file version.: 1.0.0.0
comments.....: Visit http://www.ReviverSoft.com/ for further informations
signers......: ReviverSoft
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 11:22 17/05/2011
verified.....: -
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x2535
timedatestamp....: 0x4C528EA7 (Fri Jul 30 08:34:47 2010)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1F1E, 0x2000, 6.22, a2e6d40bb388b15d9815ec4c1e84911f
.data, 0x3000, 0x34C, 0x200, 0.20, 563629f165a1b00ba1c92b2b4adf94bb
.rsrc, 0x4000, 0x388, 0x400, 2.96, f3d1700433ed24f9246696dffd6e4325
.reloc, 0x5000, 0x1B6, 0x200, 5.02, 144e9e3866487868b4823ae62777d5ee
[[ 1 import(s) ]]
ntdll.dll: NtDisplayString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, vsprintf, NtOpenKey, RtlInitUnicodeString, NtLoadKey, NtUnloadKey, RtlAllocateHeap, RtlFreeHeap, RtlAdjustPrivilege, NtInitializeRegistry, RtlCreateHeap, memset, NtClose, NtReadFile, NtCreateFile, NtSaveKey, NtReplaceKey, ZwDeleteFile, LdrGetProcedureAddress, LdrGetDllHandle, NtFlushKey, NtDelayExecution, NtSetValueKey, memmove, NtQueryValueKey, _chkstk, NtFlushBuffersFile, NtWriteFile, NtShutdownSystem, NtTerminateProcess, RtlUnhandledExceptionFilter, RtlUnwind
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 8192
Comments: Visit http://www.ReviverSoft.com/ for further informations
CompanyName: ReviverSoft
EntryPoint: 0x2535
FileDescription: ReviverSoft Registry Reviver
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 16 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1.0.0.0
FileVersionNumber: 3.0.0.5326
ImageVersion: 6.0
InitializedDataSize: 2560
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2010 ReviverSoft
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.0
ObjectFileType: Dynamic link library
PEType: PE32
ProductName: ReviverSoft Registry Reviver
ProductVersion: 1.0.0.0
ProductVersionNumber: 3.0.0.5326
Subsystem: Native
SubsystemVersion: 6.0
TimeStamp: 2010:07:30 10:34:47+02:00
UninitializedDataSize: 0
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:
text -- bold
text -- italics
text -- underline
text -- strikethrough
text -- preformatted text
You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.
Goodware
Malware
Spam attachment/link
P2P download
Propagating via IM
Network worm
Drive-by-download
Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.
Preview commentEdit comment
Post comment
Posting comment... http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif
Comment successfully posted
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas (http://www.hispasec.com/) - Blog (http://blog.hispasec.com/virustotal/) - Twitter (http://www.twitter.com/virustotalnews) - Contact: info@virustotal.com (http://www.minatica.be/support/contact.html?id=35668977899a80dee3d81aef4563285b6e 4bcba692a490063d58fea844a2b13c)- TOS & Privacy Policy (http://www.minatica.be/terms.html)
sp-riderke 23 June 2011, 22:16 Hallo
Bij mijn account heeft het bureaublad zich niet hersteld wel heb ik terug alle programma's in "Alle programma's"
bij mijn vrouw daarentegen lijkt alles weer als voorheen ,maar een herstelpunt naar vorige maand gaat niet (mss is dit zo??)
In ieder geval al hartelijk dank
Mvg Luc
sp-riderke 26 June 2011, 10:11 niet om ongeduldig over te komen hoor maar moet er nu nog iets gebeuren om dit euvel volledig gedaan te krijgen?
Dank bij voorbaat
Mvg Luc
EvelineGirl 26 June 2011, 20:40 Sorry ik was het weekend afwezig, (ben ik altijd van Vrijdag t/m zondag avond).
Kan je het probleem even verduidelijken, eventueel met sreenprints?
sp-riderke 27 June 2011, 19:06 niks sorry wije ben al kontent dat er nog zo'n mensen bestaan als jullie
Jammer genoeg weet ik niet wat ne screenprint is of hoe te doen
de snelkoppelingen zijn zichtbaar op mijn bureaublad alleen kan ik de achtergrond niet meer aanpassen ik kan enkel maar de kleur van het bureaublad aanpassen
Wat ik zie als ik een herstelpunt wil doen krijg ik enkel de laatste maand juni te zien als ik naar de vorige maand wil gaan blijf ik juni zien??
In ieder geval bedankt
Mvg Luc
EvelineGirl 28 June 2011, 13:49 Dus je kan je bureaublad achtergrond niet instellen als ik het goed begrijp?
Schakel je antivirus uit:
Download deze tool naar een nieuwe map op je bureaublad: http://www.winxptutor.com/download/accrestore.zip
Pak hem uit, dubbelklik erop om het uit te voeren.
Zorg ervoor dat alles zo staat als in de onderstaande afbeelding.
http://i844.photobucket.com/albums/ab4/SweetSweetTech/restore-start-menu-accessories-folder.png
Klik dan op de Restore knop.
Daarna:
Download http://www.winxptutor.com/download/admintools.zip eveneens naar een nieuwe map of bureaublad.
Pak het bestand uit, dubbelklik erop om hem uit te voeren.
Klik op de Restore Administrative Tools items knop.
Wellicht is er een herstart nodig.
Kijk nu of je de achtergrond weer kan wijzigen.
sp-riderke 28 June 2011, 18:53 Hallo,
Op het eerste krijg ik dit te zien "76 PATH NOT FOUND"
En op het tweede dit Run-time error'-2147024893(80070003)':
Method'~of object'~'failed
Ik heb beide tool's gedownload met mijn antivirus uit
Nu is het mijn beurt om sorry te zeggen want kvoel me al een redelijke zaag aan het worden, toch van harte merci wije en indien dit te moeilijk word neem ik het u zeker niet kwalijk indien u zou zeggen dat ik beter formateer hoor
mvg Luc
EvelineGirl 28 June 2011, 19:00 Kennelijk is er blijvende schade. Een format lijkt me ook de snelste oplossing. Je kan nu in ieder geval weer gewoon backups maken van je bestanden voordat je hem leeg maakt en opnieuw installeerd. Soms is het ook beter om met een 'schone lei' te beginnen.:)
sp-riderke 28 June 2011, 19:08 In ieder geval bedankt voor de vele moeite die u hebt gedaan indien ik wat zou kunnen doen voor u moogt u altijd aan tbelleke trekken hoor al zou ik wel niet weten hoe ik u met iets van dienst kan zijn maar zoals u wel weet " de wereld is klein en ge weet nooit hoe een koe een haas pakt é";)
Bedankt voor alles en mss hebt u ergens een handleiding om een xp goed en correct te formateren:bow::damn:
Mvg Luc
EvelineGirl 28 June 2011, 19:23 Graag gedaan.
Ik weet niet of we op Minatica zo'n handleiding hebben, Maar hier heb je zeker wat aan: http://www.hijackthis.nl/forum/viewtopic.php?f=66&t=27274 :)
sp-riderke 30 June 2011, 17:45 alé merci hé ben al es gaan piepen en zal er wel mijne plan mee kunnen trekken(hoop ik ) anders één adres hé;)
nogmaals bedankt voor alles en hopelijks tot eens een gewone babbel hé(y)(y)
Mvg luc
EvelineGirl 30 June 2011, 18:28 Hopelijk onder betere omstandigheden inderdaad. Lol
Ik zal er nu een 'slotje' op zetten. :)
|
|