Backdoor win32 cycbot

walapa

25-01-2011 23:06

Hallo,
Windows defender geeft de volgende virusmelding: Backdoor win32 cycbot. Deze melding blijft terugkomen. En als ik internet opstart krijg ik de melding dat er verbindingsproblemen zijn en moet ik LAN instellingen wijzigen om weer verbinding te krijgen. (met mijn laptop heb ik dit probleem niet) Ik heb alle stappen zoals beschreven uitgevoerd. Zie hieronder mijn hijack log.
Groet,
Walapa
==============================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:46:28, on 25-1-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\CNYHKey.exe
C:\Windows\ModLEDKey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Targa VFD Display\Targa VFD Display.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startaid.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57939
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: CNYHKey.exe
O4 - HKLM\..\Run: ModLEDKey.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\TV Enhance\TVEService.exe”
O4 - HKLM\..\Run:
O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU “C:\Windows\TEMP\E_S3265.tmp” /EF “HKCU”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: C:\Users\Nancy\AppData\Roaming\Microsoft\conhost.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Targa VFD Display.lnk = ?
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CheckStage2_svc - Unknown owner - C:\Windows\CheckStage2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
–
End of file - 11192 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4600
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
25-1-2011 21:22:53
mbam-log-2011-01-25 (21-22-53).txt
Scantype: Snelle scan
Objecten gescand: 132565
Verstreken tijd: 9 minuut/minuten, 7 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\users\nancy\appdata\local\temp\csrss.exe -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\Users\Nancy\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
fazantje

26-01-2011 10:11

Hoi Walapa,
Je schreef o.a.:
>>>Ik heb alle stappen zoals beschreven uitgevoerd.<<<
Dat heb je niet gedaan, want jou virusscanner is zeer sterk verouderd.
Update deze.
Is xxx.startaid.com (xxx staat voor www) jou startpagina:S
Verwijder vanuit configuratie scherm - programma's en onderdelen:
AskBarDis en de toolbars, ook die van Vuze
Vertel hoe het met jou probleem is en plaats een nieuw HijackThis logje.
Succes,
Huib;)
walapa

26-01-2011 18:46

Hoi Huib,
Bedankt voor het kijken naar mijn logje. Ik had geen idee dat mijn virusscanner verouderd was, hij gaf de huidige datum als update datum aan. Ik heb in ieder geval nu AVG opnieuw geinstalleerd en voor de zekerheid nogmaals een scan gedaan.
- Startaid is inderdaad mijn startpagina
- Ik kon in programma's en onderdelen van het configuratiescherm geen aparte verwijzing naar AskBarDis vinden maar bij het verwijderen van de Vuze toolbar zag ik wel iets van AskBar voorbij flitsen dus hoop dat het ook tegelijk verwijderd is.
Ik krijg nu geen meldingen meer en internet start ook probleemloos op. Hieronder een nieuw Hijack log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:12, on 26-1-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Nancy\AppData\Local\Temp\csrss.exe
C:\Windows\CNYHKey.exe
C:\Windows\ModLEDKey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Targa VFD Display\Targa VFD Display.exe
C:\Users\Nancy\AppData\Roaming\Microsoft\conhost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Nancy\AppData\Roaming\dwm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe
C:\Windows\system32\cmd.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startaid.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57939
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Nancy\AppData\Local\Temp\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: CNYHKey.exe
O4 - HKLM\..\Run: ModLEDKey.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\TV Enhance\TVEService.exe”
O4 - HKLM\..\Run:
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU “C:\Windows\TEMP\E_S3265.tmp” /EF “HKCU”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: C:\Users\Nancy\AppData\Roaming\Microsoft\conhost.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Targa VFD Display.lnk = ?
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CheckStage2_svc - Unknown owner - C:\Windows\CheckStage2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
–
End of file - 10454 bytes
fazantje

26-01-2011 19:03

Hoi Walapa,
Waarom moeten wij iemand helpen, die ons niet wil helpen door de stappen uit te voeren.
Ik heb het stappenplan toch voor de zekerheid nog eens goed bekeken, en kom tot de conclusie dat het voor iedereen begrijpelijk is.
Jammer:(
Groetjes Huib;)
walapa

26-01-2011 21:38

fazantje Schreef:
——————————————————-
> Hoi Walapa,
>
> Waarom moeten wij iemand helpen, die ons niet wil
> helpen door de stappen uit te voeren.
> Ik heb het stappenplan toch voor de zekerheid nog
> eens goed bekeken, en kom tot de conclusie dat het
> voor iedereen begrijpelijk is.
>
> Jammer:(
>
> Groetjes Huib;)
> http://fazantje.onzestart.nl/user_files/1531.jpg
Hoi Huib,
Dit bericht is voor mij niet duidelijk. Het stappenplan heb ik reeds uitgevoerd en heb daar geen commentaar op dat het niet dudielijk is. Heb ik iets over het hoofd gezien?
groet
Walapa
fazantje

26-01-2011 22:28

Hoi Walapa,
Sorry dat ik nu zo op jou reageer, maar het komt tot vervelens toe voor dat wij iedere keer weer moeten herhalen van update eerst dit, update ook dat.
Terwijl alles duidelijk in het stappenplan staat.
We zijn allemaal vrijwilligers hier en doen dit in onze vrije tijd met veel plezier, maar het plezier moet er natuurlijk wel in blijven.
Begrijpelijk dat de vraagsteller/ster zo snel mogelijk van zijn/haar probleem af wil, maar dat gaat het snelst als de vraagsteller/ster dan ook alle stappen uitvoert, zodat wij direct aan de slag kunnen om de logjes na te kijken en e.v.t. vervolg stappen aan te geven.
Je schreef dat je alle stappen zoals beschreven is had uitgevoerd.
Als 1e, je virusscanner was niet up to date.
In het stappenplan staat:
4. Scan op virussen. Zorg er voor dat de virusscanner van je PC up-to-date is.
Als 2e, MBAM niet ge-update.
In het stappenplan staat:
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, klik daarna op “Voltooien”.
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : “Snelle Scan”, daarna klik op Scan.
Dus ik zou zeggen, we beginnen met een schone lei
Voer de stappen uit, zoals aangegeven en plaats daarna de 2 gevraagde logjes.
http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317
Succes,
Huib;)
walapa

27-01-2011 10:49

Hoi Huib,
Begrijpelijke reactie en dank voor je geduld en je hulp. Ik ben nogmaals goed door het stappenplan gegaan:
AVG virusscanner vond vanochtend de volgende malware:
- c:\windows\checkstage2.exe
- c:\users\nancy\appdata\roaming\microsoft\conhost.exe
Beide momenteel in quarantaine, kunnen die probleemloos verwijderd worden?
Hierbij nieuwe logjes:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:45, on 27-1-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\CNYHKey.exe
C:\Windows\ModLEDKey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Targa VFD Display\Targa VFD Display.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startaid.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57939
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: CNYHKey.exe
O4 - HKLM\..\Run: ModLEDKey.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\TV Enhance\TVEService.exe”
O4 - HKLM\..\Run:
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU “C:\Windows\TEMP\E_S3265.tmp” /EF “HKCU”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Targa VFD Display.lnk = ?
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
–
End of file - 9731 bytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 5616
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
27-1-2011 9:42:45
mbam-log-2011-01-27 (09-42-45).txt
Scantype: Snelle scan
Objecten gescand: 142707
Verstreken tijd: 6 minuut/minuten, 26 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 3
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\Users\Nancy\AppData\Local\Temp\71B8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
fazantje

27-01-2011 11:31

Hoi Walapa,
Download Combofix naar je Bureaublad:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis logje.
Afhankelijk van jou reactie kan het zijn dat ik vanavond pas weer reageer omdat ik zo moet werken.
Succes,
Huib;)
walapa

28-01-2011 17:27

Hoi Huib,
Ik moest AVG verwijderen om Combofix te starten dus die zal ik zsm weer installeren. Bijgaand de nieuwe logjes:
ComboFix 11-01-27.05 - Nancy 28-01-2011 16:32:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1022.206
Gestart vanuit: c:\users\Nancy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk
G:\Autorun.inf
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-28 to 2011-01-28 ))))))))))))))))))))))))))))))
.
2011-01-28 15:45 . 2011-01-28 15:45 ——– d—–w- c:\users\Nancy\AppData\Local\temp
2011-01-28 15:45 . 2011-01-28 15:45 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-01-27 07:42 . 2011-01-27 07:42 ——– d—–w- c:\users\Nancy\AppData\Roaming\Corel
2011-01-26 15:19 . 2011-01-26 15:19 ——– d—–w- c:\users\Nancy\AppData\Roaming\AVG10
2011-01-26 15:17 . 2011-01-26 15:17 ——– d–h–w- c:\programdata\Common Files
2011-01-26 15:14 . 2011-01-28 15:17 ——– d—–w- c:\programdata\AVG10
2011-01-26 15:08 . 2011-01-26 15:08 ——– dc—-w- C:\$AVG
2011-01-26 14:49 . 2011-01-26 15:06 ——– d—–w- c:\programdata\MFAData
2011-01-25 21:44 . 2011-01-25 21:44 ——– dc—-w- c:\program files\Trend Micro
2011-01-25 13:23 . 2009-06-30 09:37 28552 —-a-w- c:\windows\system32\drivers\pavboot.sys
2011-01-25 13:23 . 2011-01-25 13:23 ——– dc—-w- c:\program files\Panda Security
2011-01-25 11:55 . 2011-01-25 11:55 ——– dc—-w- c:\program files\Microsoft.NET
2011-01-25 10:08 . 2011-01-13 09:41 5890896 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C71BCA60-4DDE-4746-BD75-2245F0792AC6}\mpengine.dll
2011-01-12 18:17 . 2010-12-28 15:55 413696 —-a-w- c:\windows\system32\odbc32.dll
2011-01-12 18:17 . 2010-12-28 15:53 708608 —-a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 18:17 . 2010-12-28 15:53 253952 —-a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 18:17 . 2010-12-28 15:53 241664 —-a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 18:17 . 2010-12-28 15:53 57344 —-a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 18:17 . 2010-12-28 15:53 180224 —-a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 18:16 . 2010-12-14 14:49 1169408 —-a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-09-12 07:12 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-09-12 07:12 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 18:56 . 2010-12-16 13:33 345600 —-a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-16 13:33 352768 —-a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-16 13:33 270336 —-a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-16 13:33 601600 —-a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-16 13:33 171520 —-a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-16 13:33 916480 —-a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-16 13:33 43520 —-a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-16 13:33 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-16 13:33 109056 —-a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:57 . 2010-12-16 13:33 71680 —-a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:01 . 2010-12-16 13:33 385024 —-a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-16 13:33 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-16 13:33 1638912 —-a-w- c:\windows\system32\mshtml.tlb
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“RoboForm”=“c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“JMB36X IDE Setup”=“c:\windows\JM\JMInsIDE.exe”
“ledpointer”=“CNYHKey.exe”
“MoLed”=“ModLEDKey.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe”
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe”
“LanguageShortcut”=“c:\program files\CyberLink\PowerDVD\Language\Language.exe”
“TVEService”=“c:\program files\CyberLink\TV Enhance\TVEService.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe”
“Z-5 Speakers”=“c:\program files\Logitech\Z-5 Speakers\Z-5 Speakers.exe”
“IntelliPoint”=“c:\program files\Microsoft IntelliPoint\ipoint.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Targa VFD Display.lnk - c:\windows\Installer\{635EDAAB-BF20-414D-A87A-3D43BFA3EDB9}\_1AC9550B286C88FA14EA1C.exe
“EnableUIADesktopToggle”= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startaid.com/index.php
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57939
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-AuditVista - (no file)
**************************************************************************
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:0000007b
.
Voltooingstijd: 2011-01-28 16:51:21
ComboFix-quarantined-files.txt 2011-01-28 15:51
Pre-Run: 323.562.684.416 bytes beschikbaar
Post-Run: 353.374.019.584 bytes beschikbaar
- - End Of File - - B3C0D05BECE50BF169E50D627064300A
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:18:41, on 28-1-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\CNYHKey.exe
C:\Windows\ModLEDKey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Targa VFD Display\Targa VFD Display.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startaid.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57939
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: CNYHKey.exe
O4 - HKLM\..\Run: ModLEDKey.exe
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\TV Enhance\TVEService.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Targa VFD Display.lnk = ?
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
–
End of file - 8005 bytes
Ben

28-01-2011 21:38

Hallo,walapa
In overleg met fazantje geef ik je antwoord,
Logje en combofix zien er goed uit.
Hoe staat het verder met je probleem?
Download combofix uninstaller:
http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE
Klik op bestand opslaan.
Plaats hem b.v. op je buroblad.
Dubbel klik en kies uitvoeren.
Laat hem zijn werk doen en klik op done.
Verder adviseer ik je: Ccleaner voor register en opschoonen van je pc,
: spywareblaster om spyware tegen te houden
: En je adobe reader te updaten.
: En vergeet vooral je virusscanner niet te instaleren.
http://www.filehippo.com/download_spywareblaster/
Rechts bovenin staat de laatste versie.
Installeren, 1x in de week updaten en klik enable all protection en verder geen omkijken na.
Dus je hoeft geen scan te doen.
http://www.filehippo.com/download_ccleaner/
Na installatie het programma standaard laten draaien.
Eerst de Cleaner en daarna het register.
Bij het installeren van de nieuwste Ccleaner wordt nu ook Google Chrome mee geinstalleerd.
Je moet tijdens het installeren een vinkje weg halen, zodat Google Chrome niet geinstalleerd word.
Suc6 Ben (ook namens fazantje)

Backdoor win32 cycbot

walapa

fazantje

walapa

fazantje

walapa

fazantje

walapa

fazantje

walapa

Ben