Discussie gesloten
Resultaten: 1 t/m 8 van 8
Overzicht bedankjes1Bedankjes
  • 1 Geplaatst door Xeno

[OPGELOST] explorer.exe aangetast en taakbeheer uitegeschakeld.

Dit is een discussie over [OPGELOST] explorer.exe aangetast en taakbeheer uitegeschakeld. in het forum Archief Bestrijding malware & virussen , en maakt deel van de Bestrijding malware & virussen categorie; Gisteren had ik een of ander bestand gedownload en dat bleek een virus te zijn. Ik kon taakbeheer niet meer ...

  1. #1
    Lid
    Geregistreerd
    2 januari 2008
    Locatie
    Aalst
    Berichten
    155

    Standaard [OPGELOST] explorer.exe aangetast en taakbeheer uitegeschakeld.

    Gisteren had ik een of ander bestand gedownload en dat bleek een virus te zijn.
    Ik kon taakbeheer niet meer openen (wat ik inmiddels al heb kunnen oplossen met een register edit).
    En explorer.exe viel altijd uit en aan, de pc was onhandelbaar maar dat heb ik inmiddels ook kunnen verhelpen door een kopie te nemen van explorer.exe en dat te hernoemen naar explorerer.exe en ipv van explorer.exe te laten opstarten heb ik explorerer.exe laten opstarten (ook dmv een register edit)
    maar nu zit ik nog altijd met die spyware/malware/virus op mijn pc.
    Ik heb ook al combofix en hijackthis en vundofix laten lopen maar vundofix heeft niks gevonden.

    ComboFix 08-04-18.3 - Tibbout 2008-04-20 9:06:44.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.104 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Tibbout\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Tibbout\Bureaublad\WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\AyJQAcfe.ini
    C:\WINDOWS\system32\AyJQAcfe.ini2
    C:\WINDOWS\system32\efcAQJyA.dll
    C:\WINDOWS\system32\iifdaYOg.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWSAPAGENT
    -------\Service_NwSapAgent


    (((((((((((((((((((( Bestanden Gemaakt van 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))
    .

    2008-04-20 08:53 . 2008-04-20 08:53 <DIR> d-------- C:\VundoFix Backups
    2008-04-19 20:38 . 2008-04-19 20:38 <DIR> dr-h----- C:\Documents and Settings\Tibbout\Onlangs geopend
    2008-04-19 20:26 . 2007-06-13 15:24 1,036,800 --a------ C:\WINDOWS\explorerer.exe
    2008-04-19 20:24 . 2008-04-19 20:24 <DIR> dr-h----- C:\Documents and Settings\Cedric\Onlangs geopend
    2008-04-19 19:54 . 2008-04-19 20:47 <DIR> dr-h----- C:\$VAULT$.AVG
    2008-04-19 19:33 . 2008-04-19 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EarMaster
    2008-04-18 18:37 . 2008-04-18 18:37 <DIR> d-------- C:\Documents and Settings\Cedric\Incomplete
    2008-04-18 18:37 . 2008-04-18 18:42 <DIR> d-------- C:\Documents and Settings\Cedric\Application Data\FrostWire
    2008-04-18 18:36 . 2008-04-18 18:36 <DIR> d-------- C:\Documents and Settings\Cedric\Application Data\Ipswitch
    2008-04-13 14:37 . 2008-04-13 14:37 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Ipswitch
    2008-04-10 17:33 . 2008-04-10 17:33 <DIR> d-------- C:\Restoration
    2008-04-09 13:03 . 2008-04-09 13:07 <DIR> d-------- C:\Program Files\Uniblue
    2008-04-09 13:03 . 2008-04-09 13:07 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\Uniblue
    2008-04-06 12:35 . 2008-04-06 12:52 <DIR> d-------- C:\Program Files\Poke
    2008-04-01 19:08 . 2008-04-01 19:10 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\CoreFTP
    2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- C:\Program Files\CoreFTP
    2008-04-01 17:27 . 2008-04-01 17:27 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\Ipswitch
    2008-04-01 17:26 . 2008-04-01 17:26 <DIR> d-------- C:\Program Files\Ipswitch
    2008-04-01 17:26 . 2008-04-01 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
    2008-04-01 17:26 . 2005-02-28 12:37 606,293 --a------ C:\WINDOWS\system32\wbocx.ocx
    2008-04-01 17:26 . 2005-02-28 12:37 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
    2008-04-01 17:25 . 2008-04-01 17:25 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\InstallShield
    2008-04-01 11:11 . 2008-04-01 11:11 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\Malwarebytes
    2008-04-01 11:11 . 2008-04-01 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-01 11:06 . 2008-04-01 11:06 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\uk.co.planetside
    2008-04-01 10:26 . 2008-04-01 10:26 <DIR> d-------- C:\Program Files\Terragen
    2008-04-01 10:15 . 2008-04-01 10:30 <DIR> d-------- C:\Documents and Settings\Tibbout\Application Data\Dexpot
    2008-04-01 10:00 . 2002-04-19 00:50 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE
    2008-03-29 12:39 . 2008-03-29 12:39 <DIR> d-------- C:\Program Files\Rockstar Games
    2008-03-22 23:21 . 2008-03-22 23:22 <DIR> d-------- C:\Program Files\InterActual
    2008-03-22 22:08 . 2008-03-22 21:42 165,939 --a------ C:\screenshot2.jpg
    2008-03-22 22:06 . 2008-03-22 21:23 187,902 --a------ C:\screenshot.jpg
    2008-03-22 21:11 . 2008-04-09 14:22 <DIR> d-------- C:\Program Files\BPK
    2008-03-22 10:07 . 2008-03-22 10:07 <DIR> d-------- C:\Documents and Settings\Cedric\Application Data\AdobeUM

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-20 06:39 --------- d-----w C:\Program Files\LogMeIn
    2008-04-19 18:32 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\AVG7
    2008-04-14 17:04 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\FrostWire
    2008-04-11 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-09 16:16 --------- d-----w C:\Program Files\FrostWire
    2008-04-09 11:46 --------- d-----w C:\Program Files\AvRack
    2008-04-04 12:58 --------- d-----w C:\Program Files\Opera
    2008-04-01 12:27 --------- d-----w C:\Program Files\Java
    2008-03-15 13:29 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-03-15 13:17 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-15 13:15 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\DAEMON Tools
    2008-03-15 12:21 --------- d-----w C:\Program Files\2 Pic
    2008-03-15 12:17 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\VSRevoGroup
    2008-03-14 20:45 --------- d-----w C:\Program Files\directx
    2008-03-11 17:53 --------- d-----w C:\Program Files\Auslogics
    2008-03-11 17:28 --------- d-----w C:\Program Files\IObit
    2008-03-11 17:15 --------- d-----w C:\Program Files\VS Revo Group
    2008-03-11 16:44 --------- d-----w C:\Program Files\YouTube Downloader
    2008-03-11 16:40 --------- d-----w C:\Program Files\Telemeter 3.0
    2008-03-11 16:40 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-03-11 16:40 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\NCH Swift Sound
    2008-03-11 16:39 --------- d-----w C:\Program Files\NCH Software
    2008-03-11 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-03-11 16:38 --------- d-----w C:\Program Files\Octoshape Streaming Services
    2008-03-07 20:53 --------- d-----w C:\Program Files\MessengerDiscovery 2
    2008-03-03 17:39 --------- d-----w C:\Program Files\CCleaner
    2008-03-03 09:05 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-02 17:23 --------- d-----w C:\Documents and Settings\Gast\Application Data\AVG7
    2008-03-02 16:47 --------- d-----w C:\Documents and Settings\Cedric\Application Data\AVG7
    2008-03-02 07:54 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\Auslogics
    2008-02-26 19:09 --------- d-----w C:\Program Files\Windows Live
    2008-02-26 19:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-26 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-26 17:16 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-25 20:13 --------- d-----w C:\Documents and Settings\Tibbout\Application Data\Easy Computing
    2008-02-25 18:59 --------- d-----w C:\Program Files\Easy Computing
    2008-02-22 18:02 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-02-21 18:25 --------- d-----w C:\Program Files\Common Files\Adobe
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 16:58 579584]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-05 11:17 219136]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"= 0 (0x0)
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microtek Scanner Finder.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microtek Scanner Finder.lnk
    backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk
    backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    --a------ 2004-10-07 20:50 88363 C:\WINDOWS\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed]
    --a------ 2008-01-19 16:39 1927168 C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-02-14 01:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableMouse]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnableMouse]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HideWin]
    C:\DOCUME~1\Tibbout\LOCALS~1\Temp\Tijdelijke map 3 voor hidewin.zip\hidewin.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-04 06:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    --a------ 2005-03-28 13:30 315392 C:\Program Files\Launch Manager\QtZgAcer.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    --a------ 2007-04-17 15:03 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --a------ 2005-03-09 19:59 49152 C:\Program Files\Arcade\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-04 06:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-04 06:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-04 20:40 98304 C:\WINDOWS\system32\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-02-23 12:13 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telemeter 3.0]
    C:\Program Files\Telemeter 3.0\telemeter3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AVGEMS"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 15:00]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 16:57]
    R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:00]
    R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 02:43]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 15:46]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 22:18]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-04-04 17:20:40 C:\WINDOWS\Tasks\Easy Onderhoud.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    "2008-04-09 11:03:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2008-04-09 11:03:50 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-20 09:14:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 364

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\LogMeIn\x86\ramaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\UPHClean\uphclean.exe
    C:\PROGRA~1\Grisoft\AVG7\avginet.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-04-20 9:25:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-20 07:25:08

    Pre-Run: 14,572,998,656 bytes beschikbaar
    Post-Run: 14,498,574,336 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=AllwaysOff
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    216 --- E O F --- 2008-04-12 16:51:31




    Logfile of HijackThis v1.99.1
    Scan saved at 9:34:00, on 20/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Opera\Opera.exe
    C:\Documents and Settings\Tibbout\Mijn documenten\software\anti-virus\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Windows Live Help
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

  2. #2
    Lid Xeno's schermafbeelding
    Geregistreerd
    8 maart 2008
    Berichten
    140

    Standaard

    Hoi Tibzie,

    1. Open kladblok en kopieer en plak volgende vetgedrukte erin:
    (vergeet REGEDIT4 niet te kopieren en plakken!)

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=-

    Sla dit op als fix.reg kies voor opslaan als *alle bestanden en plaats het op je bureaublad.
    Dubbelklik erop.
    Bij de vraag of je het wilt toevoegen aan het register, klik je op ja/ok.

    2. Download Malwarebytes' Anti-Malware via hier of hier.


    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware' en Start Malwarebytes' Anti-Malware' Klik daarna op Voltooien.
    • Kies in het hoofdscherm voor de tab Scanner en selecteer het keuzerondje Snelle Scan.
    • Druk op de knop Scan en zorg dat al je harde schijven/partities aangevinkt staan.
    • Druk dan op de knop Start Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna Bekijk Resultaten om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is daarna klik: Verwijder Selectie.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de 'Logs tab' te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
    Extra Nota:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.



    3. Download Deckard's System Scanner naar je Bureaublad.
    • Sluit alle toepassingen en vensters.
    • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
    • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
    • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.
    Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet.
    Zorg dat sigcheck.exe toestemming krijgt om dit te doen !
    Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
    Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

    Post de nodige logs.
    Succes,
    Xeno :)

  3. #3
    Lid
    Geregistreerd
    2 januari 2008
    Locatie
    Aalst
    Berichten
    155

    Standaard

    Malwarebytes heeft geen infecties gevonden dus is het ook onnodig om de log te posten (ik heb de log nagekeken en er was niks geinfecteerd en niks gevonden)

    DSS post:

    Deckard's System Scanner v20071014.68
    Run by Tibbout on 2008-04-20 17:46:38
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    28: 2008-04-20 15:47:33 UTC - RP28 - Deckard's System Scanner Restore Point
    27: 2008-04-20 07:03:20 UTC - RP27 - ComboFix created restore point
    26: 2008-04-19 18:58:20 UTC - RP26 - Herstelbewerking
    25: 2008-04-19 14:12:07 UTC - RP25 - Controlepunt van systeem
    24: 2008-04-17 15:22:15 UTC - RP24 - Controlepunt van systeem


    -- First Restore Point --
    1: 2008-03-25 17:24:38 UTC - RP1 - Controlepunt van systeem


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 383 MiB (512 MiB recommended).


    -- HijackThis (run as Tibbout.exe) ---------------------------------------------

    Unable to find log (file not found); running clone.
    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-20 17:48:39
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\LogMeIn\x86\ramaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Documents and Settings\Tibbout\Application Data\Opera\Opera\profile\cache4\temporary_download\dss.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Windows Live Help
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKCU\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe


    --
    End of file - 5159 bytes

    -- HijackThis Fixed Entries (C:\DOCUME~1\Tibbout\MIJNDO~1\software\ANTI-V~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

    backup-20080123-165535-830 O4 - HKLM\..\Run: [DShutdown] "C:\DOCUME~1\Tibbout\LOCALS~1\Temp\Tijdelijke map 1 voor dshutdown.zip\DShutdown\DShutdown.exe" /SAVEONEXIT /IP:LocalHost /Shutdown /IP:ACER-10129A827F /Shutdown /IPELL /Shutdown
    backup-20080123-165535-976 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20080401-111038-651 O3 - Toolbar: (no name) - {FD621E34-BFCE-41D3-BF58-43FF97746AD7} - (no file)
    backup-20080401-111038-862 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Internet Doorzoeken :: DAEMON-Search.com
    backup-20080419-202159-114 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    backup-20080419-202159-156 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    backup-20080419-202159-203 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    backup-20080419-202159-243 O4 - HKLM\..\Run: [LaunchApp] Alaunch
    backup-20080419-202159-249 O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    backup-20080419-202159-292 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    backup-20080419-202159-316 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    backup-20080419-202159-335 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    backup-20080419-202159-381 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://msnia.login.live.com/ppsecur...th.srf?lc=2067
    backup-20080419-202159-398 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    backup-20080419-202159-418 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
    backup-20080419-202159-466 O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    backup-20080419-202159-478 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    backup-20080419-202159-580 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    backup-20080419-202159-673 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    backup-20080419-202159-726 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    backup-20080419-202200-151 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    backup-20080419-202200-730 O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    backup-20080419-202201-255 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    backup-20080419-202201-603 O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    backup-20080419-202201-806 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    backup-20080419-202202-162 O11 - Options group: [INTERNATIONAL] International*
    backup-20080419-202202-502 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    backup-20080419-202202-608 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    backup-20080419-202202-810 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    backup-20080419-202203-283 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
    backup-20080419-202204-696 O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    backup-20080419-202204-762 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    backup-20080419-202205-338 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    backup-20080419-202205-428 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    backup-20080419-202205-841 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    backup-20080419-204841-162 O2 - BHO: (no name) - {02540E51-1317-4A95-879D-DFA674857201} - C:\WINDOWS\system32\efcAQJyA.dll
    backup-20080419-204842-209 O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\iifdaYOg.dll
    backup-20080419-204843-250 O20 - Winlogon Notify: iifdaYOg - C:\WINDOWS\SYSTEM32\iifdaYOg.dll
    backup-20080419-204847-167 O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
    R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

    S3 int15.sys - c:\program files\acer\erecovery\int15.sys
    S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
    R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-04-09 13:03:54 274 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
    2008-04-09 13:03:50 396 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
    2008-04-04 19:20:40 398 --a------ C:\WINDOWS\Tasks\Easy Onderhoud.job


    -- Files created between 2008-03-20 and 2008-04-20 -----------------------------

    2008-04-20 12:44:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-20 11:41:49 0 d-------- C:\Documents and Settings\Gast\Application Data\Jasc Software Inc
    2008-04-20 09:05:50 0 d-------- C:\cmdcons
    2008-04-20 09:02:01 68096 --a------ C:\WINDOWS\zip.exe
    2008-04-20 09:02:01 49152 --a------ C:\WINDOWS\VFind.exe
    2008-04-20 09:02:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-04-20 09:02:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-04-20 09:02:01 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-04-20 09:02:01 98816 --a------ C:\WINDOWS\sed.exe
    2008-04-20 09:02:01 80412 --a------ C:\WINDOWS\grep.exe
    2008-04-20 09:02:01 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-04-20 08:53:09 0 d-------- C:\VundoFix Backups
    2008-04-19 20:38:21 0 dr-h----- C:\Documents and Settings\Tibbout\Onlangs geopend
    2008-04-19 20:24:03 0 dr-h----- C:\Documents and Settings\Cedric\Onlangs geopend
    2008-04-19 19:54:54 0 dr-h----- C:\$VAULT$.AVG
    2008-04-19 19:33:06 0 d-------- C:\Documents and Settings\All Users\Application Data\EarMaster
    2008-04-18 18:37:54 0 d-------- C:\Documents and Settings\Cedric\Incomplete
    2008-04-18 18:37:21 0 d-------- C:\Documents and Settings\Cedric\Application Data\FrostWire
    2008-04-18 18:36:37 0 d-------- C:\Documents and Settings\Cedric\Application Data\Ipswitch
    2008-04-13 14:37:15 0 d-------- C:\Documents and Settings\Gast\Application Data\Ipswitch
    2008-04-10 17:33:28 0 d-------- C:\Restoration
    2008-04-09 13:03:48 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Uniblue
    2008-04-09 13:03:16 0 d-------- C:\Program Files\Uniblue
    2008-04-06 12:35:30 0 d-------- C:\Program Files\Poke
    2008-04-01 19:08:56 0 d-------- C:\Documents and Settings\Tibbout\Application Data\CoreFTP
    2008-04-01 19:07:42 0 d-------- C:\Program Files\CoreFTP
    2008-04-01 17:27:25 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Ipswitch
    2008-04-01 17:26:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
    2008-04-01 17:26:44 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
    2008-04-01 17:26:34 0 d-------- C:\Program Files\Ipswitch
    2008-04-01 17:25:50 0 d-------- C:\Documents and Settings\Tibbout\Application Data\InstallShield
    2008-04-01 11:11:13 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Malwarebytes
    2008-04-01 11:11:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-01 11:06:56 0 d-------- C:\Documents and Settings\Tibbout\Application Data\uk.co.planetside
    2008-04-01 10:26:33 0 d-------- C:\Program Files\Terragen
    2008-04-01 10:15:26 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Dexpot
    2008-04-01 10:00:27 73728 --a------ C:\WINDOWS\system32\GkSui18.EXE
    2008-03-29 12:39:54 0 d-------- C:\Program Files\Rockstar Games
    2008-03-22 23:21:53 0 d-------- C:\Program Files\InterActual
    2008-03-22 22:39:03 5767168 --a------ C:\Documents and Settings\Tibbout\ntuser.dat
    2008-03-22 21:11:41 0 d-------- C:\Program Files\BPK
    2008-03-22 10:07:56 0 d-------- C:\Documents and Settings\Cedric\Application Data\AdobeUM


    -- Find3M Report ---------------------------------------------------------------

    2008-04-20 13:41:05 0 d-------- C:\Documents and Settings\Tibbout\Application Data\AVG7
    2008-04-20 08:39:06 0 d-------- C:\Program Files\LogMeIn
    2008-04-14 19:04:48 0 d-------- C:\Documents and Settings\Tibbout\Application Data\FrostWire
    2008-04-12 18:49:40 504482 --a------ C:\WINDOWS\system32\perfh013.dat
    2008-04-12 18:49:40 88852 --a------ C:\WINDOWS\system32\perfc013.dat
    2008-04-11 19:45:39 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-09 18:16:00 0 d-------- C:\Program Files\FrostWire
    2008-04-09 13:46:12 0 d-------- C:\Program Files\AvRack
    2008-04-04 14:58:02 0 d-------- C:\Program Files\Opera
    2008-04-01 14:27:38 0 d-------- C:\Program Files\Java
    2008-03-15 15:29:17 0 d-------- C:\Program Files\DAEMON Tools Lite
    2008-03-15 15:15:09 0 d-------- C:\Documents and Settings\Tibbout\Application Data\DAEMON Tools
    2008-03-15 14:21:21 0 d-------- C:\Program Files\2 Pic
    2008-03-15 14:17:20 0 d-------- C:\Documents and Settings\Tibbout\Application Data\VSRevoGroup
    2008-03-14 22:45:17 0 d-------- C:\Program Files\directx
    2008-03-12 16:25:11 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
    2008-03-11 19:53:39 0 d-------- C:\Program Files\Auslogics
    2008-03-11 19:28:30 0 d-------- C:\Program Files\IObit
    2008-03-11 19:15:19 0 d-------- C:\Program Files\VS Revo Group
    2008-03-11 18:44:08 0 d-------- C:\Program Files\YouTube Downloader
    2008-03-11 18:40:56 0 d-------- C:\Documents and Settings\Tibbout\Application Data\NCH Swift Sound
    2008-03-11 18:40:40 0 d-------- C:\Program Files\Telemeter 3.0
    2008-03-11 18:40:24 0 d-------- C:\Program Files\NCH Swift Sound
    2008-03-11 18:39:07 0 d-------- C:\Program Files\NCH Software
    2008-03-11 18:38:23 0 d-------- C:\Program Files\Octoshape Streaming Services
    2008-03-07 22:53:10 0 d-------- C:\Program Files\MessengerDiscovery 2
    2008-03-03 19:39:26 0 d-------- C:\Program Files\CCleaner
    2008-03-03 11:05:00 0 d-------- C:\Program Files\MSN Messenger
    2008-03-02 09:54:49 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Auslogics
    2008-02-26 21:09:58 0 d-------- C:\Program Files\Windows Live
    2008-02-26 21:08:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-26 19:16:02 0 d-------- C:\Program Files\Windows Live Safety Center
    2008-02-26 17:59:35 0 d-------- C:\Program Files\Common Files
    2008-02-25 22:14:36 335 --a------ C:\WINDOWS\nsreg.dat
    2008-02-25 22:14:36 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Mozilla
    2008-02-25 22:13:07 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Easy Computing
    2008-02-25 20:59:57 0 d-------- C:\Program Files\Easy Computing
    2008-02-22 20:02:58 0 d-------- C:\Program Files\AviSynth 2.5
    2008-02-21 20:25:38 0 d-------- C:\Program Files\Common Files\Adobe
    2008-02-20 19:56:51 0 d-------- C:\Documents and Settings\Tibbout\Application Data\Adobe
    2008-02-13 15:13:18 3309 --a------ C:\WINDOWS\system32\chordcomposer_en.dat
    2008-02-10 17:12:42 262144 --a------ C:\WINDOWS\system32\default_user_class.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [17/04/2008 16:58]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"=0 (0x0)
    "NoMovingBands"=0 (0x0)
    "NoCloseDragDropBands"=0 (0x0)
    "NoSetTaskbar"=0 (0x0)
    "NoToolbarsOnTaskbar"=0 (0x0)
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microtek Scanner Finder.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microtek Scanner Finder.lnk
    backup=C:\WINDOWS\pss\Microtek Scanner Finder.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk
    backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed]
    "C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" /Q

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableMouse]
    Rundll32.exe Mouse,Disable

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnableMouse]
    Rundll32.exe Mouse,Enable

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HideWin]
    C:\DOCUME~1\Tibbout\LOCALS~1\Temp\Tijdelijke map 3 voor hidewin.zip\hidewin.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    C:\Program Files\Launch Manager\QtZgAcer.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Arcade\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\WINDOWS\system32\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telemeter 3.0]
    "C:\Program Files\Telemeter 3.0\telemeter3.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AVGEMS"=2 (0x2)

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp




    -- End of Deckard's System Scanner: finished at 2008-04-20 17:50:01 ------------

  4. #4
    Lid Xeno's schermafbeelding
    Geregistreerd
    8 maart 2008
    Berichten
    140

    Standaard

    Hoi Tibzie,

    Ik zie geen actieve spy/malware op je systeem.

    1. Clean de Cache and Cookies in IE:

    ° Sluit Internet Explorer.
    ° Ga naar Configuratiescherm > Internet Opties > tab Algemeen
    ° Bij browsergeschiedenis klik je op Verwijderen, dit zal een nieuw venster openen.
    ° Druk op volgende om te verwijderen en klik daarna op ok:

    ° Bestanden verwijderen.
    ° Cookies verwijderen.
    ° Geschiedenis verwijderen.

    Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is):

    ° Ga naar Extra > Opties.
    ° Klik Privacy in het menu.
    ° Klik op de knop Nu wissen onderaan. Een nieuw venster zal openen.
    ° Vink alles aan bij 'de volgende gegevens nu wissen.'
    ° Klik op de Privégegevens nu opruimen knop.

    Clean andere Temporary files + Prullenbak:

    ° Ga naar start > uitvoeren en typ: cleanmgr en klik ok.
    ° Laat het je systeem scannen op bestanden die moeten verwijderd worden.
    ° Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    ° Klik daarna op ok.

    2. Start HijackThis en kies voor Do a system scan only en plaats alléén een vinkje voor de volgende regels:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.

    3. Je mag alle gebruikte tools en mappen verwijderen.
    Combofix verwijder je op volgende wijze:
    Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

    ComboFix /u

    Zorg ervoor dat er dus een spatie is tussen Combofix en /
    Daarna klik enter.
    Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

    4. Wel zie ik een paar Policies die geplaatst zijn, ben je van deze op de hoogte? Heb je die zelf laten plaatsen door een tool?
    Weet maar iets te vertellen.

    Dan wil ik je file associaties eens nazien.

    Download DAFT naar je Bureaublad

    Dubbelklik op het groene daft.exe icoon.
    Lees de disclaimer en klik op OK.
    Klik op de Scan knop.
    Vink (indien foutieve associaties worden aangetroffen) alle weergegeven items aan.
    Klik op de Fix knop.

    Herhaal de scan en klik op "Save log".
    Standaard wordt dit op je Bureaublad opgeslagen als daft.txt. Post deze log.

    En tenslotte wil ik ook eens je MBR controleren.

    Download Mbr.exe naar je Bureaublad.
    Dubbeklik er op om te runnen en post het logje met de naam mbr.log in je volgende antwoord.

    Succes,
    Xeno :)

  5. #5
    Lid
    Geregistreerd
    2 januari 2008
    Locatie
    Aalst
    Berichten
    155

    Standaard

    gebruik opera en heb nu ook alles opgeruimd.
    Wat bedoelt u met policies?
    DAFT heeft niks gevonden
    Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

  6. #6
    Lid Xeno's schermafbeelding
    Geregistreerd
    8 maart 2008
    Berichten
    140

    Standaard

    Hoi Tibzie,

    So far so good, wel ik zie deze:

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
    "DisableRegedit"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=1 (0x1)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoBandCustomize"=0 (0x0)
    "NoMovingBands"=0 (0x0)
    "NoCloseDragDropBands"=0 (0x0)
    "NoSetTaskbar"=0 (0x0)
    "NoToolbarsOnTaskbar"=0 (0x0)
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    Laat ons duidelijk zijn, je PC is clean, je file associaties zijn OK, en geen rootkit!

    Geef maar een sein, anders laten we die policies verwijderen.

    Groetjes,
    Xeno :)

  7. #7
    Lid Xeno's schermafbeelding
    Geregistreerd
    8 maart 2008
    Berichten
    140

    Standaard

    Hoi Tibzie,

    Kunnen we deze dan als opgelost beschouwen?

    Groetjes,
    Xeno :)
    tibzie gaf dit bericht een bedankje.

  8. #8
    Lid
    Geregistreerd
    2 januari 2008
    Locatie
    Aalst
    Berichten
    155

    Standaard

    Ja
    sorry ik had het voorlaatste bericht niet ontvangen.
    Ik heb ook geen verdere hinder meer ondervonden.

Discussie gesloten

Soortgelijke discussies

  1. wtf waar is taakbeheer naar toe
    door bart 16 in forum Archief Windows
    Reacties: 21
    Laatste bericht: 15 april 2008, 19:24
  2. taakbeheer
    door dewarre in forum Archief Windows
    Reacties: 8
    Laatste bericht: 8 april 2008, 09:05
  3. [OPGELOST] explorer
    door bonnai in forum Archief Windows
    Reacties: 19
    Laatste bericht: 30 december 2007, 14:43
  4. taakbeheer
    door radiotorentje in forum Archief Windows
    Reacties: 7
    Laatste bericht: 28 december 2007, 10:42
  5. [OPGELOST] taakbeheer is &quot;leeg&quot;.
    door Clownkiller in forum Archief Windows
    Reacties: 5
    Laatste bericht: 28 december 2007, 10:35

Labels voor deze discussie

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •