Problemen na verwijderen virus csrss.exe

[supernikje]

Hallo,

Ik zit hier even met m'n handen in het haar.

Mijn anti-virus had volgend virus gevonden ; csrss.exe. Ik verwijderde deze en m'n pc startte nt meer op, zelfs niet in veilige modus.

Door op een F-toets te drukken ben ik uiteindelijk in het systeemherstel geraakt, zo heb ik kunnen opstarten via de herstelpartitie. Ik had keuze tussen een volledige of gedeeltelijk herstel. Bij het eerste zouden al m'n bestanden verloren gaan, dus heb ik voor de gedeeltelijke gekozen.

m'n pc start nu opnieuw, maar kan bv gn word of powerpoint meer starten, krijg het bericht deze actie is alleen geldig voor producten die momenteel zijn geïnstalleerd.

Ik heb geen software om office opnieuw te installeren, office was al geïnstalleerd op m'n pc bij aankoop (of vanaf harde schijf herinner het me nt).

Hoe kan ik office opniuew aan het werk krijgen.

Ik had ook een gratische versie van Nero, dit opent ook niet meer waar zou ik dat kunnen vinden?

Ik heb avira, spybot, ad-aware,cw-schredder,IObit Security 360 en HiJackThis geïnstalleerd. Avira vindt terug een virus A0000690.exe, ik durf het nt meer te verwijderen bang dat hij weer gaat craschen... Hoe en in welke volgorde ga ik best te werk?

Ik heb een Spirit 3000 en werk met windows XP sp2.

Alvast bedankt...

Dit krijg ik als log na het scannen met IObit Security 360

IObit Security 360

OS:Windows XP

Versie:1.6.0.2

Define Versie:2408

Verstreken Tijd:00:22:27

Objecten Gescand:51301

Bedreigingen gevonden:31

|Naam|Type|Beschrijving|ID|

Tracking Cookies, Cookies, Cookie:owner@advertising.com/, 7-12

Tracking Cookies, Cookies, Cookie:owner@imrworldwide.com/cgi-bin, 7-1507

Tracking Cookies, Cookies, Cookie:owner@com.com/, 7-9

Tracking Cookies, Cookies, Cookie:owner@bs.serving-sys.com/, 7-1515

Tracking Cookies, Cookies, Cookie:owner@free-av.com/, 7-2181

Tracking Cookies, Cookies, Cookie:owner@server.iad.liveperson.net/, 7-1565

Tracking Cookies, Cookies, Cookie:owner@www.fixya.com/, 7-2258

Tracking Cookies, Cookies, Cookie:owner@statcounter.com/, 7-1543

Tracking Cookies, Cookies, Cookie:owner@specificclick.net/, 7-1521

Tracking Cookies, Cookies, Cookie:owner@www.addfreestats.com/cgi-bin, 7-1838

Tracking Cookies, Cookies, Cookie:owner@apmebf.com/, 7-1643

Tracking Cookies, Cookies, Cookie:owner@fastclick.net/, 7-1401

Tracking Cookies, Cookies, Cookie:owner@xiti.com/, 7-2256

Tracking Cookies, Cookies, Cookie:owner@revsci.net/, 7-1556

Tracking Cookies, Cookies, Cookie:owner@quantserve.com/, 7-2072

Tracking Cookies, Cookies, Cookie:owner@atdmt.com/, 7-1541

Tracking Cookies, Cookies, Cookie:owner@pointroll.com/, 7-2045

Tracking Cookies, Cookies, Cookie:owner@insightexpressai.com/, 7-1899

Tracking Cookies, Cookies, Cookie:owner@fixya.com/, 7-2258

Tracking Cookies, Cookies, Cookie:owner@trafficmp.com/, 7-21

Tracking Cookies, Cookies, Cookie:owner@ads.pointroll.com/, 7-13

Tracking Cookies, Cookies, Cookie:owner@www.free-av.com/, 7-2181

Tracking Cookies, Cookies, Cookie:owner@m.webtrends.com/, 7-2219

Tracking Cookies, Cookies, Cookie:owner@smartadserver.com/, 7-1608

Tracking Cookies, Cookies, Cookie:owner@stat.onestat.com/, 7-1544

Tracking Cookies, Cookies, Cookie:owner@doubleclick.net/, 7-1379

Tracking Cookies, Cookies, Cookie:owner@serving-sys.com/, 7-1515

Tracking Cookies, Cookies, Cookie:owner@did-it.com/, 7-1776

Trojan.Win32/Agent, File, C:\WINDOWS\system32\sw20.exe, 4-12828

Trojan.Win32/Agent, File, C:\WINDOWS\system32\winsys.exe, 4-14343

Trojan.Win32/Agent, File, C:\WINDOWS\system32\winsys2.exe, 4-14344

---------- Post toegevoegd om 14:53 ---------- Vorige post was om 14:41 ----------

Dit is de log na het scannen met HiJackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:52:12, on 30/01/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\WINDOWS\system32\msdtc.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296343290093

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296343282984

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6033 bytes

---------- Post toegevoegd om 15:00 ---------- Vorige post was om 14:53 ----------

Wat ik voordien al had en nu ook opnieuw is dat ik Flash Player regelmatig terug moe(s)t installeren

30 januari 2011 aangepast door supernikje

[supernikje]

deze log na ad-aware

Logfile created: 30/01/2011 14:47:56

Ad-Aware version: 9.0.1

Extended engine: 3

Extended engine version: 3.1.2770

User performing scan: Owner

*********************** Definitions database information ***********************

Lavasoft definition file: 150.257

Genotype definition file version: 2011/01/27 17:00:29

Extended engine definition file: 8242.0

******************************** Scan results: *********************************

Scan profile name: Slim. scan (ID: smart)

Objects scanned: 16494

Objects detected: 15

Type Detected

==========================

Processes.......: 0

Registry entries: 0

Hostfile entries: 0

Files...........: 0

Folders.........: 0

LSPs............: 0

Cookies.........: 15

Browser hijacks.: 0

MRU objects.....: 0

Removed items:

Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0

Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0

Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0

Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0

Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0

Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0

Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0

Description: *stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408967 Family ID: 0

Description: stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409125 Family ID: 0

Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0

Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0

Scan and cleaning complete: Finished correctly after 1969 seconds

*********************************** Settings ***********************************

Scan profile:

ID: smart, enabled:1, value: Slim. scan

ID: folderstoscan, enabled:1, value:

ID: useantivirus, enabled:1, value: true

ID: sections, enabled:1

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: false

ID: scanhostsfile, enabled:1, value: false

ID: scanmru, enabled:1, value: false

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: filescanningoptions, enabled:1

ID: archives, enabled:1, value: false

ID: onlyexecutables, enabled:1, value: true

ID: skiplargerthan, enabled:1, value: 20480

ID: scanrootkits, enabled:1, value: true

ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict

ID: usespywareheuristics, enabled:1, value: true

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:

<Empty>

Update settings:

ID: updates, enabled:1

ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently

ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: schedules, enabled:1, value: true

ID: updatedaily1, enabled:1, value: Daily 1

ID: time, enabled:1, value: Sat Jan 29 23:30:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily2, enabled:1, value: Daily 2

ID: time, enabled:1, value: Sat Jan 29 05:30:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily3, enabled:1, value: Daily 3

ID: time, enabled:1, value: Sat Jan 29 11:30:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily4, enabled:1, value: Daily 4

ID: time, enabled:1, value: Sat Jan 29 17:30:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updateweekly1, enabled:1, value: Weekly

ID: time, enabled:1, value: Sat Jan 29 23:30:00 2011

ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: true

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: true

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:

ID: appearance, enabled:1

ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource

ID: showtrayicon, enabled:1, value: true

ID: autoentertainmentmode, enabled:1, value: true

ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple

ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:

ID: realtime, enabled:1

ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

ID: layers, enabled:1

ID: useantivirus, enabled:1, value: true

ID: usespywareheuristics, enabled:1, value: true

ID: maintainbackup, enabled:1, value: true

ID: modules, enabled:1

ID: processprotection, enabled:1, value: true

ID: onaccessprotection, enabled:1, value: false

ID: registryprotection, enabled:1, value: true

ID: networkprotection, enabled:1, value: true

****************************** System information ******************************

Computer name: ANGELS

Processor name: AMD Sempron 3000+

Processor identifier: x86 Family 6 Model 10 Stepping 0

Processor speed: ~1992MHZ

Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 2560, number of processors 1, processor features: [MMX,SSE,3DNow]

Physical memory available: 776687616 bytes

Physical memory total: 1610072064 bytes

Virtual memory available: 1856925696 bytes

Virtual memory total: 2147352576 bytes

Memory load: 51%

Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Windows startup mode:

Running processes:

PID: 716 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 800 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 836 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY

PID: 880 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY

PID: 892 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1052 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1112 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY

PID: 1256 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1336 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY

PID: 1476 name: C:\WINDOWS\system32\svchost.exe owner: Lokale service domain: NT AUTHORITY

PID: 1800 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1872 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1912 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2028 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY

PID: 156 name: C:\Program Files\IObit\IObit Security 360\IS360srv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 212 name: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT AUTHORITY

PID: 524 name: C:\WINDOWS\Explorer.EXE owner: Owner domain: ANGELS

PID: 1228 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1676 name: C:\WINDOWS\SOUNDMAN.EXE owner: Owner domain: ANGELS

PID: 1696 name: C:\WINDOWS\system32\VTTimer.exe owner: Owner domain: ANGELS

PID: 1712 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Owner domain: ANGELS

PID: 1904 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Owner domain: ANGELS

PID: 144 name: C:\WINDOWS\system32\ctfmon.exe owner: Owner domain: ANGELS

PID: 1504 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Owner domain: ANGELS

PID: 1332 name: C:\Program Files\Hercules\WiFi Station\WiFiStation.exe owner: Owner domain: ANGELS

PID: 2176 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2352 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2576 name: C:\WINDOWS\System32\alg.exe owner: Lokale service domain: NT AUTHORITY

PID: 4012 name: C:\WINDOWS\system32\wuauclt.exe owner: Owner domain: ANGELS

PID: 1016 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Owner domain: ANGELS

PID: 1488 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Owner domain: ANGELS

PID: 1148 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Owner domain: ANGELS

PID: 2224 name: C:\Program Files\Avira\AntiVir Desktop\avscan.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2496 name: C:\Program Files\Avira\AntiVir Desktop\avscan.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2672 name: C:\WINDOWS\System32\vssvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2092 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3824 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3848 name: C:\Program Files\IObit\IObit Security 360\is360.exe owner: Owner domain: ANGELS

PID: 1188 name: C:\WINDOWS\system32\msdtc.exe owner: Netwerkservice domain: NT AUTHORITY

PID: 3588 name: C:\Program Files\IObit\IObit Security 360\IS360tray.exe owner: Owner domain: ANGELS

PID: 3544 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Owner domain: ANGELS

PID: 3636 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Owner domain: ANGELS

Startup items:

Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}

imagepath: Preloader van browseui

Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}

imagepath: Cache-daemon voor onderdeelcategorieën

Name: PostBootReminder

imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}

Name: CDBurn

imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}

Name: WebCheck

imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Name: SysTray

imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}

Name: SoundMan

imagepath: SOUNDMAN.EXE

Name: VTTimer

imagepath: VTTimer.exe

Name: avgnt

imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

Name: NvCplDaemon

imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Name: nwiz

imagepath: nwiz.exe /install

Name: WinSys2

imagepath: C:\WINDOWS\system32\winsys2.exe

Name: NvMediaCenter

imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Name: CTFMON.EXE

imagepath: C:\WINDOWS\system32\CTFMON.EXE

Name:

imagepath: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini

Name:

location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE

Name:

location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WiFi Station.lnk

imagepath: C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

Name:

imagepath: C:\WINDOWS\system32\config\systemprofile\Menu Start\Programma's\Opstarten\desktop.ini

Bootexecute items:

Name:

imagepath: autocheck autochk *

Name:

imagepath: lsdelete

Running services:

Name: ALG

displayname: Application Layer Gateway-service

Name: AntiVirSchedulerService

displayname: Avira AntiVir Scheduler

Name: AntiVirService

displayname: Avira AntiVir Guard

Name: AudioSrv

displayname: Windows Audio

Name: COMSysApp

displayname: COM+-systeemtoepassing

Name: CryptSvc

displayname: Services voor cryptografie

Name: DcomLaunch

displayname: DCOM Server Process Launcher

Name: Dhcp

displayname: DHCP Client

Name: Dnscache

displayname: DNS Client

Name: ERSvc

displayname: Service voor het rapporteren van fouten

Name: Eventlog

displayname: Event Log

Name: EventSystem

displayname: COM+-gebeurtenissysteem

Name: FastUserSwitchingCompatibility

displayname: Compatibiliteit voor Snelle gebruikerswisseling

Name: helpsvc

displayname: Help en ondersteuning

Name: IS360service

displayname: IS360service

Name: lanmanserver

displayname: Server

Name: lanmanworkstation

displayname: Workstation

Name: Lavasoft Ad-Aware Service

displayname: Lavasoft Ad-Aware Service

Name: LmHosts

displayname: TCP/IP NetBIOS Helper

Name: MSDTC

displayname: Distributed Transaction Coordinator

Name: Netman

displayname: Network Connections

Name: Nla

displayname: Network Location Awareness (NLA)

Name: NVSvc

displayname: NVIDIA Display Driver Service

Name: PlugPlay

displayname: Plug and Play

Name: PolicyAgent

displayname: IPSEC-services

Name: ProtectedStorage

displayname: Protected Storage

Name: RasMan

displayname: Verbindingsbeheer voor RAS

Name: RpcSs

displayname: Remote Procedure Call (RPC)

Name: SamSs

displayname: Security Accounts Manager

Name: Schedule

displayname: Task Scheduler

Name: seclogon

displayname: Secondary Logon

Name: SENS

displayname: System Event Notification

Name: SharedAccess

displayname: Windows Firewall (WF) / Internet-verbinding delen (ICS)

Name: ShellHWDetection

displayname: Shell Hardware Detection

Name: Spooler

displayname: Print Spooler

Name: srservice

displayname: System Restore-service

Name: SSDPSRV

displayname: SSDP Discovery-service

Name: SwPrv

displayname: MS Software Shadow Copy Provider

Name: TapiSrv

displayname: Telephony

Name: TermService

displayname: Terminal Services

Name: Themes

displayname: Thema's

Name: TrkWks

displayname: Distributed Link Tracking Client

Name: VSS

displayname: Volume Shadow Copy

Name: W32Time

displayname: Windows Time

Name: WebClient

displayname: WebClient

Name: winmgmt

displayname: Windows Management Instrumentation

Name: wscsvc

displayname: Security Center

Name: wuauserv

displayname: Automatic Updates

Name: WZCSVC

displayname: Wireless Zero Configuration-service

[supernikje]

Kan aan Nero en office nog geraken in het slechtste geval, maar maak mij nu meer zorgen over de virussen die er nog opstaan.

Ben bang als ik die verwijder dat ik terug niet meer kan opstarten en weer alles moet installeren ((

Ben al hele dag bezig...

Weet iemand hoe ik op een veilige manier de gevonden virussen kan verwijderen.

IObit vond alleszins nog Trojaanse, Avira is aan het scannen en zal seffens log posten...

---------- Post toegevoegd om 17:04 ---------- Vorige post was om 16:56 ----------

Avira AntiVir Personal

Report file date: zondag 30 januari 2011 15:34

Scanning for 2435637 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : ANGELS

Version information:

BUILD.DAT : 10.0.0.609 31824 Bytes 13/12/2010 09:43:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 13/12/2010 07:39:56

AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 11:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 13/12/2010 07:40:06

LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 08:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 21:08:34

VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 21:08:34

VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 21:08:35

VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 21:08:35

VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 21:08:35

VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 21:08:35

VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 21:08:35

VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 21:08:35

VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 21:08:35

VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 21:08:35

VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 21:08:35

VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 21:08:35

VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 21:08:36

VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 21:08:37

VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 21:08:37

VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 21:08:38

VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 21:08:38

VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 21:08:39

VBASE019.VDF : 7.11.1.5 148480 Bytes 3/01/2011 21:08:39

VBASE020.VDF : 7.11.1.37 156672 Bytes 7/01/2011 21:08:40

VBASE021.VDF : 7.11.1.65 140800 Bytes 10/01/2011 21:08:40

VBASE022.VDF : 7.11.1.87 225280 Bytes 11/01/2011 21:08:41

VBASE023.VDF : 7.11.1.124 125440 Bytes 14/01/2011 21:08:42

VBASE024.VDF : 7.11.1.155 132096 Bytes 17/01/2011 21:08:42

VBASE025.VDF : 7.11.1.189 451072 Bytes 20/01/2011 21:08:44

VBASE026.VDF : 7.11.1.230 138752 Bytes 24/01/2011 21:08:45

VBASE027.VDF : 7.11.2.12 164352 Bytes 27/01/2011 21:08:46

VBASE028.VDF : 7.11.2.13 2048 Bytes 27/01/2011 21:08:46

VBASE029.VDF : 7.11.2.14 2048 Bytes 27/01/2011 21:08:46

VBASE030.VDF : 7.11.2.15 2048 Bytes 27/01/2011 21:08:46

VBASE031.VDF : 7.11.2.31 71168 Bytes 28/01/2011 21:08:47

Engineversion : 8.2.4.150

AEVDF.DLL : 8.1.2.1 106868 Bytes 13/12/2010 07:39:51

AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 29/01/2011 21:08:59

AESCN.DLL : 8.1.7.2 127349 Bytes 13/12/2010 07:39:50

AESBX.DLL : 8.1.3.2 254324 Bytes 13/12/2010 07:39:50

AERDL.DLL : 8.1.9.2 635252 Bytes 13/12/2010 07:39:50

AEPACK.DLL : 8.2.4.8 512374 Bytes 29/01/2011 21:08:58

AEOFFICE.DLL : 8.1.1.15 205178 Bytes 29/01/2011 21:08:57

AEHEUR.DLL : 8.1.2.68 3178870 Bytes 29/01/2011 21:08:56

AEHELP.DLL : 8.1.16.0 246136 Bytes 13/12/2010 07:39:42

AEGEN.DLL : 8.1.5.2 397683 Bytes 29/01/2011 21:08:52

AEEMU.DLL : 8.1.3.0 393589 Bytes 13/12/2010 07:39:42

AECORE.DLL : 8.1.19.2 196983 Bytes 29/01/2011 21:08:50

AEBB.DLL : 8.1.1.0 53618 Bytes 13/12/2010 07:39:41

AVWINLL.DLL : 10.0.0.0 19304 Bytes 13/12/2010 07:39:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 13/12/2010 07:39:54

AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 13/12/2010 07:39:54

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 13/12/2010 07:39:56

AVARKT.DLL : 10.0.22.6 231784 Bytes 13/12/2010 07:39:52

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13/12/2010 07:39:53

SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 13/12/2010 07:39:56

NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 13/12/2010 07:40:20

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: zondag 30 januari 2011 15:34

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'rsmsink.exe' - '33' Module(s) have been scanned

Scan process 'iexplore.exe' - '99' Module(s) have been scanned

Scan process 'iexplore.exe' - '93' Module(s) have been scanned

Scan process 'iexplore.exe' - '70' Module(s) have been scanned

Scan process 'msdtc.exe' - '46' Module(s) have been scanned

Scan process 'dllhost.exe' - '65' Module(s) have been scanned

Scan process 'dllhost.exe' - '51' Module(s) have been scanned

Scan process 'vssvc.exe' - '54' Module(s) have been scanned

Scan process 'avscan.exe' - '73' Module(s) have been scanned

Scan process 'avcenter.exe' - '65' Module(s) have been scanned

Scan process 'AAWTray.exe' - '26' Module(s) have been scanned

Scan process 'wuauclt.exe' - '40' Module(s) have been scanned

Scan process 'alg.exe' - '38' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '48' Module(s) have been scanned

Scan process 'unsecapp.exe' - '42' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '45' Module(s) have been scanned

Scan process 'avshadow.exe' - '30' Module(s) have been scanned

Scan process 'IS360srv.exe' - '39' Module(s) have been scanned

Scan process 'avguard.exe' - '55' Module(s) have been scanned

Scan process 'WiFiStation.exe' - '48' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '43' Module(s) have been scanned

Scan process 'msmsgs.exe' - '71' Module(s) have been scanned

Scan process 'ctfmon.exe' - '32' Module(s) have been scanned

Scan process 'cfp.exe' - '67' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '37' Module(s) have been scanned

Scan process 'avgnt.exe' - '53' Module(s) have been scanned

Scan process 'VTTimer.exe' - '24' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '36' Module(s) have been scanned

Scan process 'sched.exe' - '50' Module(s) have been scanned

Scan process 'spoolsv.exe' - '56' Module(s) have been scanned

Scan process 'AAWService.exe' - '100' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'Explorer.EXE' - '108' Module(s) have been scanned

Scan process 'svchost.exe' - '36' Module(s) have been scanned

Scan process 'svchost.exe' - '161' Module(s) have been scanned

Scan process 'cmdagent.exe' - '83' Module(s) have been scanned

Scan process 'svchost.exe' - '44' Module(s) have been scanned

Scan process 'svchost.exe' - '56' Module(s) have been scanned

Scan process 'lsass.exe' - '64' Module(s) have been scanned

Scan process 'services.exe' - '42' Module(s) have been scanned

Scan process 'winlogon.exe' - '70' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '335' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Program Files\Games\need for speed\NFSHP2\CRACK.ACE

[0] Archive type: ACE

--> NFSHP2.exe

[WARNING] Insufficient memory. The file was not scanned.

[WARNING] Insufficient memory. The file was not scanned.

C:\Program Files\Games\need for speed\NFSHP2\NFSHP2.ACE

[0] Archive type: ACE

--> actors\ActorDef\3DBack3.adf

[WARNING] Insufficient memory. The file was not scanned.

C:\System Volume Information\_restore{BA9855FB-FB1D-4E9D-BBD5-9602BC89D4C3}\RP2\A0000690.exe

[DETECTION] Is the TR/Kazy.9765.8 Trojan

Beginning disinfection:

C:\System Volume Information\_restore{BA9855FB-FB1D-4E9D-BBD5-9602BC89D4C3}\RP2\A0000690.exe

[DETECTION] Is the TR/Kazy.9765.8 Trojan

[WARNING] The file was ignored!

End of the scan: zondag 30 januari 2011 17:02

Used time: 1:26:01 Hour(s)

The scan has been done completely.

5537 Scanned directories

186367 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

186366 Files not concerned

6477 Archives were scanned

4 Warnings

0 Notes

200586 Objects were scanned with rootkit scan

0 Hidden objects were found

[kweezie wabbit]

Je bent erop een of ander manier in geslaagd om je pc gedeeltekijk terug te zetten naar de fabrieksinstellingen.

Het log van hijackthis ziet er netjes uit.

Wil je onderstaande ook nog uitvoeren.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht

[supernikje]

Kweezie,

Bedankt voor je uitleg...

Ik had mijn bericht ook op een ander forum geplaatst waar me hetzelfde aangeraden werd.

Weliswaar niet zo mooi stap voor stap uitgelegd als jij dat doet , maar ik heb gisteren dus al een volledige scan uitgevoerd waarna me gevraagd werd om terug op te starten en gelukkig deed m'n PC het nog. Ben nu nog even een snelle scan aan het uitvoeren (denk later nog eens een volledige), ik post eerst m'n log na de volledige scan van gisteren en als deze scan rond is post ik die log ook nog.

Amaï 'k heb dus wel geluk gehad dat er nog wat te redden viel van m'n PC .

Nogmaals bedankt !!!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversie: 5640

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

30/01/2011 21:28:25

mbam-log-2011-01-30 (21-28-25).txt

Scantype: Volledige scan (C:\|)

Objecten gescand: 200074

Verstreken tijd: 1 uur/uren, 12 minuut/minuten, 7 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 7

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP2\A0000690.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002018.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002021.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.

c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002022.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.

c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002023.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.

[supernikje]

Na de volledige scan

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversie: 5649

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

31/01/2011 20:16:41

mbam-log-2011-01-31 (20-16-41).txt

Scantype: Volledige scan (C:\|)

Objecten gescand: 196781

Verstreken tijd: 1 uur/uren, 19 minuut/minuten, 26 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

:adore:

[kape]

Dat ziet er dus prima uit ... zijn er nog merkbare problemen ?

[supernikje]

Momenteel precies niet meer. De Flash Player heb ik sindsdien ook niet meer moeten herïnstalleren, al was dat voordien ook niet elke dag dus effen afwachten. Alvast bedant!

[kweezie wabbit]

Je mag nu niet vergeten om de windows updates nog te installeren en dan vooral het SP3.

[supernikje]

Je mag nu niet vergeten om de windows updates nog te installeren en dan vooral het SP3.

Ach oké ; m'n PC had de update al gedownload maar wist niet zeker of ik hem zou installeren, ga dat nu zeker doen.

Thanks !