Wie kan mij helpen met trojan Virus :(

renate

01-02-2012 20:35

fazantje Schreef:
——————————————————-
> Hoi Renate,
>
> Annuleer die update van windows maar even;)
>
> Succes,
> Huib;)
> http://antivirus.startpagina.nl/prikbord/addon.php
> ?190,module=embed_images,url=http%3A%2F%2Fantiviru
> s.startpagina.nl%2Fprikbord%2Faddon.php%3F190%2Cmo
> dule%3Dembed_images%2Curl%3Dhttp%253A%252F%252Fant
> ivirus.startpagina.nl%252Fprikbord%252Faddon.php%2
> 53F190%252Cmodule%253Dembed_images%252Curl%253Dhtt
> p%25253A%25252F%25252Fantivirus.startpagina.nl%252
> 52Fprikbord%25252Faddon.php%25253F190%25252Cmodule
> %25253Dembed_images%25252Curl%25253Dhttp%2525253A%
> 2525252F%2525252Fantivirus.startpagina.nl%2525252F
> prikbord%2525252Faddon.php%2525253F190%2525252Cmod
> ule%2525253Dembed_images%2525252Curl%2525253Dhttp%
> 252525253A%252525252F%252525252Fantivirus.startpag
> ina.nl%252525252Fprikbord%252525252Faddon.php%2525
> 25253F190%252525252Cmodule%252525253Dembed_images%
> 252525252Curl%252525253Dhttp%25252525253A%25252525
> 252F%25252525252Fantivirus.startpagina.nl%25252525
> 252Fprikbord%25252525252Faddon.php%25252525253F190
> %25252525252Cmodule%25252525253Dembed_images%25252
> 525252Curl%25252525253Dhttp%2525252525253A%2525252
> 525252F%2525252525252Fantivirus.startpagina.nl%252
> 5252525252Fprikbord%2525252525252Faddon.php%252525
> 2525253F190%2525252525252Cmodule%2525252525253Demb
> ed_images%2525252525252Curl%2525252525253Dhttp%252
> 525252525253A%252525252525252F%252525252525252Fant
> ivirus.startpagina.nl%252525252525252Fprikbord%252
> 525252525252Faddon.php%252525252525253F190%2525252
> 52525252Cmodule%252525252525253Dembed_images%25252
> 5252525252Curl%252525252525253Dhttp%25252525252525
> 253A%25252525252525252F%25252525252525252Fantiviru
> s.startpagina.nl%25252525252525252Fprikbord%252525
> 25252525252Faddon.php%25252525252525253F190%252525
> 25252525252Cmodule%25252525252525253Dembed_images%
> 25252525252525252Curl%25252525252525253Dhttp%25252
> 52525252525253A%2525252525252525252F%2525252525252
> 525252Fantivirus.startpagina.nl%252525252525252525
> 2Fprikbord%2525252525252525252Faddon.php%252525252
> 5252525253F190%2525252525252525252Cmodule%25252525
> 25252525253Dembed_images%2525252525252525252Curl%2
> 525252525252525253Dhttp%252525252525252525253A%252
> 525252525252525252F%252525252525252525252Fantiviru
> s.startpagina.nl%252525252525252525252Fprikbord%25
> 2525252525252525252Faddon.php%25252525252525252525
> 3F190%252525252525252525252Cmodule%252525252525252
> 525253Dembed_images%252525252525252525252Curl%2525
> 25252525252525253Dhttp%25252525252525252525253A%25
> 252525252525252525252F%25252525252525252525252Fmsn
> -messenger.startpagina.nl%25252525252525252525252F
> prikbord%25252525252525252525252Faddon.php%2525252
> 5252525252525253F2715%25252525252525252525252Cmodu
> le%25252525252525252525253Dembed_images%2525252525
> 2525252525252Curl%25252525252525252525253Dhttp%252
> 5252525252525252525253A%2525252525252525252525252F
> %2525252525252525252525252Fwww.hetbrandweerforum.n
> l%2525252525252525252525252Findex.php%252525252525
> 2525252525253Faction%2525252525252525252525253Ddla
> ttach%2525252525252525252525253Battach%25252525252
> 52525252525253D13943%2525252525252525252525253Btyp
> e%2525252525252525252525253Davatar
Hoi Huib,
Lol maar dat lukt niet het gele popup staat niet in m'n taakbalk alleen als ik eigenschappen aanklik en aanpassen zie ik deze staan onder niet actieve items ook staat daar hitmanpro2.exe line:sleep 250 bij vreemd want hitmanpro had ik verwijderd.
Groetjes Renate
Ben

01-02-2012 20:51

Hallo renate,
Via rechtermuisknop ook niet (als je op het icoontje staat)
Ander via taakbeheer: http://www.edwincox.nl/postlezen.php?id=53&titel=xp%20windows%20taakbeheer
Toepassing stoppen.
Ga anders verder met: http://antivirus.startpagina.nl/prikbord/15102084/15103171/re-logfile-hijack#msg-15103171
Suc6 Ben
renate

01-02-2012 20:52

Ben Schreef:
——————————————————-
> Hallo renate,
>
> 1. Start HijackThis;
> En klik op “Do a system scan only”.
> Selecteer alle regels die hier onder staan.
>
>
> O2 - BHO: (no name) -
> {5C255C8A-E604-49b4-9D64-90988571CECB} - (no
> file)
> O3 - Toolbar: (no name) -
> {5B6BE916-53AE-4747-ACE8-6CEAED53E944} - (no
> file)
> O3 - Toolbar: (no name) -
> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no
> file)
>
>
> Sluit alle open vensters(behalve HijackThis), klik
> daarna op Fix checked en bevestig het door in het
> volgende scherm op Ja te klikken.
>
>
> 2. Update AVG:
> http://free.avg.com/us-en/free-antivirus-download
>
> Laat AVG opnieuw scannen en vertel of hij het
> virus nog aantreft.
>
> 3. update je Mbnam dan ook en voer daar ook nog
> even een scan mee uit.
>
> Vertel dit in je volgende bericht en plaats daarna
> (na de scan) ook een nieuw HijackThis en het Mbam
> logje.
>
> Gr.Ben
>
> http://www.animaatjes.nl/plaatjes/a/anti-virus/ani
> maatjes-anti-virus-54289.jpg
Hoi Ben,
Ik heb AVG laten scannen en er kwamen veel tracking cookies die avg heeft verwijderd maar 1 van de trojan virussen kan avg niet verwijderen
deze is
c/windows/systeem32/services.exe 1156 memory-00d2000 trojan psw.agent.arjv bestand SDK-type
degene die avg wel heeft kunnen verwijderen zat ook in c/windows/system32/services.exe 1156
ik vind het vreemd dat avg de ene wel heeft verwijderd maar die andere niet
Groetjes Renate
Ik zal nu maleware bytes laten scannen en daarna een logje van Hijack plaatsen
tot later
renate

01-02-2012 21:01

renate Schreef:
——————————————————-
> Ben Schreef:
> ————————————————–
> —–
> > Hallo renate,
> >
> > 1. Start HijackThis;
> > En klik op “Do a system scan only”.
> > Selecteer alle regels die hier onder staan.
> >
> >
> > O2 - BHO: (no name) -
> > {5C255C8A-E604-49b4-9D64-90988571CECB} - (no
> > file)
> > O3 - Toolbar: (no name) -
> > {5B6BE916-53AE-4747-ACE8-6CEAED53E944} - (no
> > file)
> > O3 - Toolbar: (no name) -
> > {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no
> > file)
> >
> >
> > Sluit alle open vensters(behalve HijackThis),
> klik
> > daarna op Fix checked en bevestig het door in
> het
> > volgende scherm op Ja te klikken.
> >
> >
> > 2. Update AVG:
> >
> http://free.avg.com/us-en/free-antivirus-download
> >
> > Laat AVG opnieuw scannen en vertel of hij het
> > virus nog aantreft.
> >
> > 3. update je Mbnam dan ook en voer daar ook nog
> > even een scan mee uit.
> >
> > Vertel dit in je volgende bericht en plaats
> daarna
> > (na de scan) ook een nieuw HijackThis en het
> Mbam
> > logje.
> >
> > Gr.Ben
> >
> >
> http://www.animaatjes.nl/plaatjes/a/anti-virus/ani
>
> > maatjes-anti-virus-54289.jpg
>
> Hoi Ben,
>
> Ik heb AVG laten scannen en er kwamen veel
> tracking cookies die avg heeft verwijderd maar 1
> van de trojan virussen kan avg niet verwijderen
>
> deze is
>
> c/windows/systeem32/services.exe 1156
> memory-00d2000 trojan psw.agent.arjv bestand
> SDK-type
>
> degene die avg wel heeft kunnen verwijderen zat
> ook in c/windows/system32/services.exe 1156
>
> ik vind het vreemd dat avg de ene wel heeft
> verwijderd maar die andere niet
>
>
> Groetjes Renate
>
> Ik zal nu maleware bytes laten scannen en daarna
> een logje van Hijack plaatsen
>
> tot later
Hoi Ben,
Ik heb net maleware bytes laten scannen maar die kon niets vinden hier het logje
Databaseversie: v2012.02.01.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gebruiker :: 2A8DF47D8786474
1-2-2012 20:54:56
mbam-log-2012-02-01 (20-54-56).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 192479
Verstreken tijd: 2 minuut/minuten, 53 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
en hier opieuw het Hijack log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:59:36, on 1-2-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: SkyTel.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe” -d 20000
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251997954859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
–
End of file - 7630 bytes
Groetjes Renate
renate

01-02-2012 21:44

fazantje Schreef:
——————————————————-
> Hoi Renate,
>
> Start HijackThis, klik op scan en vink de volgende
> regels aan:
>
> O2 - BHO: (no name) -
> {5C255C8A-E604-49b4-9D64-90988571CECB} - (no
> file)
> O3 - Toolbar: (no name) -
> {5B6BE916-53AE-4747-ACE8-6CEAED53E944} - (no
> file)
> O3 - Toolbar: (no name) -
> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no
> file)
>
> Sluit aale vensters, behalve HijackThis en klik op
> Fix Checked.
>
> Daar je aangeeft dat de besmetting niet verwijderd
> kan worden gaan we dieper kijken.
>
> Download combofix Hier.
>
> Indien je Combofix al eerder hebt gebruikt,
> gelieve die versie te verwijderen en Combofix
> opnieuw te downloaden via bovenstaande link,
> want Combofix wordt dagelijks geupdate.
>
> OPMERKING: indien je, tijdens of na het downloaden
> van Combofix of tijdens het gebruik van Combofix
> een melding krijgt van je Antivirus- of een andere
> realtime scanner,
> schakel dan deze scanner uit en download Combofix
> opnieuw.
> Sommige scanners zien bepaalde componenten die
> Combofix gebruikt als verdacht en gaan deze
> blokkeren of verwijderen!
>
> Dubbelklik op Combofix.exe
> Volg de instructies, aanvaard de disclaimer.
> Tijdens het runnen van de fix, NIET in het venster
> klikken, want dit zal je pc doen vasthangen.
>
> Het kan enige tijd duren voordat het logje van
> combofix komt, dus denk niet van hij is op tilt.
> Wanneer de fix voltooid is en na herstart, zal de
> log combofix.txt openen.
>
> Denk niet van combo is op tilt, want het kan soms
> enige tijd duren, dus wacht geduldig af.
>
> Plaats deze combo log in je volgende post samen
> met een nieuw HijackThis logje.
>
> Succes,
> Huib;)
> http://antivirus.startpagina.nl/prikbord/addon.php
> ?190,module=embed_images,url=http%3A%2F%2Fantiviru
> s.startpagina.nl%2Fprikbord%2Faddon.php%3F190%2Cmo
> dule%3Dembed_images%2Curl%3Dhttp%253A%252F%252Fant
> ivirus.startpagina.nl%252Fprikbord%252Faddon.php%2
> 53F190%252Cmodule%253Dembed_images%252Curl%253Dhtt
> p%25253A%25252F%25252Fantivirus.startpagina.nl%252
> 52Fprikbord%25252Faddon.php%25253F190%25252Cmodule
> %25253Dembed_images%25252Curl%25253Dhttp%2525253A%
> 2525252F%2525252Fantivirus.startpagina.nl%2525252F
> prikbord%2525252Faddon.php%2525253F190%2525252Cmod
> ule%2525253Dembed_images%2525252Curl%2525253Dhttp%
> 252525253A%252525252F%252525252Fantivirus.startpag
> ina.nl%252525252Fprikbord%252525252Faddon.php%2525
> 25253F190%252525252Cmodule%252525253Dembed_images%
> 252525252Curl%252525253Dhttp%25252525253A%25252525
> 252F%25252525252Fantivirus.startpagina.nl%25252525
> 252Fprikbord%25252525252Faddon.php%25252525253F190
> %25252525252Cmodule%25252525253Dembed_images%25252
> 525252Curl%25252525253Dhttp%2525252525253A%2525252
> 525252F%2525252525252Fantivirus.startpagina.nl%252
> 5252525252Fprikbord%2525252525252Faddon.php%252525
> 2525253F190%2525252525252Cmodule%2525252525253Demb
> ed_images%2525252525252Curl%2525252525253Dhttp%252
> 525252525253A%252525252525252F%252525252525252Fant
> ivirus.startpagina.nl%252525252525252Fprikbord%252
> 525252525252Faddon.php%252525252525253F190%2525252
> 52525252Cmodule%252525252525253Dembed_images%25252
> 5252525252Curl%252525252525253Dhttp%25252525252525
> 253A%25252525252525252F%25252525252525252Fantiviru
> s.startpagina.nl%25252525252525252Fprikbord%252525
> 25252525252Faddon.php%25252525252525253F190%252525
> 25252525252Cmodule%25252525252525253Dembed_images%
> 25252525252525252Curl%25252525252525253Dhttp%25252
> 52525252525253A%2525252525252525252F%2525252525252
> 525252Fantivirus.startpagina.nl%252525252525252525
> 2Fprikbord%2525252525252525252Faddon.php%252525252
> 5252525253F190%2525252525252525252Cmodule%25252525
> 25252525253Dembed_images%2525252525252525252Curl%2
> 525252525252525253Dhttp%252525252525252525253A%252
> 525252525252525252F%252525252525252525252Fmsn-mess
> enger.startpagina.nl%252525252525252525252Fprikbor
> d%252525252525252525252Faddon.php%2525252525252525
> 25253F2715%252525252525252525252Cmodule%2525252525
> 25252525253Dembed_images%252525252525252525252Curl
> %252525252525252525253Dhttp%2525252525252525252525
> 3A%25252525252525252525252F%2525252525252525252525
> 2Fwww.hetbrandweerforum.nl%25252525252525252525252
> Findex.php%25252525252525252525253Faction%25252525
> 252525252525253Ddlattach%25252525252525252525253Ba
> ttach%25252525252525252525253D13943%25252525252525
> 252525253Btype%25252525252525252525253Davatar
Hoi Huib,
Ik heb combofix gedownload maar er gebeurd niets?? ik ging net kijken in deze computer/c en nu staat opeens een icon met een beeldscherm genaamd 32788R22FWJFW deze was er voorheen niet wel nadat ik combofix had gedownload.
groetjes renate
fazantje

01-02-2012 22:18

Hoi Renate,
Zou je de quote weg willen laten, dat leest onhandig voor ons;)
Zou je ook niet meer willen doen dan wat wij jou adviseren.
Doe het volgende:
Download OTC exe Hier, om combo weer helemaal te verwijderen.
Plaats het bestand op je bureaublad.
Zorg dat er een internetverbinding is.
Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Lukt dat niet , dan dubbelklikken op het icoon.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Laat nu Ccleaner standaard draaien, eerst de cleaner en daarna het register.
Start je computer opnieuw op en voer dan nogmaals combofix uit zoals Hier omschreven.
Doe niet meer en niet minder.
Klik hier voor een beetje overzicht wat er gebeurt met combofix, en weet, zodra de scan is begonnen, het wel een half uur kan duren, ondanks dat ie 10 tot 20 minuten aangeeft
Denk niet dat ie op tilt is en klik ook niet in het venster van combofix.
Succes,
Huib;)
renate

01-02-2012 23:11

Hoi Huib,
Phew was wel even schrikken ja maar het is gelukt hoor hier is comfix log
ComboFix 12-02-01.01 - Gebruiker 01-02-2012 22:49:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1432
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Gebruiker\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\system32\drivers\dfg.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_xcpip
——-\Service_dfg
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-01 to 2012-02-01 ))))))))))))))))))))))))))))))
.
.
2012-02-01 21:31 . 2012-02-01 21:31 ——– d–h–r- c:\documents and settings\Gebruiker\Onlangs geopend
2012-02-01 18:04 . 2012-02-01 18:04 388096 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-01 18:04 . 2012-02-01 18:04 ——– d—–w- c:\program files\Trend Micro
2012-02-01 10:24 . 2012-02-01 12:01 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Uniblue
2012-02-01 10:24 . 2012-02-01 12:02 ——– d—–w- c:\program files\Uniblue
2012-02-01 10:24 . 2012-02-01 10:24 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 10:23 . 2012-02-01 10:23 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\PackageAware
2012-01-28 14:37 . 2012-01-28 14:37 ——– d—–w- c:\windows\system32\wbem\Repository
2012-01-24 19:50 . 2007-03-09 10:25 2321288 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-24 19:50 . 2012-01-17 03:39 6557240 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EBC13CF3-27CF-4B39-80AC-8186FC282A67}\mpengine.dll
2012-01-24 19:49 . 2012-01-24 19:49 ——– d—–w- c:\program files\Windows Defender
2012-01-24 19:45 . 2012-01-24 19:45 ——– d—–w- c:\program files\Common Files\Bitdefender
2012-01-24 18:18 . 2012-01-24 18:18 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\ESET
2012-01-24 12:27 . 2006-06-19 12:01 69632 —-a-w- c:\windows\system32\ztvcabinet.dll
2012-01-24 12:27 . 2006-05-25 14:52 162304 —-a-w- c:\windows\system32\ztvunrar36.dll
2012-01-24 12:27 . 2005-08-26 00:50 77312 —-a-w- c:\windows\system32\ztvunace26.dll
2012-01-24 12:27 . 2003-02-02 19:06 153088 —-a-w- c:\windows\system32\UNRAR3.dll
2012-01-24 12:27 . 2002-03-06 00:00 75264 —-a-w- c:\windows\system32\unacev2.dll
2012-01-24 12:27 . 2012-01-24 12:27 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Simply Super Software
2012-01-22 17:49 . 2012-01-31 12:44 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-01-20 15:39 . 2012-01-20 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\InstallMate
2012-01-20 15:30 . 2012-01-22 01:19 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Xefy
2012-01-17 16:22 . 2012-01-17 16:22 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DDMSettings
2012-01-17 16:20 . 2012-01-18 11:44 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DivX
2012-01-17 16:18 . 2012-01-17 16:19 ——– d—–w- c:\program files\Common Files\DivX Shared
2012-01-17 16:16 . 2012-01-20 15:57 ——– d—–w- c:\program files\DivX
2012-01-17 16:15 . 2012-01-17 16:20 ——– d—–w- c:\documents and settings\All Users\Application Data\DivX
2012-01-04 00:48 . 2012-01-04 00:48 354176 —-a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2009-10-29 15:10 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 12:54 . 2011-11-29 12:54 82380 —-a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-11-25 21:57 . 2008-04-15 12:00 293888 —-a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-15 12:00 1859712 —-a-w- c:\windows\system32\win32k.sys
2011-11-23 01:41 . 2011-06-03 17:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2008-04-15 12:00 60928 —-a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-15 12:00 354816 —-a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-15 12:00 152064 —-a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-15 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-15 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2008-04-15 12:00 385024 —-a-w- c:\windows\system32\html.iec
2008-09-03 06:25 77312 –sh–r- c:\windows\system32\devcon_001.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“SpeedUpMyPC”=“c:\progra~1\Uniblue\SPEEDU~1\launcher.exe”
.
“RTHDCPL”=“RTHDCPL.EXE”
“SkyTel”=“SkyTel.EXE”
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“NvMCTray.dll”
“nwiz”=“c:\program files\NVIDIA Corporation\nView\nwiz.exe”
“AVG_TRAY”=“c:\program files\AVG\AVG10\avgtray.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll”
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
@=“”
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
c:\windows\system32\dumprep 0 -k
.
2012-01-03 07:37 843712 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2011-09-07 22:58 37296 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
2009-08-20 23:04 154256 —-a-w- c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll
.
2011-07-28 23:08 1259376 —-a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
2001-07-09 09:50 155648 -c–a-w- c:\windows\system32\NeroCheck.exe
.
2011-11-07 08:26 67456 —-a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
2004-11-02 18:24 32768 —-a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
2011-10-19 14:28 67960 —-a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
2012-01-20 13:03 4027056 —-a-w- c:\documents and settings\Gebruiker\Application Data\Spotify\spotify.exe
.
2009-08-20 23:03 105616 —-a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
“AntiVirusOverride”=dword:00000001
.
“EnableFirewall”= 0 (0x0)
.
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgnsx.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgam.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgemcx.exe”=
“c:\\Documents and Settings\\Gebruiker\\Application Data\\Spotify\\spotify.exe”=
.
“3389:TCP”= 3389:TCP:Remote Desktop
“65533:TCP”= 65533:TCP:Services
“52344:TCP”= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys –> c:\windows\system32\DRIVERS\wg111v2.sys
S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\Drivers\SmiUsbGrabber3C.sys –> c:\windows\system32\Drivers\SmiUsbGrabber3C.sys
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
*Deregistered* - xcpip
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-02-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322571564.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
2012-02-01 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe
.
2012-02-01 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.zeelandnet.nl/index.php
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{5B6BE916-53AE-4747-ACE8-6CEAED53E944} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-01 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(4252)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\Uniblue\SPEEDU~1\sump.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2012-02-01 23:01:23 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-01 22:01
.
Pre-Run: 45.603.647.488 bytes beschikbaar
Post-Run: 45.530.439.680 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
.
- - End Of File - - CA24C4D02F3D9E56241383F8A82FA7BB
en hier is Hijacklog
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:05:49, on 1-2-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zeelandnet.nl/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: SkyTel.EXE
O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: “C:\PROGRA~1\Uniblue\SPEEDU~1\launcher.exe” -d 20000
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251997954859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
–
End of file - 7368 bytes
(elke keer als ik mijn pc opstart duurt het erg lang soms kan ik gelijk aanmelden en de ene keer moet ik mijn pc opnieuw opstarten om mijn opnieuw aan te melden)
Ook duurt het eg lang eer mijn taakbalk en start icon verschijnt en de icon van internetexplorer in taakblak duurt heel lang pas na 5 min dan hoor ik iets ratelen in pc en dan verschijnt het pas)
Ik weet niet of je hier iets aan hebt?
Groetjes Renate
Danjel

02-02-2012 07:21
Ben

02-02-2012 09:25

Hallo renate,
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
Registry::
“3389:TCP”=-
“65533:TCP”=-
“52344:TCP”=-
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://crew.nucia.eu/smeenk/CFScript.gif
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
En vertel erbij hoe het met je probleem is.
Gr,.Ben
renate

02-02-2012 11:13

Hoi Ben,
Combofix is inmiddels gisteren al opgelost deze heeft gisteren deze log aangemaakt. of bedoel je iets anders?
Groetjes Renate
ComboFix 12-02-01.01 - Gebruiker 01-02-2012 22:49:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1432
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Gebruiker\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\system32\drivers\dfg.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_xcpip
——-\Service_dfg
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-01 to 2012-02-01 ))))))))))))))))))))))))))))))
.
.
2012-02-01 21:31 . 2012-02-01 21:31 ——– d–h–r- c:\documents and settings\Gebruiker\Onlangs geopend
2012-02-01 18:04 . 2012-02-01 18:04 388096 —-a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-01 18:04 . 2012-02-01 18:04 ——– d—–w- c:\program files\Trend Micro
2012-02-01 10:24 . 2012-02-01 12:01 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Uniblue
2012-02-01 10:24 . 2012-02-01 12:02 ——– d—–w- c:\program files\Uniblue
2012-02-01 10:24 . 2012-02-01 10:24 ——– dc-h–w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 10:23 . 2012-02-01 10:23 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\PackageAware
2012-01-28 14:37 . 2012-01-28 14:37 ——– d—–w- c:\windows\system32\wbem\Repository
2012-01-24 19:50 . 2007-03-09 10:25 2321288 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-24 19:50 . 2012-01-17 03:39 6557240 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{EBC13CF3-27CF-4B39-80AC-8186FC282A67}\mpengine.dll
2012-01-24 19:49 . 2012-01-24 19:49 ——– d—–w- c:\program files\Windows Defender
2012-01-24 19:45 . 2012-01-24 19:45 ——– d—–w- c:\program files\Common Files\Bitdefender
2012-01-24 18:18 . 2012-01-24 18:18 ——– d—–w- c:\documents and settings\Gebruiker\Local Settings\Application Data\ESET
2012-01-24 12:27 . 2006-06-19 12:01 69632 —-a-w- c:\windows\system32\ztvcabinet.dll
2012-01-24 12:27 . 2006-05-25 14:52 162304 —-a-w- c:\windows\system32\ztvunrar36.dll
2012-01-24 12:27 . 2005-08-26 00:50 77312 —-a-w- c:\windows\system32\ztvunace26.dll
2012-01-24 12:27 . 2003-02-02 19:06 153088 —-a-w- c:\windows\system32\UNRAR3.dll
2012-01-24 12:27 . 2002-03-06 00:00 75264 —-a-w- c:\windows\system32\unacev2.dll
2012-01-24 12:27 . 2012-01-24 12:27 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Simply Super Software
2012-01-22 17:49 . 2012-01-31 12:44 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-01-20 15:39 . 2012-01-20 15:40 ——– d—–w- c:\documents and settings\All Users\Application Data\InstallMate
2012-01-20 15:30 . 2012-01-22 01:19 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\Xefy
2012-01-17 16:22 . 2012-01-17 16:22 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DDMSettings
2012-01-17 16:20 . 2012-01-18 11:44 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\DivX
2012-01-17 16:18 . 2012-01-17 16:19 ——– d—–w- c:\program files\Common Files\DivX Shared
2012-01-17 16:16 . 2012-01-20 15:57 ——– d—–w- c:\program files\DivX
2012-01-17 16:15 . 2012-01-17 16:20 ——– d—–w- c:\documents and settings\All Users\Application Data\DivX
2012-01-04 00:48 . 2012-01-04 00:48 354176 —-a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2009-10-29 15:10 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 12:54 . 2011-11-29 12:54 82380 —-a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-11-25 21:57 . 2008-04-15 12:00 293888 —-a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-15 12:00 1859712 —-a-w- c:\windows\system32\win32k.sys
2011-11-23 01:41 . 2011-06-03 17:13 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 06:12 . 2008-04-15 12:00 60928 —-a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-15 12:00 354816 —-a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-15 12:00 152064 —-a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-15 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-15 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2008-04-15 12:00 385024 —-a-w- c:\windows\system32\html.iec
2008-09-03 06:25 77312 –sh–r- c:\windows\system32\devcon_001.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“SpeedUpMyPC”=“c:\progra~1\Uniblue\SPEEDU~1\launcher.exe”
.
“RTHDCPL”=“RTHDCPL.EXE”
“SkyTel”=“SkyTel.EXE”
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“NvMCTray.dll”
“nwiz”=“c:\program files\NVIDIA Corporation\nView\nwiz.exe”
“AVG_TRAY”=“c:\program files\AVG\AVG10\avgtray.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll”
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
@=“”
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
c:\windows\system32\dumprep 0 -k
.
2012-01-03 07:37 843712 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2011-09-07 22:58 37296 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
2009-08-20 23:04 154256 —-a-w- c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll
.
2011-07-28 23:08 1259376 —-a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
2001-07-09 09:50 155648 -c–a-w- c:\windows\system32\NeroCheck.exe
.
2011-11-07 08:26 67456 —-a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
2004-11-02 18:24 32768 —-a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
2011-10-19 14:28 67960 —-a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
2012-01-20 13:03 4027056 —-a-w- c:\documents and settings\Gebruiker\Application Data\Spotify\spotify.exe
.
2009-08-20 23:03 105616 —-a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
“AntiVirusOverride”=dword:00000001
.
“EnableFirewall”= 0 (0x0)
.
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgnsx.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgam.exe”=
“c:\\Program Files\\AVG\\AVG10\\avgemcx.exe”=
“c:\\Documents and Settings\\Gebruiker\\Application Data\\Spotify\\spotify.exe”=
.
“3389:TCP”= 3389:TCP:Remote Desktop
“65533:TCP”= 65533:TCP:Services
“52344:TCP”= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys –> c:\windows\system32\DRIVERS\wg111v2.sys
S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\Drivers\SmiUsbGrabber3C.sys –> c:\windows\system32\Drivers\SmiUsbGrabber3C.sys
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
*Deregistered* - xcpip
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-02-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8322571564.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
2012-02-01 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe
.
2012-02-01 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.zeelandnet.nl/index.php
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{5B6BE916-53AE-4747-ACE8-6CEAED53E944} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-01 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(4252)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\Uniblue\SPEEDU~1\sump.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2012-02-01 23:01:23 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-01 22:01
.
Pre-Run: 45.603.647.488 bytes beschikbaar
Post-Run: 45.530.439.680 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
.
- - End Of File - - CA24C4D02F3D9E56241383F8A82FA7BB

Wie kan mij helpen met trojan Virus :(

renate

Ben

renate

renate

renate

fazantje

renate

Danjel

Ben

renate