Ga naar inhoud

kimbeau

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    113

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door kimbeau

  1. kimbeau
    Krijg ook nog steeds deze melding... ?:S Kim Kolle Profiel - hyves.nl Weet niet hoe ik het anders kan laten zien dus,... Hoe kan ik het beste McAfee uitschakelen?
  2. kimbeau
    Ik heb alleen nog steeds geen internetverbinding... Of zou dat aan iets anders kunnen liggen?
  3. kimbeau
    Dit is het MBAM logje, tot nu toe is er niet gevraagd om de pc opnieuw op te starten... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4199 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 15-6-2010 11:30:29 mbam-log-2010-06-15 (11-30-29).txt Scantype: Snelle scan Objecten gescand: 124213 Verstreken tijd: 8 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 2 Registersleutels geïnfecteerd: 15 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 10 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\joxwg.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\noxwg.dll (Adware.EZlife) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\joxwg.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\noxwg.dll (Adware.EZlife) -> Delete on reboot. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\WINDOWS\system32\aoxwg.exe (Adware.Adshot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\rdpin.sys (Trojan.Rootkit) -> Delete on reboot. C:\Documents and Settings\Peperbus\Local Settings\Temp\109.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Peperbus\Local Settings\Temp\odyot.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Peperbus\Local Settings\Temp\bohvby.exe (Malware.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Peperbus\Local Settings\Temp\773.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. Zijn we er al?.... Echt super dat jullie helpen! ------ Hij start al opnieuw op... logje volgt... ---------- Post toegevoegd om 09:46 ---------- Vorige post was om 09:36 ---------- Dit is de juiste na het opstarten: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4199 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 15-6-2010 11:30:29 mbam-log-2010-06-15 (11-30-29).txt Scantype: Snelle scan Objecten gescand: 124213 Verstreken tijd: 8 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 2 Registersleutels geïnfecteerd: 15 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 10 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\joxwg.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\noxwg.dll (Adware.EZlife) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\joxwg.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\noxwg.dll (Adware.EZlife) -> Delete on reboot. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\WINDOWS\system32\aoxwg.exe (Adware.Adshot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\rdpin.sys (Trojan.Rootkit) -> Delete on reboot. C:\Documents and Settings\Peperbus\Local Settings\Temp\109.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Peperbus\Local Settings\Temp\odyot.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Peperbus\Local Settings\Temp\bohvby.exe (Malware.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Peperbus\Local Settings\Temp\773.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
  4. kimbeau
    Ik heb de HiJack maar op een stick gezet want op deze pc kon ik niks meer. Het internet doet het dus niet, het HiJack programma kon ik er nog net op zetten, maar hij opent dus niet, net als het kladblok niet opent.. De pc flipt hem de pan uit!! Als je eens een Printscr kon zien.... :( Wat nu? ---------- Post toegevoegd om 08:46 ---------- Vorige post was om 08:32 ---------- Op het nippertje gelukt..! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:40:35, on 15-6-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WhiteBoard Software\WBMouse.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\System32\regsvr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\documents and settings\peperbus\local settings\application data\jfjiwxqsp\cbxwvv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Symbaloo | Access your bookmarks anywhere R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3803 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: POLS Netwerk PO Toolbar - {32a2279a-ae6f-48f5-9f7a-856d7ed202a7} - C:\Program Files\POLS_Netwerk_PO\tbPOL1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: POLS Netwerk PO Toolbar - {32a2279a-ae6f-48f5-9f7a-856d7ed202a7} - C:\Program Files\POLS_Netwerk_PO\tbPOL1.dll O2 - BHO: voguecash browser enhancer - {4C7811B6-DEDE-4BFE-99AF-0F681DC61687} - C:\WINDOWS\system32\cimwypbbynmz.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Sky-Banners Browser Enhancer noxwg - {A8EB104B-18D1-47EC-9E4F-BE09449A8B24} - C:\WINDOWS\system32\noxwg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Street-Ads Browser Enhancer joxwg - {C70209DA-882A-43BC-86ED-F151957D5DA3} - C:\WINDOWS\system32\joxwg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: POLS Netwerk PO Toolbar - {32a2279a-ae6f-48f5-9f7a-856d7ed202a7} - C:\Program Files\POLS_Netwerk_PO\tbPOL1.dll O4 - HKLM\..\Run: [WBServer] C:\Program Files\WhiteBoard Software\WBMouse.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [gbvjtjbpj] c:\documents and settings\peperbus\local settings\application data\jfjiwxqsp\cbxwvv.exe O4 - HKLM\..\Run: [skb] rundll32 "noxwg.dll",,Run O4 - HKLM\..\Run: [glzrowgtibvf] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\cimwypbbynmz.dll" O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\aoxwg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe O4 - HKCU\..\Run: [gbvjtjbpj] c:\documents and settings\peperbus\local settings\application data\jfjiwxqsp\cbxwvv.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"Da Numba - Speel Online Gratis Spelletjes op Spelletjes.nl" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O24 - Desktop Component 0: (no name) - http://www.monsterjam.nl/data/arti/1796.jpg -- End of file - 10452 bytes
  5. kimbeau
    Hallo lezers, ik heb een virus te pakken volgens mij, het gaat om deze: Virusverwijderingsprogramma Guru Ik weet alleen niet of ik deze site kan vertrouwen... Kent iemand dit virus? What to do....? Groetjes
  6. kimbeau
    OKee!! Alles is gelukt, supersupersuper bedankt! Fijn dat jullie konden helpen. Groetjes Kim
  7. kimbeau
    ComboFix 10-05-05.0B - Muriël Wijnia 06-05-2010 16:54:14.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.502.168 [GMT 2:00] Gestart vanuit: c:\documents and settings\Muriël Wijnia\Bureaublad\ComboFixx.exe gebruikte Opdracht switches :: c:\documents and settings\Muriël Wijnia\Bureaublad\CFScript.txt..txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP" "c:\windows\system32\ousloegesajbt.exe" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\PHPNukeDU c:\program files\PHPNukeDU\INSTALL.LOG c:\program files\PHPNukeDU\tbPHP1.dll c:\program files\PHPNukeDU\tbPHPN.dll c:\program files\PHPNukeDU\UNWISE.EXE c:\windows\system32\ousloegesajbt.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))) . 2010-05-06 13:49 . 2010-05-06 14:47 -------- d-----w- C:\ComboFix 2010-05-06 11:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-06 11:19 . 2010-05-06 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-06 11:19 . 2010-05-06 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-06 11:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-06 10:16 . 2010-05-06 10:16 -------- d-----w- c:\program files\Trend Micro 2010-05-05 22:01 . 2010-05-05 22:01 -------- d-----w- c:\program files\Enigma Software Group 2010-05-05 21:59 . 2010-05-06 00:47 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP 2010-05-05 21:59 . 2010-05-05 21:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-22 11:24 . 2010-04-22 11:24 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-22 11:20 . 2010-04-22 11:20 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-10 21:38 . 2005-02-26 05:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll 2010-04-09 14:23 . 2010-04-09 14:24 -------- d-----w- c:\program files\Zylom Games 2010-04-08 07:23 . 2010-04-08 07:23 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-06 12:13 . 2009-09-04 17:25 -------- d-----w- c:\program files\Lexmark 1200 Series 2010-05-06 10:39 . 2010-03-11 19:17 -------- d-----w- c:\program files\Xvid 2010-05-06 10:39 . 2009-08-29 07:58 -------- d-----w- c:\program files\QuickTime 2010-05-06 10:38 . 2009-08-27 17:24 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-06 10:36 . 2009-10-19 12:06 -------- d-----w- c:\program files\LimeWire 2010-05-06 10:35 . 2009-08-29 07:59 -------- d-----w- c:\program files\iTunes 2010-05-06 10:34 . 2009-11-18 14:55 -------- d-----w- c:\program files\DivX 2010-05-06 10:33 . 2009-11-05 21:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-05-06 10:32 . 2009-08-29 07:58 -------- d-----w- c:\program files\Bonjour 2010-05-06 10:32 . 2009-08-29 07:58 -------- d-----w- c:\program files\Apple Software Update 2010-05-06 00:29 . 2009-11-27 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-05 23:50 . 2009-08-27 17:14 -------- d-----w- c:\program files\Windows Media Connect 2 2010-05-05 23:50 . 2009-08-29 07:52 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-05-05 23:38 . 2009-08-27 18:51 -------- d-----w- c:\program files\Microsoft Works 2010-05-05 22:46 . 2009-11-27 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-04-22 11:23 . 2009-08-27 18:36 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-15 13:00 . 2009-08-27 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-28 07:25 . 2008-04-15 12:00 87068 ----a-w- c:\windows\system32\perfc013.dat 2010-03-28 07:25 . 2008-04-15 12:00 501868 ----a-w- c:\windows\system32\perfh013.dat 2010-03-17 07:55 . 2010-03-17 07:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-17 07:55 . 2009-08-27 18:36 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-17 07:53 . 2009-08-27 18:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:17 . 2009-08-17 09:36 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:13 . 2009-08-17 09:36 919040 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 11:57 . 2009-08-17 09:34 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:02 . 2009-08-17 09:34 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:02 . 2009-02-09 11:19 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-11 19:07 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:32 . 2008-04-15 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 11:36 . 2009-08-17 09:34 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-11-18 14:55 . 2009-11-18 14:55 6666536 ----a-w- c:\program files\DivXWebPlayerInstaller.exe 2009-11-04 16:42 . 2009-11-04 16:42 90357136 ----a-w- c:\program files\HEMA_NL_Fotoservice.exe . ------- Sigcheck ------- [-] 2009-08-17 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27-8-2009 20:36 216200] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27-8-2009 20:36 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17-3-2010 9:55 308064] . Inhoud van de 'Gedeelde Taken' map 2010-05-05 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19] 2009-12-16 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . - - - - ORPHANS VERWIJDERD - - - - AddRemove-ousloegesajbt - c:\windows\system32\ousloegesajbt.exe AddRemove-PHPNukeDU Toolbar - c:\progra~1\PHPNUK~1\UNWISE.EXE ************************************************************************** scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,c7,ba,83,69,22,42,4f,8d,ee,76,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,c7,ba,83,69,22,42,4f,8d,ee,76,\ [HKEY_USERS\S-1-5-21-1935655697-813497703-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%î*Ú*] @Class="Shell" [HKEY_USERS\S-1-5-21-1935655697-813497703-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%î*Ú*\OpenWithList] @Class="Shell" . Voltooingstijd: 2010-05-06 17:00:23 ComboFix-quarantined-files.txt 2010-05-06 15:00 ComboFix2.txt 2010-05-06 14:09 Pre-Run: 26.123.792.384 bytes beschikbaar Post-Run: 26.113.454.080 bytes beschikbaar - - End Of File - - 7F14014B6AAED7983161021C143EEAA6 Hier is de logfile van Combofix.... Ik merkte al een tijd niets meer van het virus maar naar ik begrijp is het nu opgelost? Kan ik vanavond weer rustig slapen? Haha En kan ik verder nog iets doen wat bevordelijk is voor mijn pc, welke programma's kunnen eraf die ik voor dit probleem heb gedownload en moet ik de virusscan alweer helemaal aanzetten?
  8. kimbeau
    Ik heb de Combofix laten draaien en dit kwam eruit: ComboFix 10-05-05.0B - Muriël Wijnia 06-05-2010 15:57:06.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.502.178 [GMT 2:00] Gestart vanuit: c:\documents and settings\Muriël Wijnia\Bureaublad\ComboFixx.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Muriël Wijnia\Application Data\05E8E560CAF3D9AA1D9B110DE15C5765 c:\documents and settings\Muriël Wijnia\Application Data\05E8E560CAF3D9AA1D9B110DE15C5765\enemies-names.txt c:\documents and settings\Muriël Wijnia\Application Data\05E8E560CAF3D9AA1D9B110DE15C5765\gotnewupdate000.exe c:\recycler\S-1-5-21-4712163600-0518897430-860320300-7964 c:\windows\system32\mmdfrggt.dll Besmet exemplaar van c:\windows\system32\drivers\cdrom.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS (((((((((((((((((((( Bestanden Gemaakt van 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))) . 2010-05-06 13:49 . 2010-05-06 13:50 -------- d-----w- C:\ComboFix 2010-05-06 11:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-06 11:19 . 2010-05-06 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-06 11:19 . 2010-05-06 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-06 11:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-06 10:16 . 2010-05-06 10:16 -------- d-----w- c:\program files\Trend Micro 2010-05-05 22:01 . 2010-05-05 22:01 -------- d-----w- c:\program files\Enigma Software Group 2010-05-05 21:59 . 2010-05-06 00:47 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP 2010-05-05 21:59 . 2010-05-05 21:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-05 21:22 . 2010-05-05 21:22 50990 ----a-w- c:\windows\system32\ousloegesajbt.exe 2010-04-22 11:24 . 2010-04-22 11:24 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-22 11:20 . 2010-04-22 11:20 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-10 21:38 . 2005-02-26 05:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll 2010-04-09 14:23 . 2010-04-09 14:24 -------- d-----w- c:\program files\Zylom Games 2010-04-08 07:23 . 2010-04-08 07:23 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-06 12:13 . 2009-09-04 17:25 -------- d-----w- c:\program files\Lexmark 1200 Series 2010-05-06 10:39 . 2010-03-11 19:17 -------- d-----w- c:\program files\Xvid 2010-05-06 10:39 . 2009-08-29 07:58 -------- d-----w- c:\program files\QuickTime 2010-05-06 10:38 . 2009-08-27 17:24 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-06 10:36 . 2009-10-19 12:06 -------- d-----w- c:\program files\LimeWire 2010-05-06 10:35 . 2009-08-29 07:59 -------- d-----w- c:\program files\iTunes 2010-05-06 10:34 . 2009-11-18 14:55 -------- d-----w- c:\program files\DivX 2010-05-06 10:33 . 2009-11-05 21:44 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-05-06 10:32 . 2009-08-29 07:58 -------- d-----w- c:\program files\Bonjour 2010-05-06 10:32 . 2009-08-29 07:58 -------- d-----w- c:\program files\Apple Software Update 2010-05-06 00:29 . 2009-11-27 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-05 23:50 . 2009-08-27 17:14 -------- d-----w- c:\program files\Windows Media Connect 2 2010-05-05 23:50 . 2009-08-29 07:52 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-05-05 23:39 . 2009-11-05 21:47 -------- d-----w- c:\program files\PHPNukeDU 2010-05-05 23:38 . 2009-08-27 18:51 -------- d-----w- c:\program files\Microsoft Works 2010-05-05 22:46 . 2009-11-27 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-04-22 11:23 . 2009-08-27 18:36 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-15 13:00 . 2009-08-27 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-28 07:25 . 2008-04-15 12:00 87068 ----a-w- c:\windows\system32\perfc013.dat 2010-03-28 07:25 . 2008-04-15 12:00 501868 ----a-w- c:\windows\system32\perfh013.dat 2010-03-17 07:55 . 2010-03-17 07:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-17 07:55 . 2009-08-27 18:36 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-17 07:53 . 2009-08-27 18:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-10 06:17 . 2009-08-17 09:36 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:13 . 2009-08-17 09:36 919040 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 11:57 . 2009-08-17 09:34 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:02 . 2009-08-17 09:34 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:02 . 2009-02-09 11:19 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-11 19:07 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:32 . 2008-04-15 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 11:36 . 2009-08-17 09:34 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-11-18 14:55 . 2009-11-18 14:55 6666536 ----a-w- c:\program files\DivXWebPlayerInstaller.exe 2009-11-04 16:42 . 2009-11-04 16:42 90357136 ----a-w- c:\program files\HEMA_NL_Fotoservice.exe . ------- Sigcheck ------- [-] 2009-08-17 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27-8-2009 20:36 216200] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27-8-2009 20:36 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17-3-2010 9:55 308064] . Inhoud van de 'Gedeelde Taken' map 2010-05-05 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19] 2009-12-16 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) AddRemove-Aangifte inkomstenbelasting 2008 - c:\documents and settings\Muriël Wijnia\Mijn documenten\2008\ib2008u.exe AddRemove-Aangifte inkomstenbelasting 2009 - c:\documents and settings\Muriël Wijnia\Mijn documenten\Belastingdienst\2009\ib2009u.exe AddRemove-{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39} - c:\program files\ParetoLogic\FileCure\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-05-06 16:05 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,c7,ba,83,69,22,42,4f,8d,ee,76,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,c7,ba,83,69,22,42,4f,8d,ee,76,\ [HKEY_USERS\S-1-5-21-1935655697-813497703-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%î*Ú*] @Class="Shell" [HKEY_USERS\S-1-5-21-1935655697-813497703-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%î*Ú*\OpenWithList] @Class="Shell" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(6412) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\program files\Microsoft Office\Office12\1043\GrooveIntlResource.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD c:\program files\Malwarebytes' Anti-Malware\mbamext.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\combofix\CF17305.cfxxe . ************************************************************************** . Voltooingstijd: 2010-05-06 16:09:04 - machine werd herstart ComboFix-quarantined-files.txt 2010-05-06 14:09 Pre-Run: 25.257.160.704 bytes beschikbaar Post-Run: 26.122.604.544 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - E2F01470F817FB0EDA4C69FD1A488493 En dit zegt de HiJack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:12:03, on 6-5-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user') O4 - .DEFAULT Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- End of file - 7780 bytes Duss..... ben benieuwd..! ---------- Post toegevoegd om 14:19 ---------- Vorige post was om 14:13 ----------
  9. kimbeau
    Ik krijg inderdaad allemaal meldingen over de virusscan AVG. Hoe zet ik die op de goede manier uit..? Moet alles uit of alleen de icoontjes waar scanner in staat en hoe?
  10. kimbeau
    Het begint erop te lijken... Hier is het MBAMlogje: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4071 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6-5-2010 13:33:50 mbam-log-2010-05-06 (13-33-50).txt Scantype: Snelle scan Objecten gescand: 119146 Verstreken tijd: 10 minuut/minuten, 31 seconde(n) Geheugenprocessen geïnfecteerd: 5 Geheugenmodulen geïnfecteerd: 3 Registersleutels geïnfecteerd: 24 Registerwaarden geïnfecteerd: 7 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 11 Bestanden geïnfecteerd: 34 Geheugenprocessen geïnfecteerd: C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\Whr.exe (Trojan.Fraudpack) -> Unloaded process successfully. C:\WINDOWS\Wzidoa.exe (Trojan.Fraudpack) -> Failed to unload process. C:\WINDOWS\cidrive32.exe (Trojan.Dropper) -> Unloaded process successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\khvcol.exe (Trojan.Agent) -> Unloaded process successfully. c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\dgyrinsqrc.dll (Adware.BHO) -> Delete on reboot. C:\WINDOWS\system32\udeognrz.dll (Adware.EZlife) -> Delete on reboot. c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\21252 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2263 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\29980 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\20858 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\20662 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\31439 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.5.0 (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Application Data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Application Data\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife\1.5.5.0 (Adware.EzLife) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\Whr.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\WINDOWS\Wzidoa.exe (Trojan.Fraudpack) -> Delete on reboot. C:\WINDOWS\cidrive32.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dgyrinsqrc.dll (Adware.BHO) -> Delete on reboot. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\khvcol.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\udeognrz.dll (Adware.EZlife) -> Delete on reboot. C:\lsass.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun. -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-4712163600-0518897430-860320300-7964\mgrls32.exe (Worm.Autorun. -> Delete on reboot. C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\009.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\104.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\181.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\27.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\475.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\599.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\665.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\Whp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\Whq.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\khvcol .exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\imiyus.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\wrxnmcosea.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temp\727.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temporary Internet Files\Content.IE5\1JC6QF81\msall[1].data (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Local Settings\Temporary Internet Files\Content.IE5\QXIXEVTS\pr3xy[1].data (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.5.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Muriël Wijnia\Application Data\ezLife\ezLife\log.xml (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife\1.5.5.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. En hier die van Hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:47:05, on 6-5-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [20647] C:\DOCUME~1\MURILW~1\LOCALS~1\Temp\khvcol.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user') O4 - .DEFAULT Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- End of file - 7740 bytes Ben ik er zo al? Ik merk nog niks geks, maar ik moet zeggen dat die Antimalware Doctor-dingen erg lijken op het AVGprogramma. Jullie kunnen het vast opmaken uit die gegevens...? De geinfecteerde pc draait in ieder geval weer op de oude 'snelheid'.. Is er ook nog een programma om te voorkomen dat dit weer gebeurd of moet ik iets van Hijack of MBAM bewaren..?
  11. kimbeau
    Deze staat er niet tussen, O4 - HKLM\..\Run: [3899] C:\DOCUME~1\MURILW~1\LOCALS~1\Temp\khvcol.exe wel een vergelijkbare: 04 - HKLM\..\Run: [32503] C:\DOCUME`1\MURILW`1\LOCALS`1\Temp\khvcol.exe Moet ik die dan aanklikken?
  12. kimbeau
    Ok, dit is volgens mij gelukt..: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:17:03, on 6-5-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\MURILW~1\LOCALS~1\Temp\Whr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\Wzidoa.exe C:\WINDOWS\system32\wscntfy.exe C:\DOCUME~1\MURILW~1\LOCALS~1\Temp\khvcol.exe C:\WINDOWS\cidrive32.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\MURILW~1\LOCALS~1\Temp\665.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\AVG\AVG9\avgupd.exe c:\lsass.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Pucuy.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP1.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe thxr.wgo nwfdtx O2 - BHO: hotrevenue browser enhancer - {0A888F1D-DEB0-ED2B-0D7C-F5ABA21CB21D} - C:\WINDOWS\system32\dgyrinsqrc.dll O2 - BHO: ezLife browser enhancer udeognrz - {175E8DF8-77C6-42D8-8053-89A7B0B4EF16} - C:\WINDOWS\system32\udeognrz.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP1.dll O2 - BHO: SmartAds browser enhancer mmdfrggt - {51BEEFE5-CD3F-42EC-B9B7-4EEC86265BBC} - C:\WINDOWS\system32\mmdfrggt.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHP1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [3899] C:\DOCUME~1\MURILW~1\LOCALS~1\Temp\khvcol.exe O4 - HKLM\..\RunServices: [AutoRunLoad] c:\docume~1\murilw~1\locals~1\temp\7.tmp O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cidrive32.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user') O4 - .DEFAULT Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/xupload/XUpload.ocx O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- End of file - 9319 bytes
  13. kimbeau
    Hallo allemaal, ik ben nieuw op dit forum en wel om het volgende: Paniek paniek..! Ik heb het virus Antimalware Doctor dus. Ik heb de berichten doorgelezen over dit onderwerp maar kom er niet uit.. Blijf al haken bij de term: Hijackthis... Kan iemand mij vertellen hoe ik zo'n uitdraai kan maken van mijn pc (download). De slachtoffers van dit virus begonnen vaak met: Heb er niet veel verstand van maar hier een hijack uitdraai... :s O en is dit virus ernstig, want naast dat het inmiddels 3:37 is omdat ik de pc niet alleen durf te laten.. stuur ik dit bericht vanaf mijn laptop omdat het internet op mijn bevuilde pc te langzaam is inmiddels... Lieve groetjes!
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.