Ga naar inhoud

shooter73

Lid
  • Items

    8
  • Registratiedatum

  • Laatst bezocht

shooter73's prestaties

  1. Zo, ik heb nu alles gedaan wat je me verteld hebt en ben zo te zien van het virus af. Onnodig te zeggen dat mijn dank groot is. Mede omdat nu mijn bestanden bewaard zijn gebleven. Ik ga nu snel een schone back-up maken. Dan kan me dit niet nog eens overkomen. Heel erg bedankt. Andre
  2. Nee, ik heb hem niet meer gezien. Heel erg bedankt. Ik was al bang dat ik al mijn files kwijt zou zijn. Vooral in mijn email stonden nog een aantal dingen die ik niet kon missen. Ik zal eens gaan uitzoeken hoe dat werkt met back-ups maken. Dit wil ik liever niet nog eens meemaken. Groeten, Andre
  3. Daar zijn we weer. Hier zijn de logs: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4750 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 7-10-2010 0:28:32 mbam-log-2010-10-07 (00-28-32).txt Scantype: Snelle scan Objecten gescand: 1 Verstreken tijd: 4 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) en hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:30:57, on 7-10-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\FTD Watchdog\FtdMonitor.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Search Assistant R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\\NVCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [FTD Watchdog Monitor] "C:\Program Files\FTD Watchdog\FtdMonitor.exe" O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7014 bytes Met vriendelijke groet, Andre
  4. Hallo, Ik heb dit laatste wederom met succes uitgevoerd. Hier is het log bestand: ComboFix 10-10-05.05 - Andre 06-10-2010 15:50:47.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.316 [GMT 2:00] Gestart vanuit: I:\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 101004-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Andre\Application Data\srsf.bat c:\program files\Search Settings c:\program files\Search Settings\kb127\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))) . 2010-10-06 05:56 . 2010-10-06 05:56 -------- d-----w- c:\documents and settings\Andre\Application Data\Malwarebytes 2010-10-06 05:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-06 05:56 . 2010-10-06 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-06 05:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-06 05:56 . 2010-10-06 05:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-05 21:15 . 2010-10-05 21:15 388096 ----a-r- c:\documents and settings\Andre\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-05 16:48 . 2010-10-05 21:41 -------- d-----w- c:\program files\Spyware Doctor 2010-10-05 16:47 . 2010-10-05 21:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-10-05 15:20 . 2010-10-05 15:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-10-05 10:16 . 2010-10-05 10:15 192512 ----a-w- c:\windows\Wmuzya.exe 2010-10-02 18:53 . 2010-10-02 18:52 737280 ----a-w- c:\windows\iun6002.exe 2010-10-02 18:53 . 2010-10-02 19:59 -------- d-----w- c:\program files\BlueVoda Website Builder 2010-09-29 11:31 . 2008-04-13 22:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys 2010-09-29 11:31 . 2008-04-13 22:15 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys 2010-09-29 11:31 . 2001-08-17 20:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys 2010-09-29 11:31 . 2001-08-17 20:00 2944 ----a-w- c:\windows\system32\drivers\msmpu401.sys 2010-09-12 12:02 . 2010-09-12 12:02 -------- d-----w- c:\program files\AIDA32 - Enterprise System Information 2010-09-11 15:27 . 2010-09-11 15:27 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-09-11 15:27 . 2010-09-11 15:27 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-06 08:33 . 2010-09-05 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-10-05 16:12 . 2010-09-05 18:01 -------- d-----w- c:\program files\Spyware Terminator 2010-10-05 16:10 . 2010-09-05 18:01 -------- d-----w- c:\documents and settings\Andre\Application Data\Spyware Terminator 2010-10-05 15:33 . 2007-09-01 21:43 -------- d-----w- c:\program files\Winamp 2010-10-02 19:00 . 2007-09-01 21:18 44480 -c--a-w- c:\documents and settings\Andre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-19 18:52 . 2007-09-01 21:34 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-09-15 20:35 . 2007-09-01 22:36 -------- d-----w- c:\documents and settings\Andre\Application Data\Thunderbird 2010-09-11 15:33 . 2010-07-27 23:11 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-09-11 15:27 . 2010-07-27 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-09-11 15:27 . 2009-10-11 17:36 -------- d-----w- c:\program files\DivX 2010-09-11 15:24 . 2010-08-28 11:20 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll 2010-09-11 15:24 . 2010-08-28 11:15 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-09-11 15:24 . 2010-07-27 23:09 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-09-11 15:24 . 2010-07-27 23:09 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-09-06 19:56 . 2008-08-21 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-05 20:10 . 2010-09-05 20:10 -------- d-----w- c:\program files\FLV Player 2010-09-05 18:01 . 2010-09-05 18:01 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe 2010-09-05 18:01 . 2010-09-05 18:01 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys 2010-09-05 18:01 . 2010-09-05 18:01 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-09-05 17:58 . 2008-08-21 18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-08-28 11:40 . 2009-02-18 09:07 -------- d-----w- c:\documents and settings\Andre\Application Data\DivX 2010-08-28 11:20 . 2010-08-28 11:20 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-08-28 11:19 . 2010-08-28 11:19 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-08-28 11:19 . 2010-08-28 11:19 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-08-28 11:18 . 2010-08-28 11:18 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-08-26 19:42 . 2007-09-23 12:58 -------- d-----w- c:\program files\Common Files\Java 2010-08-26 19:42 . 2007-09-23 12:59 -------- d-----w- c:\program files\Java 2010-08-17 13:17 . 2003-04-08 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-10 22:24 . 2003-04-08 12:00 86022 ----a-w- c:\windows\system32\perfc013.dat 2010-08-10 22:24 . 2003-04-08 12:00 498912 ----a-w- c:\windows\system32\perfh013.dat 2010-08-09 16:08 . 2010-08-09 16:08 503808 ----a-w- c:\documents and settings\Andre\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d1ceab6-n\msvcp71.dll 2010-08-09 16:08 . 2010-08-09 16:08 61440 ----a-w- c:\documents and settings\Andre\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ae2a743-n\decora-sse.dll 2010-08-09 16:08 . 2010-08-09 16:08 499712 ----a-w- c:\documents and settings\Andre\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d1ceab6-n\jmc.dll 2010-08-09 16:08 . 2010-08-09 16:08 348160 ----a-w- c:\documents and settings\Andre\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5d1ceab6-n\msvcr71.dll 2010-08-09 16:08 . 2010-08-09 16:08 12800 ----a-w- c:\documents and settings\Andre\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3ae2a743-n\decora-d3d.dll 2010-07-27 23:07 . 2010-07-27 23:07 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-07-27 23:07 . 2010-07-27 23:07 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-07-27 23:05 . 2010-07-27 23:05 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-07-27 23:05 . 2010-07-27 23:05 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-07-22 15:46 . 2003-04-08 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-17 03:00 . 2010-06-09 07:38 423656 ----a-w- c:\windows\system32\deployJava1.dll 2002-07-31 17:55 . 2008-02-02 10:52 106 -csh--w- c:\windows\WSYS049.SYS . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\\NVMCTRAY.DLL" [2003-06-23 49152] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "FTD Watchdog Monitor"="c:\program files\FTD Watchdog\FtdMonitor.exe" [2009-03-14 176640] "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-09-05 3037696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536] "NvCplDaemon"="c:\windows\system32\\NVCpl.dll" [2003-06-23 4734976] "nwiz"="nwiz.exe" [2003-06-23 323584] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2003-08-27 151552] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-09-05 2176512] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fap07.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lvv18.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9-2-2009 16:01 114768] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5-9-2010 20:01 142592] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9-2-2009 16:01 20560] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [8-9-2007 21:32 7846] S0 Fap07;Fap07;c:\windows\system32\Drivers\Fap07.sys --> c:\windows\system32\Drivers\Fap07.sys [?] S0 Lvv18;Lvv18;c:\windows\system32\Drivers\Lvv18.sys --> c:\windows\system32\Drivers\Lvv18.sys [?] S0 NVDual;NVDual;c:\windows\system32\DRIVERS\nvDual.sys --> c:\windows\system32\DRIVERS\nvDual.sys [?] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\adm8511.sys [3-11-2007 14:52 20160] . Inhoud van de 'Gedeelde Taken' map 2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-10-06 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = localhost IE: Crawler Search - tbr:iemenu IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\gfzf01l3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw= FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - SafeBoot-Cdx08.sys AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2010-10-06 16:02:00 ComboFix-quarantined-files.txt 2010-10-06 14:01 Pre-Run: 17.253.593.088 bytes beschikbaar Post-Run: 17.580.810.240 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - 7B3C3AD15163310FF041F9B9A7844D10 mvg, Andre
  5. Er zijn toch weer 2 bestanden gevonden door Malwarebytes. Deze heeft hij er nu af gegooid als het goed is. Dit is het log: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4750 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 6-10-2010 10:43:15 mbam-log-2010-10-06 (10-43-15).txt Scantype: Snelle scan Objecten gescand: 144815 Verstreken tijd: 10 minuut/minuten, 29 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
  6. Hallo, Hier zijn de logjes van de 2 programma's die je me hebt gegeven. Eerst maar hijack this: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:53:26, on 6-10-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Documents and Settings\Andre\Application Data\hotfix.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\FTD Watchdog\FtdMonitor.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Search Assistant R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\\NVCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [FTD Watchdog Monitor] "C:\Program Files\FTD Watchdog\FtdMonitor.exe" O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7348 bytes En die van Malwarebytes: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4750 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 6-10-2010 8:11:03 mbam-log-2010-10-06 (08-11-03).txt Scantype: Snelle scan Objecten gescand: 144846 Verstreken tijd: 9 minuut/minuten, 53 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 13 Registerwaarden geïnfecteerd: 3 Registerdata geïnfecteerd: 6 Mappen geïnfecteerd: 23 Bestanden geïnfecteerd: 15 Geheugenprocessen geïnfecteerd: C:\Documents and Settings\Andre\Application Data\hotfix.exe (Trojan.FakeAlert) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\WINDOWS\wmoimu32.dll (Trojan.Hiloti) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhcv07j0en97 (Rogue.AntiVirusXP) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcv07j0en97 (Rogue.AntiVirusXP) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Documents and Settings\Andre\Application Data\rhcv07j0en97 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Application Data\rhcv07j0en97\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Application Data\rhcv07j0en97\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcv07j0en97 (Rogue.Multiple) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\Andre\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\wmoimu32.dll (Trojan.Hiloti) -> Delete on reboot. C:\WINDOWS\system32\Drivers\kslisti.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Local Settings\Temp\abmniqsn.exe (Trojan.DOwnloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Local Settings\Temp\EuroP.exe (Trojan.Fakealert.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Local Settings\Temp\_tbp.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Local Settings\Temp\serjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\4LM301MB\jjdlsnvtov[1].htm (Trojan.DOwnloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\74T17KOK\sjaipk[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Andre\Local Settings\Temporary Internet Files\Content.IE5\TCVEN7XB\vvqkfy[1].htm (Trojan.DOwnloader) -> Quarantined and deleted successfully. C:\Program Files\rhcv07j0en97\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcv07j0en97\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcv07j0en97\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. En alweer bedankt voor je hulp. Mvg, Andre
  7. Dit is het berichtje dat in dat kladblokvenster kwam te staan. Ik hoop dat je me kunt helpen. Mvg, Andre Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:16:19, on 5-10-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Documents and Settings\Andre\Application Data\hotfix.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\DOCUME~1\Andre\LOCALS~1\Temp\Wtr.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\FTD Watchdog\FtdMonitor.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = %s - Crawler.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Internet Explorer Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = Search Assistant R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\\NVCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [FTD Watchdog Monitor] "C:\Program Files\FTD Watchdog\FtdMonitor.exe" O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKCU\..\Run: [Obonehokofatahi] rundll32.exe "C:\WINDOWS\wmoimu32.dll",Startup O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\DOCUME~1\Andre\LOCALS~1\Temp\Wtr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 9606 bytes
  8. Ik heb antiyspy safeguard zelfs in mijn veilige modus zitten. Hoe krijg ik dit in hemelsnaam van de pc en wie weet wie dit virus geschreven heeft (dan kan ik hem eens even flink aan de tand voelen). Ik heb spyware doctor van pctools erover laten rennen en die herkend het virus. Probleem is alleen dat je online een activatie moet plegen voordat het het virus kan verwijderen. Probleem is dus dat het virus dit niet toelaat. Ik had via internet (ik heb gelukkig ook nog een laptop) gelezen dat je via de veilige modus de processen van het virus moet stil zetten. Maar dit gaat bij mij dus ook niet meer. Al met al vind ik het nog meevallen. Ik ben een voorzichtige surfer, en dit is dus ook mijn eerste keer dat ik een virus binnen haal die de pc plat gooit. En dat ik die 10 jaar dat ik al op internet rondhang. Maar het blijft vervelend en de schrijver van dit virus zal mijn vriend niet worden. Groet, Andre
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.