jurski

Lid

Bekijk profiel Bekijk hun activiteit

Items
10
Registratiedatum
30 september 2010
Laatst bezocht
15 oktober 2010

Inhoudstype

Alle activiteit

Profielen

Forums

Store

Product Reviews

Alles dat geplaatst werd door jurski

HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

hallo, nog ontzettend bedankt voor je hulp!!!! pc'tje doet t weer goed!
- 15 oktober 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

Hallo, heb nog steeds geen internet en kunnen alle programma'tjes eraf?
- 5 oktober 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

nee, nog geen internet.
- 1 oktober 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

heb je vorige 'opdrachten' gedaan en pc herstart...
- 1 oktober 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

Topp!! Krijg geen meldingen meer. Heb alleen geen internet meer...hoe kan dat????
- 1 oktober 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

Hier weer beide log files... ComboFix 10-09-30.01 - Tanja Dubbeldam 30-09-2010 23:21:05.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.959.542 [GMT 2:00] Gestart vanuit: c:\documents and settings\Tanja Dubbeldam\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Tanja Dubbeldam\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe" "c:\windows\DelMR.bat" "c:\windows\system32\drivers\ndisrd.sys" "c:\windows\system32\mspnp62af.exe" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Conduit c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=897164&fid=892962.xml c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=909619&fid=905414.xml c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\EngineSettings.json c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=nl-nl.xml c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=nl-nl.xml c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine\LanguagePack\nl-nl\LanguagePack.json c:\program files\Conduit c:\program files\Conduit\Community Alerts\Alert.dll c:\program files\ConduitEngine c:\program files\ConduitEngine\appContextMenu.xml c:\program files\ConduitEngine\ConduitEngine.dll c:\program files\ConduitEngine\ConduitEngineHelper.exe c:\program files\ConduitEngine\ConduitEngineUninstall.exe c:\program files\ConduitEngine\engineContextMenu.xml c:\program files\ConduitEngine\EngineSettings.json c:\program files\ConduitEngine\INSTALL.LOG c:\program files\ConduitEngine\toolbar.cfg c:\windows\DelMR.bat c:\windows\system32\drivers\ndisrd.sys c:\windows\system32\mspnp62af.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Ndisrd -------\Legacy_MSPnPService -------\Service_MSPnPService (((((((((((((((((((( Bestanden Gemaakt van 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))) . 2010-09-30 11:25 . 2010-09-30 11:25 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\Malwarebytes 2010-09-30 11:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-30 11:24 . 2010-09-30 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-30 11:24 . 2010-09-30 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-30 11:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-30 11:19 . 2010-09-30 11:19 503808 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37603690-n\msvcp71.dll 2010-09-30 11:19 . 2010-09-30 11:19 499712 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37603690-n\jmc.dll 2010-09-30 11:19 . 2010-09-30 11:19 348160 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37603690-n\msvcr71.dll 2010-09-30 11:19 . 2010-09-30 11:19 61440 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-331c1eba-n\decora-sse.dll 2010-09-30 11:19 . 2010-09-30 11:19 12800 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-331c1eba-n\decora-d3d.dll 2010-09-30 11:18 . 2010-09-30 11:18 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-30 08:36 . 2010-09-30 08:36 388096 ----a-r- c:\documents and settings\Tanja Dubbeldam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-30 08:36 . 2010-09-30 08:36 -------- d-----w- c:\program files\Trend Micro 2010-09-30 07:35 . 2010-09-30 21:14 -------- d--h--r- c:\documents and settings\Tanja Dubbeldam\Onlangs geopend 2010-09-30 07:20 . 2010-09-30 07:20 -------- d-----w- C:\$AVG 2010-09-24 18:30 . 2010-09-24 18:33 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Vuze_Remote 2010-09-24 18:29 . 2010-09-24 18:30 -------- d-----w- c:\program files\Vuze_Remote 2010-09-24 18:29 . 2010-09-24 18:29 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Temp . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-30 11:19 . 2006-05-24 22:21 -------- d-----w- c:\program files\Common Files\Java 2010-09-30 11:18 . 2006-01-18 11:42 -------- d-----w- c:\program files\Java 2010-09-30 08:59 . 2010-04-09 07:39 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\vlc 2010-09-30 07:35 . 2006-11-04 20:57 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\Azureus 2010-09-30 07:30 . 2006-11-05 00:08 -------- d-----w- c:\program files\CCleaner 2010-09-30 06:38 . 2010-07-07 15:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-24 18:31 . 2010-04-21 17:28 4146688 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe 2010-09-24 18:31 . 2010-04-21 17:28 7288256 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe 2010-09-24 18:30 . 2010-04-21 15:37 -------- d-----w- c:\program files\Vuze 2010-09-07 17:28 . 2006-05-24 14:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-07 17:28 . 2010-06-30 18:52 -------- d-----w- c:\program files\Olympus 2010-08-23 15:44 . 2009-04-26 20:38 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\Teleca 2010-08-23 15:43 . 2010-08-23 15:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2010-08-23 15:43 . 2010-08-23 15:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-08-23 15:38 . 2009-04-26 20:26 -------- d-----w- c:\program files\Common Files\Teleca Shared 2010-08-23 15:38 . 2010-08-23 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC 2010-08-23 15:38 . 2010-08-23 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca 2010-08-23 15:38 . 2010-08-23 15:36 -------- d-----w- c:\program files\HTC 2010-08-23 15:36 . 2010-08-23 15:36 -------- d-----w- c:\program files\Spirent Communications 2010-08-22 12:36 . 2010-08-22 12:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\J River 2010-08-22 12:34 . 2010-08-22 12:34 -------- d-----w- c:\program files\J River 2010-08-22 12:34 . 2010-08-22 12:34 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\J River 2010-08-22 10:58 . 2006-09-24 12:58 48280 ----a-w- c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-17 13:17 . 2005-06-10 23:53 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-11 20:59 . 2006-05-24 14:29 91752 ----a-w- c:\windows\system32\perfc013.dat 2010-08-11 20:59 . 2006-05-24 14:29 510742 ----a-w- c:\windows\system32\perfh013.dat 2010-07-29 07:33 . 2010-07-29 07:33 1025 ----a-w- c:\windows\system32\clauth2.dll 2010-07-29 07:33 . 2010-07-29 07:33 1025 ----a-w- c:\windows\system32\clauth1.dll 2010-07-29 07:33 . 2010-07-29 07:33 1025 ----a-w- c:\windows\system32\sysprs7.dll 2010-07-22 15:46 . 2004-08-04 05:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-16 10:08 . 2010-04-18 10:05 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-16 10:08 . 2010-07-16 10:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-16 10:08 . 2010-04-18 10:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-15 21:28 . 2010-08-22 12:35 621056 ------w- c:\windows\system32\MJ14.exe 2009-05-21 09:00 . 2009-05-21 09:00 3313664 ----a-w- c:\program files\bootwizard.exe . ((((((((((((((((((((((((((((( SnapShot@2010-09-30_17.24.17 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-30 21:26 . 2010-09-30 21:26 16384 c:\windows\temp\Perflib_Perfdata_a0.dat + 2010-09-30 21:26 . 2010-09-30 21:26 16384 c:\windows\temp\Perflib_Perfdata_16c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672] "SiSPower"="SiSPower.dll" [2005-08-26 49152] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"= "c:\\Program Files\\Acer TV-FM\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "45056:TCP"= 45056:TCP:msdrm "443:TCP"= 443:TCP:msdrm "5225:TCP"= 5225:TCP:msdrm "5222:TCP"= 5222:TCP:msdrm "2382:TCP"= 2382:TCP:msdrm R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-4-2010 12:05 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-4-2010 12:05 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16-7-2010 12:08 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16-7-2010 12:08 308136] S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys --> c:\windows\system32\drivers\ctredrv.sys [?] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [23-8-2010 17:37 24576] S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\J River\Media Jukebox 14\JRService.exe [22-8-2010 14:35 379400] S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter 54G WL-117(Sitecom);c:\windows\system32\drivers\ZD1211U.sys [4-10-2005 15:38 233472] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ig?hl=nl . - - - - ORPHANS VERWIJDERD - - - - AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-30 23:27 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2996) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Acer TV-FM\Kernel\TV\CLCapSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Acer TV-FM\Kernel\TV\CLSched.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Common Files\Teleca Shared\logger.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe . ************************************************************************** . Voltooingstijd: 2010-09-30 23:29:50 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-30 21:29 ComboFix2.txt 2010-09-30 17:26 Pre-Run: 60.866.256.896 bytes beschikbaar Post-Run: 60.851.490.816 bytes beschikbaar - - End Of File - - 568DB4E6693869840E88454E025E2FF7 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:32:04, on 30-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Media Jukebox 14 Service - J. River, Inc. - C:\Program Files\J River\Media Jukebox 14\JRService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7774 bytes
- 30 september 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

Hier is de log file van combofix. Heb er alleen een probleem bij...ik kan na de scan ook niet meer op internet...?? bvd jurski ComboFix 10-09-29.04 - Tanja Dubbeldam 30-09-2010 19:18:37.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.959.563 [GMT 2:00] Gestart vanuit: c:\documents and settings\Tanja Dubbeldam\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documenten\Server\admin.txt c:\documents and settings\All Users\Documenten\Server\server.dat c:\documents and settings\Tanja Dubbeldam\Application Data\33914A1AAA930913D6DD9C026C3ADD73 c:\documents and settings\Tanja Dubbeldam\Application Data\33914A1AAA930913D6DD9C026C3ADD73\enemies-names.txt c:\documents and settings\Tanja Dubbeldam\Application Data\33914A1AAA930913D6DD9C026C3ADD73\local.ini c:\documents and settings\Tanja Dubbeldam\Application Data\33914A1AAA930913D6DD9C026C3ADD73\lsrslt.ini c:\documents and settings\Tanja Dubbeldam\Application Data\33914A1AAA930913D6DD9C026C3ADD73\smartcore70700bin.exe c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\winlogon.exe Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ndisrd (((((((((((((((((((( Bestanden Gemaakt van 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))) . 2010-09-30 11:25 . 2010-09-30 11:25 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\Malwarebytes 2010-09-30 11:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-30 11:24 . 2010-09-30 11:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-30 11:24 . 2010-09-30 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-30 11:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-30 11:19 . 2010-09-30 11:19 503808 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37603690-n\msvcp71.dll 2010-09-30 11:19 . 2010-09-30 11:19 499712 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37603690-n\jmc.dll 2010-09-30 11:19 . 2010-09-30 11:19 348160 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37603690-n\msvcr71.dll 2010-09-30 11:19 . 2010-09-30 11:19 61440 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-331c1eba-n\decora-sse.dll 2010-09-30 11:19 . 2010-09-30 11:19 12800 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-331c1eba-n\decora-d3d.dll 2010-09-30 11:18 . 2010-09-30 11:18 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-30 08:36 . 2010-09-30 08:36 388096 ----a-r- c:\documents and settings\Tanja Dubbeldam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-30 08:36 . 2010-09-30 08:36 -------- d-----w- c:\program files\Trend Micro 2010-09-30 07:36 . 2010-09-30 07:36 150528 ---ha-w- c:\windows\system32\mspnp62af.exe 2010-09-30 07:36 . 2010-09-30 07:36 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2010-09-30 07:35 . 2010-09-30 08:58 -------- d--h--r- c:\documents and settings\Tanja Dubbeldam\Onlangs geopend 2010-09-30 07:20 . 2010-09-30 07:20 -------- d-----w- C:\$AVG 2010-09-24 18:30 . 2010-09-24 18:30 -------- d-----w- c:\program files\Conduit 2010-09-24 18:30 . 2010-09-24 18:30 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Conduit 2010-09-24 18:30 . 2010-09-24 18:33 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Vuze_Remote 2010-09-24 18:29 . 2010-09-24 18:33 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\ConduitEngine 2010-09-24 18:29 . 2010-09-24 18:29 -------- d-----w- c:\program files\ConduitEngine 2010-09-24 18:29 . 2010-09-24 18:30 -------- d-----w- c:\program files\Vuze_Remote 2010-09-24 18:29 . 2010-09-24 18:29 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\Temp . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-30 11:19 . 2006-05-24 22:21 -------- d-----w- c:\program files\Common Files\Java 2010-09-30 11:18 . 2006-01-18 11:42 -------- d-----w- c:\program files\Java 2010-09-30 08:59 . 2010-04-09 07:39 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\vlc 2010-09-30 07:35 . 2006-11-04 20:57 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\Azureus 2010-09-30 07:30 . 2006-11-05 00:08 -------- d-----w- c:\program files\CCleaner 2010-09-30 06:38 . 2010-07-07 15:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-24 18:31 . 2010-04-21 17:28 4146688 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe 2010-09-24 18:31 . 2010-04-21 17:28 7288256 ----a-w- c:\documents and settings\Tanja Dubbeldam\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe 2010-09-24 18:30 . 2010-04-21 15:37 -------- d-----w- c:\program files\Vuze 2010-09-07 17:28 . 2006-05-24 14:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-07 17:28 . 2010-06-30 18:52 -------- d-----w- c:\program files\Olympus 2010-09-07 17:27 . 2010-06-30 18:51 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe 2010-08-23 15:44 . 2009-04-26 20:38 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\Teleca 2010-08-23 15:43 . 2010-08-23 15:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf 2010-08-23 15:43 . 2010-08-23 15:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-08-23 15:38 . 2009-04-26 20:26 -------- d-----w- c:\program files\Common Files\Teleca Shared 2010-08-23 15:38 . 2010-08-23 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC 2010-08-23 15:38 . 2010-08-23 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca 2010-08-23 15:38 . 2010-08-23 15:36 -------- d-----w- c:\program files\HTC 2010-08-23 15:36 . 2010-08-23 15:36 -------- d-----w- c:\program files\Spirent Communications 2010-08-22 12:36 . 2010-08-22 12:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\J River 2010-08-22 12:34 . 2010-08-22 12:34 -------- d-----w- c:\program files\J River 2010-08-22 12:34 . 2010-08-22 12:34 -------- d-----w- c:\documents and settings\Tanja Dubbeldam\Application Data\J River 2010-08-22 10:58 . 2006-09-24 12:58 48280 ----a-w- c:\documents and settings\Tanja Dubbeldam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-22 08:23 . 2009-11-25 19:43 146 ----a-w- c:\windows\DelMR.bat 2010-08-17 13:17 . 2005-06-10 23:53 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-11 20:59 . 2006-05-24 14:29 91752 ----a-w- c:\windows\system32\perfc013.dat 2010-08-11 20:59 . 2006-05-24 14:29 510742 ----a-w- c:\windows\system32\perfh013.dat 2010-07-29 07:33 . 2010-07-29 07:33 1025 ----a-w- c:\windows\system32\clauth2.dll 2010-07-29 07:33 . 2010-07-29 07:33 1025 ----a-w- c:\windows\system32\clauth1.dll 2010-07-29 07:33 . 2010-07-29 07:33 1025 ----a-w- c:\windows\system32\sysprs7.dll 2010-07-22 15:46 . 2004-08-04 05:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-16 10:08 . 2010-04-18 10:05 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-16 10:08 . 2010-07-16 10:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-16 10:08 . 2010-04-18 10:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-15 21:28 . 2010-08-22 12:35 621056 ------w- c:\windows\system32\MJ14.exe 2009-05-21 09:00 . 2009-05-21 09:00 3313664 ----a-w- c:\program files\bootwizard.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672] "SiSPower"="SiSPower.dll" [2005-08-26 49152] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"= "c:\\Program Files\\Acer TV-FM\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "45056:TCP"= 45056:TCP:msdrm "443:TCP"= 443:TCP:msdrm "5225:TCP"= 5225:TCP:msdrm "5222:TCP"= 5222:TCP:msdrm "2382:TCP"= 2382:TCP:msdrm R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-4-2010 12:05 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-4-2010 12:05 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16-7-2010 12:08 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16-7-2010 12:08 308136] S1 ctredrv.sys;ctredrv.sys;\??\c:\windows\system32\drivers\ctredrv.sys --> c:\windows\system32\drivers\ctredrv.sys [?] S2 MSPnPService;MS PnP Service;c:\windows\system32\mspnp62af.exe [30-9-2010 9:36 150528] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [23-8-2010 17:37 24576] S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\J River\Media Jukebox 14\JRService.exe [22-8-2010 14:35 379400] S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter 54G WL-117(Sitecom);c:\windows\system32\drivers\ZD1211U.sys [4-10-2005 15:38 233472] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ig?hl=nl . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKLM-Run-Sitecom WL-117 WLan_Utility - (no file) HKLM-Run-AutoEJCD_0ACE2031 - (no file) HKU-Default-Run-msdrm - msdrm.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-30 19:24 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(920) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Acer TV-FM\Kernel\TV\CLCapSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Acer TV-FM\Kernel\TV\CLSched.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Common Files\Teleca Shared\logger.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe . ************************************************************************** . Voltooingstijd: 2010-09-30 19:26:45 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-30 17:26 Pre-Run: 60.886.097.920 bytes beschikbaar Post-Run: 60.875.382.784 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 6892B0F24E9C9C34604DA343BF1BF198
- 30 september 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

Tot nu toe allemaal gelukt wat ik allemaal moets doen!! hier zijn de log files. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:39:12, on 30-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Media Jukebox 14 Service - J. River, Inc. - C:\Program Files\J River\Media Jukebox 14\JRService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8204 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4722 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30-9-2010 13:35:09 mbam-log-2010-09-30 (13-35-09).txt Scantype: Snelle scan Objecten gescand: 135873 Verstreken tijd: 7 minuut/minuten, 25 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 2 Registersleutels geïnfecteerd: 9 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 4 Mappen geïnfecteerd: 2 Bestanden geïnfecteerd: 14 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\cryptnet32.dll (Trojan.Delf) -> Delete on reboot. C:\WINDOWS\system32\wdpf.xfo (Trojan.Dropper.Gen) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\SuperiorBrandingSystem (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srenum (Rootkit.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe wdpf.xfo mfwchp) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31a45fcf-7e92-4dc2-9aae-3e124275aa70}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.84,93.188.161.224 -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Documents and Settings\Tanja Dubbeldam\Menu Start\Programma's\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\cryptnet32.dll (Trojan.Delf) -> Delete on reboot. C:\WINDOWS\system32\wdpf.xfo (Trojan.Dropper.Gen) -> Delete on reboot. C:\WINDOWS\system32\msrun.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Tanja Dubbeldam\Local Settings\Temp\5.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Tanja Dubbeldam\Local Settings\Temp\6.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Tanja Dubbeldam\Local Settings\Temp\xwansceomr.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Tanja Dubbeldam\Local Settings\Temp\_11.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Tanja Dubbeldam\Local Settings\Temp\_12.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Tanja Dubbeldam\Local Settings\Temp\htfdoo.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Documents and Settings\Tanja Dubbeldam\Menu Start\Programma's\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
- 30 september 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski reageerde op jurski's topic in Archief Bestrijding malware & virussen

Als eerste bedankt voor het snelle reageren!!! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:13:50, on 30-9-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Documents and Settings\Tanja Dubbeldam\Application Data\33914A1AAA930913D6DD9C026C3ADD73\smartcore70700bin.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program FAiles\Common Files\Teleca Shared\Generic.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe wdpf.xfo mfwchp O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [smartcore70700bin.exe] C:\Documents and Settings\Tanja Dubbeldam\Application Data\33914A1AAA930913D6DD9C026C3ADD73\smartcore70700bin.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{31A45FCF-7E92-4DC2-9AAE-3E124275AA70}: NameServer = 93.188.162.84,93.188.161.224 O17 - HKLM\System\CCS\Services\Tcpip\..\{F35F2BDF-91C9-4661-B705-0C7C27E2C36D}: NameServer = 93.188.162.84,93.188.161.224 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.84,93.188.161.224 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.84,93.188.161.224 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.84,93.188.161.224 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Media Jukebox 14 Service - J. River, Inc. - C:\Program Files\J River\Media Jukebox 14\JRService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9893 bytes
- 30 september 2010
- 17 antwoorden
HELP!! antimalware doctor

jurski plaatste een topic in Archief Bestrijding malware & virussen

Hallo, ik heb sinds vandaag antimalware doctor op mijn pc!!! Help! Wie kan mij helpen om er vanaf te komen?? bvd jurski
- 30 september 2010
- 17 antwoorden

Inloggen

jurski

Items

Registratiedatum

Laatst bezocht

Inhoudstype

Profielen

Forums

Store

Alles dat geplaatst werd door jurski

HELP!! antimalware doctor

HELP!! antimalware doctor

HELP!! antimalware doctor

HELP!! antimalware doctor

HELP!! antimalware doctor

HELP!! antimalware doctor

HELP!! antimalware doctor

HELP!! antimalware doctor

HELP!! antimalware doctor

HELP!! antimalware doctor

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie