Genhout
-
Items
28 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Genhout
-
Hallo "kape", 28 sept. heb ik bovenstaande log gestuurd. Ik ben (nog?) niet vertrouwd met de werkwijze in dit forum, maar mag ik nog met een reactie hierop rekenen? mvg, Lou
-
Bij dezen mijn Combofix-log. Het heeft nog al wat moeite (en tijd!) gekost, omdat de scan telkens bleef vasthangen bij het vinden van een lege map of bestand. Na verwijderen hiervan diende ik telkens opnieuw te beginnen, maar uiteindelijk is het dan wel gelukt. Ben erg benieuwd naar de uitslag van uw analyse. De Help en Systeemherstel functie lijkt weer te werken. Alvast bedankt hiervoor. mvg Lou =============== ComboFix 12-09-27.03 - Lou 29-09-2012 18:12:37.11.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.767.440 [GMT 2:00] Gestart vanuit: c:\documents and settings\Lou.DYNA.002\Mijn documenten\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . -- Voorgaande Run -- . c:\windows\explorer.exe . . . is geïnfecteerd!! . -- Voorgaande Run -- . c:\windows\explorer.exe . . . is geïnfecteerd!! . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))) . . 2012-09-29 10:35 . 2012-09-29 10:35 -------- d-----w- C:\FOUND.000 2012-09-28 07:36 . 2012-09-28 07:36 -------- d-----w- c:\program files\ACW . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-28 15:17 . 2004-02-06 16:09 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2003-09-27 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2003-09-27 20:16 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:43 . 2010-09-07 01:49 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-07-26 01:21 . 2010-09-07 01:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-07-06 13:58 . 2003-09-27 20:06 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2001-10-30 12:41 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:23 . 2001-10-30 12:31 1866240 ----a-w- c:\windows\system32\win32k.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 7EABB7E4BC1505BFC92A4580E59DCE41 . 1037312 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . 147E95A42A58CE99E403F7F57656BBEB . 1036800 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . 1D6245AFBD3FAABC16A885116BE1874D . 1036800 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe . [-] 2008-04-14 . 9C96B9490F2818E80D6ED38C2147D79A . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-04-14 . 9C96B9490F2818E80D6ED38C2147D79A . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2004-08-04 . 7DE46C9C40ABB58C8FDFE0212A3BF2B4 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\windows\Programma's\Opstarten\ Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-11-8 111104] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-11-8 51712] Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-11-8 111104] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoSecCPL"= 0 (0x0) "NoDevMgrPage"= 0 (0x0) "NoConfigPage"= 0 (0x0) "NoVirtMemPage"= 0 (0x0) "NoFileSysPage"= 0 (0x0) "NoNetSetup"= 0 (0x0) "NoNetSetupIDPage"= 0 (0x0) "NoNetSetupSecurityPage"= 0 (0x0) "NoWorkgroupContents"= 0 (0x0) "NoEntireNetwork"= 0 (0x0) "NoFileSharingControl"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoThumbnailCache"= 1 (0x1) "link"= 00000000 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2009-04-07 07:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series] 2008-11-06 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFDE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2005-06-15 15:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2012-01-23 03:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office\\OSA.EXE"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Spamihilator\\spamihilator.exe"= "c:\\Program Files\\Spamihilator\\cdcc.exe"= "c:\\Program Files\\Spamihilator\\dccproc.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7-9-2010 3:48 31952] R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [18-5-2009 9:48 149376] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-9-2010 3:48 237408] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7-9-2010 3:49 301920] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23-1-2012 5:43 92592] R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [17-11-2011 18:42 762112] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232] R3 AVMWAN;AVM NDIS WAN CAPI-stuurprogramma;c:\windows\system32\drivers\avmwan.sys [4-12-2001 13:34 37568] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [26-7-2010 16:15 21888] R3 EL910;3Com 3CSOHO100B-TX PCI;c:\windows\system32\drivers\EL910N51.sys [29-5-2002 23:54 38400] R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;c:\windows\system32\drivers\fpcibase.sys [4-12-2001 13:34 444416] S1 6616204d;6616204d; [x] S2 as260n;as260n; [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13-8-2012 3:24 5167736] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [4-12-2004 2:52 144896] S3 METROP;Canon scaner FB310;c:\windows\system32\DRIVERS\as260n.sys --> c:\windows\system32\DRIVERS\as260n.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-09-25 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/#Overzicht mStart Page = about:blank mWindow Title = Microsoft Internet Explorer IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe AddRemove-ROUTE 66 Streets versie 98 - c:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-09-29 18:26 Windows 5.1.2600 Service Pack 3 FAT NTAPI . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2012-09-29 18:30:09 ComboFix-quarantined-files.txt 2012-09-29 16:30 ComboFix2.txt 2009-06-11 18:43 ComboFix3.txt 2009-06-09 18:56 ComboFix4.txt 2009-06-09 16:46 . Pre-Run: 1.253.441.536 bytes beschikbaar Post-Run: 1.685.323.776 bytes beschikbaar . - - End Of File - - E73A67FD6FF08FCF8495C635317AD4C3
-
Gelieve bijgevoegde HJT-log te analyseren en een oplossingstraject voor te stellen. Ik heb volgende problemen: - Help en Systeemherstel werken niet meer - Aanpassen wisselbestand lukt niet meer - Installatie van Updates KB 2656353 en KB 2656370 lukken niet - PC is erg traag en sluit moeilijk af. Bij voorbaat dank. ========================= 11:04 28-9-2012Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:04:37, on 28-9-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Lou.DYNA.002\Mijn documenten\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = KPN Vandaag R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hetnet.nl O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1243813379115 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342370385058 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 5606 bytes
