Ga naar inhoud

foutmelding generic host proces for win32


willem49
 Delen

Aanbevolen berichten

hallo,

heb weer een foutmelding in generic host proces for win 32

heb alvast een logje gemaakt

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 0:16:24, on 30-9-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - https://asp.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--

End of file - 9203 bytes

Link naar reactie
Delen op andere sites


Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
  • Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

hier het logbestand van combofix

ComboFix 10-09-29.01 - Wiel 30-09-2010 7:07.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.184 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Wiel\Bureaublad\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\hpe80.dll

c:\documents and settings\All Users\Documenten\Settings

c:\windows\mdll.dl

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\wpcap.dll

Besmet exemplaar van c:\windows\system32\drivers\ipsec.sys werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-28 to 2010-09-30 ))))))))))))))))))))))))))))))

.

2010-09-29 22:08 . 2010-09-29 22:08 388096 ----a-r- c:\documents and settings\Wiel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-25 08:18 . 2010-09-25 08:18 -------- d--h--r- c:\documents and settings\Helma\Onlangs geopend

2010-09-25 08:14 . 2010-09-29 22:16 -------- d--h--r- c:\documents and settings\Wiel\Onlangs geopend

2010-09-10 20:19 . 2010-09-10 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\e04ea5e

2010-09-01 21:52 . 2010-09-01 21:52 -------- d-----w- c:\documents and settings\Wiel\Phone Browser

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-27 18:59 . 2010-05-05 12:15 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-24 17:30 . 2010-08-28 14:34 -------- d-----w- c:\program files\CCleaner

2010-08-21 16:29 . 2010-08-21 11:57 112 ----a-w- c:\documents and settings\All Users\Application Data\F25nd72.dat

2010-08-19 18:41 . 2010-08-19 18:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-08-19 18:41 . 2010-08-19 18:41 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-08-19 18:41 . 2010-08-19 18:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-08-19 18:41 . 2010-08-19 18:41 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-08-19 18:36 . 2010-08-19 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-08-19 18:36 . 2009-03-18 23:05 -------- d-----w- c:\program files\AVG

2010-08-15 14:25 . 2010-08-15 14:25 503808 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\msvcp71.dll

2010-08-15 14:25 . 2010-08-15 14:25 499712 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\jmc.dll

2010-08-15 14:25 . 2010-08-15 14:25 12800 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6657caba-n\decora-d3d.dll

2010-08-15 14:25 . 2010-08-15 14:25 61440 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6657caba-n\decora-sse.dll

2010-08-15 14:25 . 2010-08-15 14:25 348160 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\msvcr71.dll

2010-08-08 23:33 . 2010-08-08 23:33 0 ----a-w- C:\ntuser.dat

2010-08-08 22:55 . 2010-08-08 22:55 -------- d-----w- c:\documents and settings\Bart\Application Data\Malwarebytes

2010-08-08 17:54 . 2010-08-08 17:54 -------- d-----w- c:\documents and settings\Helma\Application Data\Malwarebytes

2010-08-07 16:52 . 2010-08-07 16:52 61440 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-16333882-n\decora-sse.dll

2010-08-07 16:52 . 2010-08-07 16:52 503808 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\msvcp71.dll

2010-08-07 16:52 . 2010-08-07 16:52 499712 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\jmc.dll

2010-08-07 16:52 . 2010-08-07 16:52 348160 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\msvcr71.dll

2010-08-07 16:52 . 2010-08-07 16:52 12800 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-16333882-n\decora-d3d.dll

2010-08-03 21:35 . 2010-08-03 21:35 -------- d-----w- c:\documents and settings\Wiel\Application Data\Malwarebytes

2010-08-03 21:35 . 2010-08-03 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-03 21:35 . 2010-08-03 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-03 21:31 . 2008-04-19 16:02 -------- d-----w- c:\program files\LimewirePlus

2010-08-03 16:41 . 2010-08-03 16:41 -------- d-----w- c:\program files\Common Files\Java

2010-08-03 16:40 . 2008-04-19 16:05 -------- d-----w- c:\program files\Java

2010-08-03 16:30 . 2010-08-03 16:30 61440 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1aee8673-n\decora-sse.dll

2010-08-03 16:30 . 2010-08-03 16:30 503808 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\msvcp71.dll

2010-08-03 16:30 . 2010-08-03 16:30 499712 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\jmc.dll

2010-08-03 16:30 . 2010-08-03 16:30 348160 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\msvcr71.dll

2010-08-03 16:30 . 2010-08-03 16:30 12800 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1aee8673-n\decora-d3d.dll

2010-08-03 15:28 . 2010-08-03 15:28 -------- d-----w- c:\program files\Trend Micro

2010-08-03 13:12 . 2010-07-30 12:02 -------- d-----w- c:\program files\Common Files\Java(2)

2010-07-24 11:50 . 2001-09-07 10:00 88432 ----a-w- c:\windows\system32\perfc013.dat

2010-07-24 11:50 . 2001-09-07 10:00 503720 ----a-w- c:\windows\system32\perfh013.dat

2010-07-17 03:00 . 2010-04-23 04:25 423656 ----a-w- c:\windows\system32\deployJava1.dll

.

<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Windows Live\Family Safety\fsui .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-03-28 26112]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-24 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\Helma\Menu Start\Programma's\Opstarten\Takkie

Thumbs.db [2003-5-30 13312]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19-8-2010 20:41 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19-8-2010 20:41 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19-8-2010 20:38 308136]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [8-1-2010 0:49 90112]

R3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [19-3-2008 22:19 186551]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2010 7:50 135664]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [8-1-2010 0:36 90280]

S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [8-1-2010 0:36 15016]

S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [8-1-2010 0:36 122280]

S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [8-1-2010 0:36 115880]

S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [8-1-2010 0:36 26024]

S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [8-1-2010 0:36 111912]

S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [8-1-2010 0:36 116904]

.

Inhoud van de 'Gedeelde Taken' map

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:50]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:50]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{B0910462-20B3-4813-AE06-73341881A8D9}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = proxy:8080

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxps://asp.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02} - (no file)

WebBrowser-{AB8DC1E0-22BE-4181-B77E-02C495E031F8} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-30 07:29

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1606980848-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2580)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\windows\system32\ConnAPI.DLL

c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\msi.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2010-09-30 07:38:23 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-30 05:38

Pre-Run: 19.371.413.504 bytes beschikbaar

Post-Run: 19.379.912.704 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7711CB062B53C25FF9C8A4A0AC1A7AAA

Link naar reactie
Delen op andere sites


Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\documents and settings\All Users\Application Data\F25nd72.dat

Folder::

c:\documents and settings\All Users\Application Data\e04ea5e

Renv::

c:\program files\AVG\AVG9\avgtray .exe

c:\program files\Common Files\Java\Java Update\jusched .exe

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

c:\program files\Windows Live\Family Safety\fsui .exe

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

aangepast door kape
Link naar reactie
Delen op andere sites

2e log van combifix

ComboFix 10-09-29.03 - Wiel 30-09-2010 8:39.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.168 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Wiel\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Wiel\Bureaublad\CFScript.txt..doc

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-28 to 2010-09-30 ))))))))))))))))))))))))))))))

.

2010-09-30 05:32 . 2010-09-30 05:32 -------- d-----w- c:\windows\LastGood

2010-09-29 22:08 . 2010-09-29 22:08 388096 ----a-r- c:\documents and settings\Wiel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-25 08:18 . 2010-09-25 08:18 -------- d--h--r- c:\documents and settings\Helma\Onlangs geopend

2010-09-25 08:14 . 2010-09-30 06:32 -------- d--h--r- c:\documents and settings\Wiel\Onlangs geopend

2010-09-10 20:19 . 2010-09-10 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\e04ea5e

2010-09-01 21:52 . 2010-09-01 21:52 -------- d-----w- c:\documents and settings\Wiel\Phone Browser

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-27 18:59 . 2010-05-05 12:15 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-24 17:30 . 2010-08-28 14:34 -------- d-----w- c:\program files\CCleaner

2010-08-21 16:29 . 2010-08-21 11:57 112 ----a-w- c:\documents and settings\All Users\Application Data\F25nd72.dat

2010-08-19 18:41 . 2010-08-19 18:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-08-19 18:41 . 2010-08-19 18:41 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-08-19 18:41 . 2010-08-19 18:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-08-19 18:41 . 2010-08-19 18:41 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-08-19 18:36 . 2010-08-19 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-08-19 18:36 . 2009-03-18 23:05 -------- d-----w- c:\program files\AVG

2010-08-15 14:25 . 2010-08-15 14:25 503808 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\msvcp71.dll

2010-08-15 14:25 . 2010-08-15 14:25 499712 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\jmc.dll

2010-08-15 14:25 . 2010-08-15 14:25 12800 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6657caba-n\decora-d3d.dll

2010-08-15 14:25 . 2010-08-15 14:25 61440 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6657caba-n\decora-sse.dll

2010-08-15 14:25 . 2010-08-15 14:25 348160 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\msvcr71.dll

2010-08-08 23:33 . 2010-08-08 23:33 0 ----a-w- C:\ntuser.dat

2010-08-08 22:55 . 2010-08-08 22:55 -------- d-----w- c:\documents and settings\Bart\Application Data\Malwarebytes

2010-08-08 17:54 . 2010-08-08 17:54 -------- d-----w- c:\documents and settings\Helma\Application Data\Malwarebytes

2010-08-07 16:52 . 2010-08-07 16:52 61440 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-16333882-n\decora-sse.dll

2010-08-07 16:52 . 2010-08-07 16:52 503808 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\msvcp71.dll

2010-08-07 16:52 . 2010-08-07 16:52 499712 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\jmc.dll

2010-08-07 16:52 . 2010-08-07 16:52 348160 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\msvcr71.dll

2010-08-07 16:52 . 2010-08-07 16:52 12800 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-16333882-n\decora-d3d.dll

2010-08-03 21:35 . 2010-08-03 21:35 -------- d-----w- c:\documents and settings\Wiel\Application Data\Malwarebytes

2010-08-03 21:35 . 2010-08-03 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-03 21:35 . 2010-08-03 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-03 21:31 . 2008-04-19 16:02 -------- d-----w- c:\program files\LimewirePlus

2010-08-03 16:41 . 2010-08-03 16:41 -------- d-----w- c:\program files\Common Files\Java

2010-08-03 16:40 . 2008-04-19 16:05 -------- d-----w- c:\program files\Java

2010-08-03 16:30 . 2010-08-03 16:30 61440 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1aee8673-n\decora-sse.dll

2010-08-03 16:30 . 2010-08-03 16:30 503808 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\msvcp71.dll

2010-08-03 16:30 . 2010-08-03 16:30 499712 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\jmc.dll

2010-08-03 16:30 . 2010-08-03 16:30 348160 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\msvcr71.dll

2010-08-03 16:30 . 2010-08-03 16:30 12800 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1aee8673-n\decora-d3d.dll

2010-08-03 15:28 . 2010-08-03 15:28 -------- d-----w- c:\program files\Trend Micro

2010-08-03 13:12 . 2010-07-30 12:02 -------- d-----w- c:\program files\Common Files\Java(2)

2010-07-24 11:50 . 2001-09-07 10:00 88432 ----a-w- c:\windows\system32\perfc013.dat

2010-07-24 11:50 . 2001-09-07 10:00 503720 ----a-w- c:\windows\system32\perfh013.dat

2010-07-17 03:00 . 2010-04-23 04:25 423656 ----a-w- c:\windows\system32\deployJava1.dll

.

<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Windows Live\Family Safety\fsui .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-03-28 26112]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-24 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\Helma\Menu Start\Programma's\Opstarten\Takkie

Thumbs.db [2003-5-30 13312]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19-8-2010 20:41 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19-8-2010 20:41 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19-8-2010 20:38 308136]

R3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [19-3-2008 22:19 186551]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2010 7:50 135664]

S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [8-1-2010 0:49 90112]

S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [8-1-2010 0:36 90280]

S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [8-1-2010 0:36 15016]

S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [8-1-2010 0:36 122280]

S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [8-1-2010 0:36 115880]

S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [8-1-2010 0:36 26024]

S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [8-1-2010 0:36 111912]

S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [8-1-2010 0:36 116904]

.

Inhoud van de 'Gedeelde Taken' map

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:50]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:50]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{B0910462-20B3-4813-AE06-73341881A8D9}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = proxy:8080

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxps://asp.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-30 08:49

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1606980848-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3820)

c:\windows\system32\webcheck.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2010-09-30 08:54:02

ComboFix-quarantined-files.txt 2010-09-30 06:53

ComboFix2.txt 2010-09-30 05:38

Pre-Run: 19.258.568.704 bytes beschikbaar

Post-Run: 19.252.674.560 bytes beschikbaar

- - End Of File - - 805AFA3C5E28822C69E0A2C3D12E751E

Link naar reactie
Delen op andere sites

Dit is niet helemaal correct uitgevoerd. Je moet de aangeduide items in een kladblok opslaan met als extensie .txt. In je log zie ik dat je dit met .doc als toegevoegde extensie hebt opgeslagen -> CFScript.txt..doc. Maar dan werkt deze switch bij ComboFix niet zoals het hoort te werken.

Wil je deze actie nog eens herhalen, sla nu het bestand gewoon op als CFScript.txt ... en sleep het dan in de snelkoppeling van ComboFix. En dan weer graag een nieuw logje van CF.

Link naar reactie
Delen op andere sites


hoop dat het nu wel gelukt is

ComboFix 10-09-29.03 - Wiel 30-09-2010 9:14.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.182 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Wiel\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Wiel\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\documents and settings\All Users\Application Data\F25nd72.dat"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\e04ea5e

c:\documents and settings\All Users\Application Data\F25nd72.dat

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-28 to 2010-09-30 ))))))))))))))))))))))))))))))

.

2010-09-29 22:08 . 2010-09-29 22:08 388096 ----a-r- c:\documents and settings\Wiel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-25 08:18 . 2010-09-25 08:18 -------- d--h--r- c:\documents and settings\Helma\Onlangs geopend

2010-09-25 08:14 . 2010-09-30 07:16 -------- d--h--r- c:\documents and settings\Wiel\Onlangs geopend

2010-09-01 21:52 . 2010-09-01 21:52 -------- d-----w- c:\documents and settings\Wiel\Phone Browser

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-27 18:59 . 2010-05-05 12:15 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-24 17:30 . 2010-08-28 14:34 -------- d-----w- c:\program files\CCleaner

2010-08-19 18:41 . 2010-08-19 18:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-08-19 18:41 . 2010-08-19 18:41 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-08-19 18:41 . 2010-08-19 18:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-08-19 18:41 . 2010-08-19 18:41 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-08-19 18:36 . 2010-08-19 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-08-19 18:36 . 2009-03-18 23:05 -------- d-----w- c:\program files\AVG

2010-08-15 14:25 . 2010-08-15 14:25 503808 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\msvcp71.dll

2010-08-15 14:25 . 2010-08-15 14:25 499712 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\jmc.dll

2010-08-15 14:25 . 2010-08-15 14:25 12800 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6657caba-n\decora-d3d.dll

2010-08-15 14:25 . 2010-08-15 14:25 61440 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6657caba-n\decora-sse.dll

2010-08-15 14:25 . 2010-08-15 14:25 348160 ----a-w- c:\documents and settings\Bart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52186905-n\msvcr71.dll

2010-08-08 23:33 . 2010-08-08 23:33 0 ----a-w- C:\ntuser.dat

2010-08-08 22:55 . 2010-08-08 22:55 -------- d-----w- c:\documents and settings\Bart\Application Data\Malwarebytes

2010-08-08 17:54 . 2010-08-08 17:54 -------- d-----w- c:\documents and settings\Helma\Application Data\Malwarebytes

2010-08-07 16:52 . 2010-08-07 16:52 61440 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-16333882-n\decora-sse.dll

2010-08-07 16:52 . 2010-08-07 16:52 503808 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\msvcp71.dll

2010-08-07 16:52 . 2010-08-07 16:52 499712 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\jmc.dll

2010-08-07 16:52 . 2010-08-07 16:52 348160 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-66730c1e-n\msvcr71.dll

2010-08-07 16:52 . 2010-08-07 16:52 12800 ----a-w- c:\documents and settings\Helma\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-16333882-n\decora-d3d.dll

2010-08-03 21:35 . 2010-08-03 21:35 -------- d-----w- c:\documents and settings\Wiel\Application Data\Malwarebytes

2010-08-03 21:35 . 2010-08-03 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-03 21:35 . 2010-08-03 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-03 21:31 . 2008-04-19 16:02 -------- d-----w- c:\program files\LimewirePlus

2010-08-03 16:41 . 2010-08-03 16:41 -------- d-----w- c:\program files\Common Files\Java

2010-08-03 16:40 . 2008-04-19 16:05 -------- d-----w- c:\program files\Java

2010-08-03 16:30 . 2010-08-03 16:30 61440 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1aee8673-n\decora-sse.dll

2010-08-03 16:30 . 2010-08-03 16:30 503808 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\msvcp71.dll

2010-08-03 16:30 . 2010-08-03 16:30 499712 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\jmc.dll

2010-08-03 16:30 . 2010-08-03 16:30 348160 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-44c03435-n\msvcr71.dll

2010-08-03 16:30 . 2010-08-03 16:30 12800 ----a-w- c:\documents and settings\Wiel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1aee8673-n\decora-d3d.dll

2010-08-03 15:28 . 2010-08-03 15:28 -------- d-----w- c:\program files\Trend Micro

2010-08-03 13:12 . 2010-07-30 12:02 -------- d-----w- c:\program files\Common Files\Java(2)

2010-07-24 11:50 . 2001-09-07 10:00 88432 ----a-w- c:\windows\system32\perfc013.dat

2010-07-24 11:50 . 2001-09-07 10:00 503720 ----a-w- c:\windows\system32\perfh013.dat

2010-07-17 03:00 . 2010-04-23 04:25 423656 ----a-w- c:\windows\system32\deployJava1.dll

.

<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-03-28 26112]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-24 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 68856]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\Helma\Menu Start\Programma's\Opstarten\Takkie

Thumbs.db [2003-5-30 13312]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]

R3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys [x]

R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]

R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]

R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]

R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]

R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]

R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]

R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-19 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-19 243024]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-19 308136]

S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

S3 V0010bVd;Creative WebCam Vista 36758DA8675F058C82E216D342F8F8EC4E36DE135C50FAF256BED1FE;c:\windows\system32\DRIVERS\V0010bVd.sys [2003-04-21 186551]

.

Inhoud van de 'Gedeelde Taken' map

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:50]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:50]

2010-09-30 c:\windows\Tasks\User_Feed_Synchronization-{B0910462-20B3-4813-AE06-73341881A8D9}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.startpagina.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = proxy:8080

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxps://asp.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-09-30 09:27

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1606980848-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2256)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\windows\system32\ConnAPI.DLL

c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\msi.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2010-09-30 09:38:46 - machine werd herstart

ComboFix-quarantined-files.txt 2010-09-30 07:38

ComboFix2.txt 2010-09-30 06:54

ComboFix3.txt 2010-09-30 05:38

Pre-Run: 19.272.949.760 bytes beschikbaar

Post-Run: 19.264.344.064 bytes beschikbaar

- - End Of File - - 89B4F7F00B34ABCCEBB6FC7C96653A5E

Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen

×
×
  • Nieuwe aanmaken...