Ga naar inhoud

trage pc

agie

Door agie
in Archief Internet & Netwerk

 Delen

Aanbevolen berichten

agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst:

Ik denk dat er iets niet helamaal goed is gegaan!!

Ik het het CFScript.txt naar Combofix gesleept en het proces gestart.

Na het weer opstarten kreeg ik de melding dat er een probleem was met het opstarten en een opstartherstel werd aanbevolen en naar een eerder punt teruggezet en omdat ik dacht dat het bij het uitvoeren van Combofix hoorde heb ik dat toegestaan.

Maar ik ben nu 'terug naar af' denk ik , er zijn weer programma's zoals Malware -ASC-terug herstelt .

De Combofix.txt kan ik niet terugvinden en heb dus alleen het Hijack-logbestand waar,zover ik kan zien, weer de zelfde dingen die al een keer verwijderd zijn, weer teug zijn geinstaleerd.Wat jammer nu,wat nu te doen? Een kwestie van volhouden?

Hieronder nog het laatste Hijacklog:

ogfile of Trend Micro HijackThis v2.0.4

Scan saved at 0:07:14, on 25-3-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = MSN.com

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272387255067

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293400404301

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

--

End of file - 7364 bytes

Link naar reactie
Delen op andere sites
  • Reacties 62
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dat is vreemd ? Zou normaal probleemloos moeten verlopen. Maar goed ... dan beginnen we er opnieuw aan :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download daarna opnieuw Combofix naar je bureaublad.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Application Updater"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Application Updater"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "AVG Security Toolbar Service"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "AVG Security Toolbar Service"

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.7.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

Klik op 'Fix checked' om de items te verwijderen.

Laat dan Combofix opnieuw scannen en hang het logje, samen met een actueel log van HijackThis, in je volgende bericht. En dan kijken we weer verder.

Link naar reactie
Delen op andere sites
agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Het verwijderen van CombFix met start/uitvoeren lukte niet en heb het programma zelf verwijderd[ prullenbak].

Ik kreeg een melding dat de geldigheidsduur van ComboFix was verlopen, dus is dat misschien de reden dat het me gisteren allemaal niet lukte ?

Hieronder de actuele logs van Hijack en ComboFix:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:35:28, on 25-3-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\System32\mobsync.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272387255067

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293400404301

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

--

End of file - 6307 bytes

omboFix 11-03-24.06 - riekie 25-03-2011 15:50:26.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1015.341 [GMT 1:00]

Gestart vanuit: c:\users\riekie\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))

.

.

2011-03-25 15:05 . 2011-03-25 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-22 16:00 . 2011-03-22 16:00 -------- d-----w- C:\$RECYCLE(2).BIN

2011-03-18 23:42 . 2011-03-18 23:52 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-03-18 23:42 . 2011-03-18 23:53 -------- d-----w- c:\program files\Symantec

2011-03-18 23:40 . 2011-03-19 15:03 -------- d-----w- c:\windows\system32\drivers\NAV

2011-03-18 23:40 . 2011-03-18 23:40 -------- d-----w- c:\program files\Norton AntiVirus

2011-03-18 23:40 . 2011-03-18 23:45 -------- d-----w- c:\programdata\Norton

2011-03-18 23:36 . 2011-03-18 23:36 -------- d-----w- c:\program files\NortonInstaller

2011-03-18 23:31 . 2011-03-24 22:38 -------- d-----w- c:\programdata\AVG Security Toolbar

2011-03-18 23:11 . 2011-03-18 23:11 -------- d-----w- c:\users\riekie\AppData\Roaming\Download Manager

2011-03-18 22:50 . 2011-03-18 22:50 -------- d-----w- c:\programdata\Preventon

2011-03-14 19:10 . 2011-03-14 19:10 388096 ----a-r- c:\users\riekie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-14 19:10 . 2011-03-24 22:38 -------- d-----w- c:\program files\Trend Micro

2011-03-09 15:47 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 15:47 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 15:47 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 15:47 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-03-09 15:46 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 15:46 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-03-08 15:17 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23AB8B9B-9C99-49DF-915C-003290BD8B4F}\mpengine.dll

2011-03-04 17:02 . 2011-03-04 17:02 -------- d-----w- c:\program files\Belastingdienst

2011-03-04 16:48 . 2011-03-04 16:48 -------- d-----w- c:\users\riekie\AppData\Local\FixItCenter

2011-03-04 16:43 . 2011-03-04 16:43 -------- d-----w- c:\windows\MATS

2011-02-25 21:28 . 2011-03-04 16:43 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-02-23 20:37 . 2011-02-23 20:37 -------- d-----w- c:\users\riekie\AppData\Local\Sunbelt Software

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-17 14:55 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-02 20:40 . 2010-04-28 17:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 16:11 . 2009-10-03 13:40 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:37 . 2011-02-17 15:35 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-17 15:35 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-17 15:35 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-17 15:35 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-17 15:35 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:08 . 2011-02-17 15:35 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:07 . 2011-02-17 15:35 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-17 15:35 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-17 15:35 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-17 15:35 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-17 15:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-17 15:35 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 16:04 . 2011-02-17 15:35 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 14:28 . 2011-02-17 15:35 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-17 15:35 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-17 15:35 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-17 15:35 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-17 15:35 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-20 14:24 . 2011-02-17 15:35 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-17 15:35 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-17 15:35 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-17 15:35 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:14 . 2011-02-17 15:35 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:12 . 2011-02-17 15:35 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-17 15:35 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-17 15:35 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-20 13:44 . 2011-02-17 15:35 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-01-20 13:44 . 2011-02-17 15:35 797184 ----a-w- c:\windows\system32\FntCache.dll

2011-01-08 08:47 . 2011-02-17 15:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-08 06:28 . 2011-02-17 15:24 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:57 . 2011-02-17 15:50 2039808 ----a-w- c:\windows\system32\win32k.sys

2010-12-28 15:55 . 2011-01-12 16:27 413696 ----a-w- c:\windows\system32\odbc32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-03-01 126976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]

backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-04-03 16:00 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeApp]

2011-01-02 11:30 814496 ----a-w- c:\program files\FreeApps\FreeApps.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2011-03-01 16:33 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-06-18 19:01 166424 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2007-05-24 11:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 13:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-06-18 19:01 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN]

2008-06-06 15:08 198184 ----a-w- c:\program files\KPN\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPNAssistentUpdater]

2010-12-22 14:49 1964928 ----a-w- c:\program files\KPN\KPN Update\KPNAssistentUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-06-18 19:01 133656 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]

2008-02-22 02:25 54672 ----a-w- c:\windows\System32\jureg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]

2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1753990348-677674000-2389129793-1000]

"EnableNotificationsRef"=dword:00000001

.

R1 ctredrv.sys;ctredrv.sys;c:\windows\system32\drivers\ctredrv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 DUMeterSvc;DU Meter Service; [x]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 136176]

R2 SPAMfighter Update Service;SPAMfighter Update Service; [x]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]

R3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\Hitman Pro\hitmanpro2.sys [x]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-03-09 800376]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110324.001\IDSvix86.sys [2010-11-09 353912]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]

S2 iprip;RIP-listener;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]

S2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [2008-06-06 202016]

S3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2007-05-11 357376]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - ERASERUTILDRVI10

*Deregistered* - EraserUtilDrvI10

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

ipripsvc REG_MULTI_SZ iprip

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:06]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 16:06]

.

2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{522C3C04-2DFD-4007-AE2B-05A1BC1F3F9A}.job

- c:\windows\system32\msfeedssync.exe [2011-02-17 04:47]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/webhp?sourceid=navclient&hl=nl&ie=UTF-8&rlz=1T4HPEA_nlNL315NL315

mStart Page = hxxp://www.msn.com

uSearchAssistant = hxxp://www.google.com/ie

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-25 16:05

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

Voltooingstijd: 2011-03-25 16:12:11

ComboFix-quarantined-files.txt 2011-03-25 15:12

ComboFix2.txt 2011-03-25 13:38

ComboFix3.txt 2011-03-20 21:25

.

Pre-Run: 97.594.298.368 bytes beschikbaar

Post-Run: 97.554.100.224 bytes beschikbaar

.

- - End Of File - - FFB8B847D0CDE36ACD00924441BB7FB7

aangepast door agie
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\Hitman Pro\hitmanpro2.sys

c:\windows\system32\DRIVERS\AVGIDSDriver.Sys

c:\windows\system32\DRIVERS\AVGIDSEH.Sys

c:\windows\system32\DRIVERS\AVGIDSFilter.Sys

c:\windows\system32\DRIVERS\AVGIDSShim.Sys

c:\windows\system32\DRIVERS\avgfwd6x.sys

Folder::

c:\programdata\AVG Security Toolbar

Registry::

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

Driver::

hitmanpro2

AVGIDSDriver

AVGIDSEH

AVGIDSFilter

AVGIDSShim

Avgfwfd

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Toch alweer hetzefde probleem!

Het CFScript.txt naar ComboFix gesleept waardoor het programma inderdaad zelf opstart.

[Hijack voer ik uit als administrator , had ik dit in de 'veilige modus'misschien moeten doen en geld dit ook voor ComboFix?]

Maar aan het eind wanneer de pc opnieuw opstart, krijg ik weer de keuze tot een "opstart systeem herstel'',of 'normaal opstarten'.

Deze keer gekozen voor 'normaal opstarten' omdat vorige keer 'opstartherstel' problemen gaf.

Maar na 4 keer 'normaalopstarten' toch 'opstartherstel'aangeklikt, wat weer dezelfde problemen gaf.

Door esc.bootmenu kon ik gelukkig nog opstarten.

Maar alles is weer zoals vanouds! [ Zie log van Hijack hieronder ]

Wat nu?

ogfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:53:05, on 25-3-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = MSN.com

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272387255067

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293400404301

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

--

End of file - 6532 bytes

aangepast door agie
Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Voer dan onderstaande uit in veilige modus.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "AVG Security Toolbar Service"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "AVG Security Toolbar Service"

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\Hitman Pro\hitmanpro2.sys

c:\windows\system32\DRIVERS\AVGIDSDriver.Sys

c:\windows\system32\DRIVERS\AVGIDSEH.Sys

c:\windows\system32\DRIVERS\AVGIDSFilter.Sys

c:\windows\system32\DRIVERS\AVGIDSShim.Sys

c:\windows\system32\DRIVERS\avgfwd6x.sys

Folder::

c:\programdata\AVG Security Toolbar

Registry::

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

Driver::

hitmanpro2

AVGIDSDriver

AVGIDSEH

AVGIDSFilter

AVGIDSShim

Avgfwfd

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw Hijackthis logje.

Link naar reactie
Delen op andere sites
agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Na het uitvoeren van de zoekopdracht een Hijack scan gedaan en kon niet op het log, de door u aangeven :

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

terugvinden en dus ook niet verwijderen [zie hieronder het Hijacklog].

Is het dan verder nog nodig om een CFscript te maken en dit met ComboFix te openen daar dit voorgaande keren moeilijkheden gaf?

ogfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:47:30, on 26-3-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272387255067

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293400404301

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe

O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe

--

End of file - 6229 bytes

aangepast door agie
Link naar reactie
Delen op andere sites
agie Mentor

agie

Geplaatst:
  • Auteur
Geplaatst:

Gelukt!

omboFix 11-03-26.02 - riekie 27-03-2011 22:41:00.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1015.337 [GMT 2:00]

Gestart vanuit: C:\Users\riekie\Desktop\ComboFix.exe

gebruikte Opdracht switches :: C:\Users\riekie\Documents\CFScript.txt..txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\program files\Hitman Pro\hitmanpro2.sys"

"c:\windows\system32\DRIVERS\avgfwd6x.sys"

"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"

"c:\windows\system32\DRIVERS\AVGIDSEH.Sys"

"c:\windows\system32\DRIVERS\AVGIDSFilter.Sys"

"c:\windows\system32\DRIVERS\AVGIDSShim.Sys"

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.