keffievs
-
Items
13 -
Registratiedatum
-
Laatst bezocht
keffievs's prestaties
-
Nou ik heb eigenlijk nergens meer last van voor zover ik heb kunnen merken.! Dus ik wil jullie allemaal heel erg bedanken en hoop dit nooit meer mee te maken! Groetjes
-
Is goed...ik laat het nog weten! Alvast super bedankt!!! Scheelt echt zo...wat een vervelend virus, was, dat!
-
Ok, deze stappen heb ik allemaal doorlopen. Met CCleaner alle fouten die die vond hersteld. En nu? Is nu eindelijk alle rotzooi van mijn pc af? zou daar echt zo blij mee zijn. Merk in ieder geval wel dat hij inmiddels alweer een stuk sneller is. Groetjes Kevin
-
Niets gevonden... en nu? Screentjes: ImageShack® - Online Photo and Video Hosting ImageShack® - Online Photo and Video Hosting
-
Ok, is tie! ComboFix 11-04-05.02 - Administrator 06-04-2011 13:14:00.3.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1282 [GMT 2:00] Gestart vanuit: e:\documents and settings\Administrator\Bureaublad\ComboFix.exe . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . e:\windows\regedit.exe . . . is geïnfecteerd!! . Besmet exemplaar van e:\windows\system32\msgsvc.dll werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - e:\windows\ERDNT\cache\msgsvc.dll . e:\windows\NOTEPAD.EXE . . . is geïnfecteerd!! . e:\windows\pchealth\helpctr\binaries\HelpCtr.exe . . . is geïnfecteerd!! . e:\windows\system32\ahui.exe . . . is geïnfecteerd!! . e:\windows\system32\cleanmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\cmd.exe . . . is geïnfecteerd!! . e:\windows\system32\logonui.exe . . . is geïnfecteerd!! . e:\windows\system32\sndrec32.exe . . . is geïnfecteerd!! . e:\windows\system32\sysocmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\taskmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\wiaacmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\usmt\migwiz.exe . . . is geïnfecteerd!! . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-06 to 2011-04-06 )))))))))))))))))))))))))))))) . . 2011-04-01 11:56 . 2011-04-04 19:45 16968 ----a-w- e:\windows\system32\drivers\hitmanpro35.sys 2011-04-01 11:56 . 2011-04-01 11:56 -------- d-----w- e:\program files\Hitman Pro 3.5 2011-04-01 11:56 . 2011-04-01 12:01 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro 2011-04-01 09:20 . 2011-04-01 09:20 -------- d-s---w- e:\documents and settings\LocalService\Favorieten 2011-03-31 19:21 . 2011-04-06 07:56 -------- d-sh--w- e:\documents and settings\Administrator\Onlangs geopend 2011-03-31 19:12 . 2011-03-31 19:12 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-03-31 19:04 . 2011-03-31 19:09 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Google 2011-03-31 19:03 . 2011-03-31 19:04 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Deployment 2011-03-31 17:48 . 2011-03-31 17:48 -------- d-----w- e:\program files\Belastingdienst 2011-03-31 17:47 . 2011-03-31 17:47 -------- d-----w- e:\program files\Common Files\Java 2011-03-31 17:47 . 2011-03-31 17:46 73728 ----a-w- e:\windows\system32\javacpl.cpl 2011-03-31 17:47 . 2011-03-31 17:46 472808 ----a-w- e:\windows\system32\deployJava1.dll 2011-03-31 17:46 . 2011-03-31 17:46 -------- d-----w- e:\program files\Java 2011-03-31 17:40 . 2011-04-01 05:44 -------- d-----w- e:\documents and settings\Administrator\Application Data\Winamp 2011-03-31 17:35 . 2011-03-31 18:05 -------- d-----w- e:\documents and settings\Administrator\Application Data\Belastingdienst 2011-03-31 15:28 . 2011-03-31 15:28 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\ATI 2011-03-31 15:28 . 2011-03-31 15:28 -------- d-----w- e:\documents and settings\NetworkService\Application Data\ATI 2011-03-31 15:04 . 2011-03-31 15:28 -------- d-s---w- e:\documents and settings\NetworkService\Mijn documenten 2011-03-31 14:47 . 2011-03-31 15:28 -------- d-sh--w- e:\documents and settings\NetworkService\Onlangs geopend 2011-03-31 14:47 . 2011-03-31 14:47 -------- d-----w- e:\documents and settings\NetworkService\Menu Start 2011-03-31 14:47 . 2011-03-31 14:47 -------- d-----w- e:\documents and settings\NetworkService\Bureaublad 2011-03-31 14:09 . 2011-03-31 14:09 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2011-03-31 14:09 . 2011-03-31 14:09 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-03-30 21:07 . 2011-03-30 21:07 388096 ----a-r- e:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-03-30 21:07 . 2011-03-30 21:07 -------- d-----w- e:\program files\Trend Micro 2011-03-30 21:05 . 2011-03-30 21:05 -------- d-----w- e:\documents and settings\Administrator\Application Data\Malwarebytes 2011-03-30 21:05 . 2010-12-20 16:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys 2011-03-30 21:05 . 2011-03-30 21:05 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2011-03-30 21:05 . 2011-03-30 21:05 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware 2011-03-30 21:05 . 2010-12-20 16:08 20952 ----a-w- e:\windows\system32\drivers\mbam.sys 2011-03-30 20:56 . 2011-04-01 12:03 -------- d-----w- e:\program files\PC Tools Security 2011-03-30 20:56 . 2011-04-01 12:03 -------- d-----w- e:\program files\Common Files\PC Tools 2011-03-30 20:56 . 2011-04-01 11:58 -------- d---a-w- e:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2011-03-30 20:53 . 2011-04-01 11:58 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\PC Tools 2011-03-30 19:58 . 2011-03-30 19:58 -------- d-sh--w- e:\documents and settings\LocalService\IETldCache 2011-03-30 19:51 . 2011-03-30 19:51 739328 ----a-w- e:\windows\system32\aoigwerg.dll 2011-03-30 19:42 . 2011-03-30 19:42 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert 2011-03-30 17:17 . 2011-03-31 15:28 -------- d-s---w- e:\documents and settings\NetworkService\Favorieten 2011-03-30 17:15 . 2011-03-30 17:15 -------- d-----w- e:\windows\Sun 2011-03-17 19:39 . 2004-08-04 00:03 159232 ----a-w- e:\windows\system32\ptpusd.dll 2011-03-17 19:39 . 2001-09-06 20:27 5632 ----a-w- e:\windows\system32\ptpusb.dll 2011-03-17 19:39 . 2004-08-03 21:58 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys 2011-03-16 20:58 . 2001-08-17 21:02 9600 ----a-w- e:\windows\system32\drivers\hidusb.sys 2011-03-16 20:47 . 2011-03-16 20:47 -------- d--h--r- e:\documents and settings\Administrator\Application Data\SecuROM 2011-03-16 20:42 . 2011-03-16 20:42 -------- d-----w- e:\program files\KONAMI 2011-03-16 20:42 . 2011-03-16 20:42 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\KONAMI 2011-03-16 20:30 . 2011-03-16 20:30 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys 2011-03-16 20:30 . 2011-03-16 20:31 -------- d-----w- e:\program files\DAEMON Tools Pro 2011-03-16 20:30 . 2011-03-16 20:32 -------- d-----w- e:\documents and settings\Administrator\Application Data\DAEMON Tools Pro 2011-03-16 20:30 . 2011-03-16 20:30 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2011-03-14 11:41 . 2008-07-06 12:06 89088 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-03-14 11:38 . 2011-03-14 11:38 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache 2011-03-12 19:00 . 2006-01-18 12:55 290918 ----a-w- e:\windows\system32\Install7x.dll 2011-03-12 19:00 . 2005-11-30 10:33 2048 ----a-w- e:\windows\system32\drivers\rt73.bin 2011-03-12 19:00 . 2005-10-17 18:50 245376 ----a-w- e:\windows\system32\drivers\rt2500usb.SYS 2011-03-12 19:00 . 2005-05-17 15:24 311296 ----a-w- e:\windows\system32\AegisI5.exe 2011-03-12 19:00 . 2011-03-12 19:00 20747 ----a-w- e:\windows\system32\drivers\AegisP.sys 2011-03-12 18:59 . 2005-11-13 22:19 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2011-03-12 18:59 . 2011-03-12 19:00 -------- d-----w- e:\program files\Sweex 2011-03-12 18:59 . 2006-02-07 14:45 757760 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2011-03-12 18:59 . 2006-02-07 14:40 204800 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2011-03-12 18:59 . 2006-02-07 14:40 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2011-03-12 18:59 . 2006-02-07 14:40 274432 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2011-03-12 18:59 . 2011-03-12 18:59 331908 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2011-03-12 18:59 . 2011-03-12 18:59 200836 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2011-03-12 18:50 . 2007-03-13 12:53 252928 ----a-r- e:\windows\system32\rt73.sys 2011-03-12 10:26 . 2011-03-12 10:26 -------- d-----w- e:\windows\ServicePackFiles 2011-03-12 10:25 . 2011-03-12 10:25 -------- d-----w- e:\program files\MSXML 6.0 2011-03-12 10:19 . 2011-03-12 10:19 -------- d-----w- e:\program files\MSXML 4.0 2011-03-12 08:51 . 2011-03-12 09:01 -------- d-----w- e:\windows\system32\CatRoot_bak 2011-03-09 20:17 . 2010-02-12 04:36 100864 -c----w- e:\windows\system32\dllcache\6to4svc.dll 2011-03-09 20:15 . 2009-12-31 15:06 352640 -c----w- e:\windows\system32\dllcache\srv.sys 2011-03-09 20:13 . 2010-02-24 12:48 457216 -c----w- e:\windows\system32\dllcache\mrxsmb.sys 2011-03-09 20:08 . 2009-11-21 16:46 470528 -c----w- e:\windows\system32\dllcache\aclayers.dll 2011-03-09 20:08 . 2010-06-14 14:30 743936 -c----w- e:\windows\system32\dllcache\helpsvc.exe 2011-03-09 20:07 . 2009-10-15 16:57 81920 -c----w- e:\windows\system32\dllcache\fontsub.dll 2011-03-09 20:07 . 2009-10-15 16:57 119808 -c----w- e:\windows\system32\dllcache\t2embed.dll 2011-03-09 20:06 . 2009-06-09 15:09 1871872 -c----w- e:\windows\system32\dllcache\mstscax.dll 2011-03-09 20:04 . 2010-02-16 19:27 2148352 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe 2011-03-09 20:02 . 2009-06-21 22:07 153088 -c----w- e:\windows\system32\dllcache\triedit.dll 2011-03-09 20:02 . 2009-10-23 14:27 3555328 -c----w- e:\windows\system32\dllcache\moviemk.exe 2011-03-09 19:51 . 2008-05-08 12:14 203008 -c----w- e:\windows\system32\dllcache\rmcast.sys 2011-03-09 19:51 . 2008-05-01 14:33 331776 -c----w- e:\windows\system32\dllcache\msadce.dll 2011-03-09 19:48 . 2010-02-12 10:03 293376 ------w- e:\windows\system32\browserchoice.exe 2011-03-09 19:38 . 2008-10-15 16:56 339456 -c----w- e:\windows\system32\dllcache\netapi32.dll 2011-03-09 19:38 . 2009-07-31 04:37 1172480 -c----w- e:\windows\system32\dllcache\msxml3.dll 2011-03-09 19:31 . 2008-04-21 21:28 218624 -c----w- e:\windows\system32\dllcache\wordpad.exe 2011-03-09 19:28 . 2011-03-09 19:28 -------- d-----w- e:\program files\SopCast 2011-03-09 10:47 . 2011-03-09 10:47 -------- d-----w- e:\program files\CyberLink 2011-03-08 19:45 . 2011-03-31 19:05 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Temp 2011-03-08 19:45 . 2011-03-08 19:45 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Adobe . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-05 16:18 . 2003-02-14 15:30 348480 ----a-w- e:\windows\system32\drivers\Cap7134.sys 2011-03-05 16:18 . 2003-01-29 10:49 110592 ----a-w- e:\windows\system32\34com.dll 2011-03-05 16:18 . 2003-01-29 10:45 90112 ----a-w- e:\windows\system32\Prop7134.dll 2011-03-05 16:18 . 2003-01-29 10:40 23552 ----a-w- e:\windows\system32\34ds.dll 2011-03-05 16:18 . 2003-01-29 10:40 94208 ----a-w- e:\windows\system32\34dialog.dll 2011-03-05 16:18 . 2003-01-29 10:39 73728 ----a-w- e:\windows\system32\34TvCtrl.dll 2011-03-05 16:18 . 2003-01-29 10:36 282624 ----a-w- e:\windows\system32\34dlg2.dll 2011-03-05 16:18 . 2003-01-29 10:33 135168 ----a-w- e:\windows\system32\34api.dll 2011-03-05 16:18 . 2003-01-29 10:32 77824 ----a-w- e:\windows\system32\34dd.dll 2011-03-05 16:18 . 2003-03-04 09:56 145408 ----a-w- e:\windows\system32\drivers\e100b325.sys 2011-03-05 16:18 . 2003-03-03 13:26 118784 ----a-w- e:\windows\system32\Prounstl.exe 2011-03-05 16:18 . 2003-02-03 03:26 12288 ----a-w- e:\windows\system32\e100bmsg.dll 2011-03-05 16:18 . 2002-12-29 02:00 24064 ----a-w- e:\windows\system32\IntelNic.dll 2011-03-05 16:16 . 2011-03-05 14:56 64512 ------w- e:\windows\system32\agrsmdel.exe 2011-03-05 16:16 . 2004-07-22 13:50 1268234 ----a-w- e:\windows\system32\drivers\AGRSM.sys 2011-03-05 16:16 . 2004-07-22 12:38 88361 ----a-w- e:\windows\AGRSMMSG.exe 2011-03-05 16:16 . 2004-04-05 09:49 64512 ----a-w- e:\windows\agrsmdel.exe 2011-03-05 14:42 . 2011-03-05 14:42 25992 ----a-w- e:\windows\system32\pgdfgsvc.exe 2011-03-05 14:38 . 2011-03-05 14:38 54926 ----a-w- e:\windows\BricoPackUninst.cmd 2011-03-05 14:38 . 2011-03-05 14:35 6128 ----a-w- e:\windows\BricoPackFoldersDelete.cmd 2011-03-05 14:38 . 2007-02-05 16:08 219136 ----a-w- e:\windows\system32\uxtheme.dll 2011-03-05 12:35 . 2011-03-05 14:35 715248 ----a-w- e:\windows\system32\drivers\sptd.sys 2011-03-05 12:35 . 2011-03-05 12:35 715248 ----a-w- e:\windows\system32\drivers\sptd.svs 2011-03-18 18:03 . 2011-03-31 19:11 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- . [-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . e:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe [-] 2007-08-16 . F40B20B7EAAA306AC1CC95B7165A848A . 979456 . . [6.00.2900.3156] . . e:\windows\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2011-04-01_14.33.03 ))))))))))))))))))))))))))))))))))))))))) . - 2002-12-31 06:00 . 2011-04-01 14:23 90642 e:\windows\system32\perfc013.dat + 2002-12-31 06:00 . 2011-04-06 11:15 90642 e:\windows\system32\perfc013.dat - 2002-12-31 06:00 . 2011-04-01 14:23 71002 e:\windows\system32\perfc009.dat + 2002-12-31 06:00 . 2011-04-06 11:15 71002 e:\windows\system32\perfc009.dat + 2002-12-31 06:00 . 2011-04-06 11:15 508570 e:\windows\system32\perfh013.dat - 2002-12-31 06:00 . 2011-04-01 14:23 508570 e:\windows\system32\perfh013.dat + 2002-12-31 06:00 . 2011-04-06 11:15 440684 e:\windows\system32\perfh009.dat - 2002-12-31 06:00 . 2011-04-01 14:23 440684 e:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "DAEMON Tools Pro Agent"="e:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592] "SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "AGRSMMSG"="AGRSMMSG.exe" [2011-03-05 88361] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736] "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] "WinampAgent"="e:\program files\Winamp\winampa.exe" [2011-03-22 74752] "DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2002-12-31 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "PackNoVs"="e:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304] . e:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Sweex WiFi Utility.lnk - e:\program files\Sweex\Installer\WINXP\SWU.exe [2011-3-12 598016] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "SetVisualStyle"= e:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc E 1 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "e:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Winamp\\winamp.exe"= "e:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "e:\\Program Files\\SopCast\\SopCast.exe"= "e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"= . R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [5-3-2011 16:35 715248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [16-3-2011 22:30 218688] S2 tlnasxhj;Microsoft USB 2.0 Enhanced Host Controller Miniport Helper;e:\windows\System32\svchost.exe -k netsvcs [31-12-2002 8:00 14336] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs tlnasxhj . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] 2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] 2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.fr12.nl/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: e:\program files\common files\pc tools\lsp\pctlsp.dll FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3fhmyps.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.fr12.nl/ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-06 13:22 Windows 5.1.2600 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\ . [HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\SecuROM\License information*] "datasecu"=hex:d2,b5,ba,7a,50,dd,32,37,ee,18,af,f9,e1,ce,83,f8,83,e6,5a,0b,65, da,d8,64,fe,ad,4f,42,30,bd,2b,8a,c0,2b,76,9c,61,11,61,c4,ff,8e,e0,98,05,33,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(792) e:\windows\system32\sfc_os.dll e:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(252) e:\windows\system32\ntshrui.dll . Voltooingstijd: 2011-04-06 13:25:50 - machine werd herstart ComboFix-quarantined-files.txt 2011-04-06 11:25 ComboFix2.txt 2011-04-02 11:10 ComboFix3.txt 2011-04-01 14:36 . Pre-Run: 11.413.745.664 bytes beschikbaar Post-Run: 11.448.803.328 bytes beschikbaar . - - End Of File - - 450162496F72CA9694F435F3473DE040
-
excuses voor de late reactie...het is ff druk geweest. Ga nu weer verder... Deze stappen lukken alleen niet, zie de foutcode in de volgende link ( ImageShack® - Online Photo and Video Hosting ) Is er een andere manier voor of doe ik toch iets fout?
-
Ok, ook dit weer gedaan. Logje ComboFix 11-03-31.04 - Administrator 02-04-2011 12:57:53.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1282 [GMT 2:00] Gestart vanuit: e:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: e:\documents and settings\Administrator\Bureaublad\CFScript.txt . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . FILE :: "e:\windows\system32\drivers\hpnebafs.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . e:\windows\regedit.exe . . . is geïnfecteerd!! . Besmet exemplaar van e:\windows\system32\msgsvc.dll werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - e:\windows\ERDNT\cache\msgsvc.dll . e:\windows\NOTEPAD.EXE . . . is geïnfecteerd!! . e:\windows\pchealth\helpctr\binaries\HelpCtr.exe . . . is geïnfecteerd!! . e:\windows\system32\ahui.exe . . . is geïnfecteerd!! . e:\windows\system32\cleanmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\cmd.exe . . . is geïnfecteerd!! . e:\windows\system32\logonui.exe . . . is geïnfecteerd!! . e:\windows\system32\sndrec32.exe . . . is geïnfecteerd!! . e:\windows\system32\sysocmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\taskmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\wiaacmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\usmt\migwiz.exe . . . is geïnfecteerd!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_HPNEBAFS . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))) . . 2011-03-05 15:14 . 2011-04-01 11:56 -------- d-----r- E:\Program Files . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-05 16:18 . 2003-02-14 15:30 348480 ----a-w- e:\windows\system32\drivers\Cap7134.sys 2011-03-05 16:18 . 2003-01-29 10:49 110592 ----a-w- e:\windows\system32\34com.dll 2011-03-05 16:18 . 2003-01-29 10:45 90112 ----a-w- e:\windows\system32\Prop7134.dll 2011-03-05 16:18 . 2003-01-29 10:40 23552 ----a-w- e:\windows\system32\34ds.dll 2011-03-05 16:18 . 2003-01-29 10:40 94208 ----a-w- e:\windows\system32\34dialog.dll 2011-03-05 16:18 . 2003-01-29 10:39 73728 ----a-w- e:\windows\system32\34TvCtrl.dll 2011-03-05 16:18 . 2003-01-29 10:36 282624 ----a-w- e:\windows\system32\34dlg2.dll 2011-03-05 16:18 . 2003-01-29 10:33 135168 ----a-w- e:\windows\system32\34api.dll 2011-03-05 16:18 . 2003-01-29 10:32 77824 ----a-w- e:\windows\system32\34dd.dll 2011-03-05 16:18 . 2003-03-04 09:56 145408 ----a-w- e:\windows\system32\drivers\e100b325.sys 2011-03-05 16:18 . 2003-03-03 13:26 118784 ----a-w- e:\windows\system32\Prounstl.exe 2011-03-05 16:18 . 2003-02-03 03:26 12288 ----a-w- e:\windows\system32\e100bmsg.dll 2011-03-05 16:18 . 2002-12-29 02:00 24064 ----a-w- e:\windows\system32\IntelNic.dll 2011-03-05 16:16 . 2004-07-22 13:50 1268234 ----a-w- e:\windows\system32\drivers\AGRSM.sys 2011-03-05 16:16 . 2004-07-22 12:38 88361 ----a-w- e:\windows\AGRSMMSG.exe 2011-03-05 16:16 . 2004-04-05 09:49 64512 ----a-w- e:\windows\agrsmdel.exe 2011-03-05 14:38 . 2007-02-05 16:08 219136 ----a-w- e:\windows\system32\uxtheme.dll 2011-03-05 12:35 . 2011-03-05 12:35 715248 ----a-w- e:\windows\system32\drivers\sptd.svs 2011-03-18 18:03 . 2011-03-31 19:11 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- . [-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . e:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe [-] 2007-08-16 . F40B20B7EAAA306AC1CC95B7165A848A . 979456 . . [6.00.2900.3156] . . e:\windows\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2011-04-01_14.33.03 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-02 11:06 . 2011-04-02 11:06 16384 e:\windows\temp\Perflib_Perfdata_6b4.dat - 2002-12-31 06:00 . 2011-04-01 14:23 90642 e:\windows\system32\perfc013.dat + 2002-12-31 06:00 . 2011-04-02 10:58 90642 e:\windows\system32\perfc013.dat - 2002-12-31 06:00 . 2011-04-01 14:23 71002 e:\windows\system32\perfc009.dat + 2002-12-31 06:00 . 2011-04-02 10:58 71002 e:\windows\system32\perfc009.dat - 2011-04-01 11:56 . 2011-04-01 12:36 16968 e:\windows\system32\drivers\hitmanpro35.sys + 2011-04-01 11:56 . 2011-04-02 07:22 16968 e:\windows\system32\drivers\hitmanpro35.sys + 2002-12-31 06:00 . 2011-04-02 10:58 508570 e:\windows\system32\perfh013.dat - 2002-12-31 06:00 . 2011-04-01 14:23 508570 e:\windows\system32\perfh013.dat - 2002-12-31 06:00 . 2011-04-01 14:23 440684 e:\windows\system32\perfh009.dat + 2002-12-31 06:00 . 2011-04-02 10:58 440684 e:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "DAEMON Tools Pro Agent"="e:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592] "SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "AGRSMMSG"="AGRSMMSG.exe" [2011-03-05 88361] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736] "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] "WinampAgent"="e:\program files\Winamp\winampa.exe" [2011-03-22 74752] "DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "HitmanPro35"="e:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-04-01 6449984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2002-12-31 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "PackNoVs"="e:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304] . e:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Sweex WiFi Utility.lnk - e:\program files\Sweex\Installer\WINXP\SWU.exe [2011-3-12 598016] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "SetVisualStyle"= e:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc E 1 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "e:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Winamp\\winamp.exe"= "e:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "e:\\Program Files\\SopCast\\SopCast.exe"= "e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"= . R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [5-3-2011 16:35 715248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [16-3-2011 22:30 218688] S2 tlnasxhj;Microsoft USB 2.0 Enhanced Host Controller Miniport Helper;e:\windows\System32\svchost.exe -k netsvcs [31-12-2002 8:00 14336] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - uphcleanhlp . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs tlnasxhj . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] 2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] 2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.fr12.nl/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: e:\program files\common files\pc tools\lsp\pctlsp.dll FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3fhmyps.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.fr12.nl/ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-02 13:06 Windows 5.1.2600 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 5.1.2600 Disk: WDC_WD1200BB-22DWA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x899141F8]<< _asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x89914008; MOV EAX, 0xf74e93b8; CALL EAX; } 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x89873AB8] 3 CLASSPNP[0xF765805B] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006e[0x898E4A00] 5 ACPI[0xF7497620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-4[0x89809940] \Driver\atapi[0x89852F38] -> IRP_MJ_CREATE -> 0x899141F8 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP0T1L0-c -> \??\IDE#DiskWDC_WD300BB-00AUA1______________________18.20D18#4457572d414d5736333131373231_031_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x89721AF1 \Driver\atapi -> 0x899141f8 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\ . [HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\SecuROM\License information*] "datasecu"=hex:d2,b5,ba,7a,50,dd,32,37,ee,18,af,f9,e1,ce,83,f8,83,e6,5a,0b,65, da,d8,64,fe,ad,4f,42,30,bd,2b,8a,c0,2b,76,9c,61,11,61,c4,ff,8e,e0,98,05,33,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(888) e:\windows\system32\sfc_os.dll e:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(944) e:\program files\common files\pc tools\lsp\pctlsp.dll . - - - - - - - > 'explorer.exe'(3848) e:\windows\system32\ntshrui.dll e:\program files\Desktop Tray Clock\Clock.dll e:\windows\system32\wpdshserviceobj.dll e:\windows\system32\webcheck.dll e:\windows\system32\portabledevicetypes.dll e:\windows\system32\portabledeviceapi.dll e:\windows\system32\NETSHELL.dll e:\windows\system32\credui.dll . ------------------------ Andere Aktieve Processen ------------------------ . e:\windows\system32\Ati2evxx.exe e:\windows\system32\Ati2evxx.exe e:\program files\Java\jre6\bin\jqs.exe e:\program files\UPHClean\uphclean.exe e:\windows\system32\wscntfy.exe e:\windows\system32\rundll32.exe e:\windows\AGRSMMSG.exe e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe e:\\?\e:\windows\system32\WBEM\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2011-04-02 13:10:14 - machine werd herstart ComboFix-quarantined-files.txt 2011-04-02 11:10 ComboFix2.txt 2011-04-01 14:36 . Pre-Run: 11.461.570.560 bytes beschikbaar Post-Run: 11.536.068.608 bytes beschikbaar . - - End Of File - - 608F19E03E14814DB9A1CAC48F0CC4AA Is het normaal dat ik dit elke keer in veilige modus moet doen? In normale modus doet hij het niet, komt dit misschien door het virus?
-
Gedaan...alleen kon die geen internetverbinding maken op een of andere manier, dus of het nou helemaal goed is gegaan weet ik niet. Zag wel dat hij het een en ander verwijderde en opnieuw installeerde dus... Logje: ComboFix 11-03-31.04 - Administrator 01-04-2011 16:21:39.1.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1291 [GMT 2:00] Gestart vanuit: e:\documents and settings\Administrator\Bureaublad\ComboFix.exe . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\explorer.exe e:\documents and settings\Administrator\Application Data\Adobe\plugs e:\documents and settings\Administrator\Application Data\Adobe\shed e:\documents and settings\Administrator\Application Data\D85023B5B3169575836CA5F003E746C4 e:\documents and settings\Administrator\Application Data\D85023B5B3169575836CA5F003E746C4\enemies-names.txt e:\documents and settings\Administrator\Application Data\D85023B5B3169575836CA5F003E746C4\local.ini e:\documents and settings\Administrator\Application Data\D85023B5B3169575836CA5F003E746C4\lsrslt.ini e:\documents and settings\NetworkService\Local Settings\Application Data\gmecoss.dll E:\install.exe e:\windows\system\WINSPOOL.DRV . e:\windows\regedit.exe . . . is geïnfecteerd!! . e:\windows\system32\msgsvc.dll . . . is geïnfecteerd!! . e:\windows\NOTEPAD.EXE . . . is geïnfecteerd!! . e:\windows\pchealth\helpctr\binaries\HelpCtr.exe . . . is geïnfecteerd!! . e:\windows\system32\ahui.exe . . . is geïnfecteerd!! . e:\windows\system32\cleanmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\cmd.exe . . . is geïnfecteerd!! . e:\windows\system32\logonui.exe . . . is geïnfecteerd!! . e:\windows\system32\sndrec32.exe . . . is geïnfecteerd!! . e:\windows\system32\sysocmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\taskmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\wiaacmgr.exe . . . is geïnfecteerd!! . e:\windows\system32\usmt\migwiz.exe . . . is geïnfecteerd!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SSHNAS . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))) . . 2011-03-05 15:14 . 2011-04-01 11:56 -------- d-----r- E:\Program Files . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-05 16:18 . 2003-02-14 15:30 348480 ----a-w- e:\windows\system32\drivers\Cap7134.sys 2011-03-05 16:18 . 2003-01-29 10:49 110592 ----a-w- e:\windows\system32\34com.dll 2011-03-05 16:18 . 2003-01-29 10:45 90112 ----a-w- e:\windows\system32\Prop7134.dll 2011-03-05 16:18 . 2003-01-29 10:40 23552 ----a-w- e:\windows\system32\34ds.dll 2011-03-05 16:18 . 2003-01-29 10:40 94208 ----a-w- e:\windows\system32\34dialog.dll 2011-03-05 16:18 . 2003-01-29 10:39 73728 ----a-w- e:\windows\system32\34TvCtrl.dll 2011-03-05 16:18 . 2003-01-29 10:36 282624 ----a-w- e:\windows\system32\34dlg2.dll 2011-03-05 16:18 . 2003-01-29 10:33 135168 ----a-w- e:\windows\system32\34api.dll 2011-03-05 16:18 . 2003-01-29 10:32 77824 ----a-w- e:\windows\system32\34dd.dll 2011-03-05 16:18 . 2003-03-04 09:56 145408 ----a-w- e:\windows\system32\drivers\e100b325.sys 2011-03-05 16:18 . 2003-03-03 13:26 118784 ----a-w- e:\windows\system32\Prounstl.exe 2011-03-05 16:18 . 2003-02-03 03:26 12288 ----a-w- e:\windows\system32\e100bmsg.dll 2011-03-05 16:18 . 2002-12-29 02:00 24064 ----a-w- e:\windows\system32\IntelNic.dll 2011-03-05 16:16 . 2004-07-22 13:50 1268234 ----a-w- e:\windows\system32\drivers\AGRSM.sys 2011-03-05 16:16 . 2004-07-22 12:38 88361 ----a-w- e:\windows\AGRSMMSG.exe 2011-03-05 16:16 . 2004-04-05 09:49 64512 ----a-w- e:\windows\agrsmdel.exe 2011-03-05 14:38 . 2007-02-05 16:08 219136 ----a-w- e:\windows\system32\uxtheme.dll 2011-03-05 12:35 . 2011-03-05 12:35 715248 ----a-w- e:\windows\system32\drivers\sptd.svs 2011-03-18 18:03 . 2011-03-31 19:11 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- . [-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . e:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe [-] 2007-08-16 . F40B20B7EAAA306AC1CC95B7165A848A . 979456 . . [6.00.2900.3156] . . e:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD}] 2011-03-30 19:51 739328 ----a-w- e:\windows\system32\aoigwerg.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "DAEMON Tools Pro Agent"="e:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592] "SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "AGRSMMSG"="AGRSMMSG.exe" [2011-03-05 88361] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736] "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] "WinampAgent"="e:\program files\Winamp\winampa.exe" [2011-03-22 74752] "DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704] "SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "HitmanPro35"="e:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-04-01 6449984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2002-12-31 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "PackNoVs"="e:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304] . e:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Sweex WiFi Utility.lnk - e:\program files\Sweex\Installer\WINXP\SWU.exe [2011-3-12 598016] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "SetVisualStyle"= e:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc E 1 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "e:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Winamp\\winamp.exe"= "e:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "e:\\Program Files\\SopCast\\SopCast.exe"= "e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"= . R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [5-3-2011 16:35 715248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [16-3-2011 22:30 218688] S0 hpnebafs;hpnebafs;e:\windows\system32\drivers\hpnebafs.sys --> e:\windows\system32\drivers\hpnebafs.sys [?] S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);e:\documents and settings\Administrator\Bureaublad\HitmanPro35.exe [1-4-2011 13:55 6449984] S2 tlnasxhj;Microsoft USB 2.0 Enhanced Host Controller Miniport Helper;e:\windows\System32\svchost.exe -k netsvcs [31-12-2002 8:00 14336] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs tlnasxhj . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] 2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] 2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.fr12.nl/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s LSP: e:\program files\common files\pc tools\lsp\pctlsp.dll FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3fhmyps.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.fr12.nl/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-4E3E0230AEBB4E96 - e:\recycle.bin\Recycle.Bin.exe HKCU-Run-Kraxuquga - e:\windows\usysg3dp.dll HKLM_ActiveSetup-{D58F39FF-953E-4F45-898F-59F243B9A523} - e:\windows\system32\hidec . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-01 16:32 Windows 5.1.2600 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot] "ImagePath"="\"e:\documents and settings\Administrator\Bureaublad\HitmanPro35.exe\" /crusader:boot" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\ . [HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\SecuROM\License information*] "datasecu"=hex:d2,b5,ba,7a,50,dd,32,37,ee,18,af,f9,e1,ce,83,f8,83,e6,5a,0b,65, da,d8,64,fe,ad,4f,42,30,bd,2b,8a,c0,2b,76,9c,61,11,61,c4,ff,8e,e0,98,05,33,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(792) e:\windows\system32\sfc_os.dll e:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1944) e:\windows\system32\ntshrui.dll e:\windows\system32\browselc.dll e:\windows\system32\portabledeviceapi.dll e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD . Voltooingstijd: 2011-04-01 16:36:21 - machine werd herstart ComboFix-quarantined-files.txt 2011-04-01 14:36 . Pre-Run: 11.398.017.024 bytes beschikbaar Post-Run: 11.526.295.552 bytes beschikbaar . - - End Of File - - 9B6161D1E8E650C375A08C6184F4C482 nieuw logje HiJackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:42:07, on 1-4-2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Java\jre6\bin\jqs.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\UPHClean\uphclean.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\wuauclt.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Desktop Tray Clock\DTClock.exe E:\WINDOWS\AGRSMMSG.exe E:\WINDOWS\system32\wscntfy.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe E:\Program Files\DivX\DivX Update\DivXUpdate.exe E:\Program Files\Common Files\Java\Java Update\jusched.exe E:\Program Files\Sweex\Installer\WINXP\SWU.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe E:\WINDOWS\system32\wuauclt.exe E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FR12.nl - Waar Feyenoord is zijn wij! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD} - e:\windows\system32\aoigwerg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKLM\..\Run: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HitmanPro35] "E:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKCU\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [PackNoVs] "E:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe" --unsetvs (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [PackNoVs] "E:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe" --unsetvs (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sweex WiFi Utility.lnk = E:\Program Files\Sweex\Installer\WINXP\SWU.exe O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Hitman Pro 3.5 Crusader (Boot) (HitmanPro35CrusaderBoot) - SurfRight B.V. - E:\Documents and Settings\Administrator\Bureaublad\HitmanPro35.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5488 bytes Wanneer is het nou eindelijk over ?? Grt Kevin
-
Alles uitgezet maar het lukt niet om combofix te gebruiken, krijg elke keer deze melding (link ImageShack® - Online Photo and Video Hosting ) Is hier iets aan te doen?
-
Wederom bedankt voor de snelle reactie. Ik heb al het bovenstaande uitgevoerd. Volgens mij is Antimalware doctor er nu wel af...alleen zit er nog steeds wat rotzooi op. Zo kreeg ik tijdens het scannen van malwarebytes weer wat internet pop ups en nog een pop up (zie deze link ImageShack® - Online Photo and Video Hosting ) Ik heb ook nog even een screen gemaakt van mijn taakbeheer, misschien dat je hier ook nog iets vreemds aan zie? (link ImageShack® - Online Photo and Video Hosting ) En mijn pc blijft echt heel veel trager dan voorheen, waar zou dit door kunnen komen? Verder doet hij heel moeilijk over programma''s openen, alsof er op de achtergrond iets loopt wat dit in de gaten houd. Dan na het uitvoeren van al het bovenstaande weer twee logjes gemaakt. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6208 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 31-3-2011 20:31:48 mbam-log-2011-03-31 (20-31-48).txt Scantype: Snelle scan Objecten gescand: 149773 Verstreken tijd: 15 minuut/minuten, 35 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 2 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 2 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: e:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot. Bestanden geïnfecteerd: e:\recycle.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. e:\recycle.bin\recycle.bin.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:35:54, on 31-3-2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\svchost.exe E:\Program Files\PC Tools Security\pctsAuxs.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Desktop Tray Clock\DTClock.exe E:\WINDOWS\AGRSMMSG.exe E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe E:\Program Files\Winamp\winampa.exe E:\Program Files\DivX\DivX Update\DivXUpdate.exe E:\Program Files\PC Tools Security\BDT\FGuard.exe E:\Program Files\PC Tools Security\pctsGui.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Sweex\Installer\WINXP\SWU.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\UPHClean\uphclean.exe E:\Program Files\PC Tools Security\pctsSvc.exe E:\Program Files\DAEMON Tools Pro\DTShellHlp.exe E:\WINDOWS\system32\wuauclt.exe E:\Program Files\Java\jre6\bin\jqs.exe E:\Program Files\PC Tools Security\Update.exe E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe E:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FR12.nl - Waar Feyenoord is zijn wij! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD} - e:\windows\system32\aoigwerg.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKLM\..\Run: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [PCTools FGuard] E:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKLM\..\Run: [iSTray] "E:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [Kraxuquga] rundll32.exe "E:\WINDOWS\usysg3dp.dll",Startup O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [PackNoVs] "E:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe" --unsetvs (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [PackNoVs] "E:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe" --unsetvs (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sweex WiFi Utility.lnk = E:\Program Files\Sweex\Installer\WINXP\SWU.exe O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Browser Defender Update Service - Unknown owner - E:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\PC Tools Security\pctsSvc.exe -- End of file - 7093 bytes Kan je me trouwens vertellen wat het MOM.exe bestand is in mijn taakbeheer? Volgens mij was dit er nooit en zorgt dit voor de traagheid van de pc??? Hopelijk kan je nog iets vinden dat ik kan doen om echt alles er helemaal af te krijgen. Wederom alvast bedankt! Grt Kevin ---------- Post toegevoegd om 18:53 ---------- Vorige post was om 18:41 ---------- Na het opnieuw opstarten van mijn pc ziet taakbeheer er zo uit (link http://img850.imageshack.us/i/taakbeheer2.jpg/ ) er staan weer wat andere programmaatjes tussen, waaronder CCC.exe, ik heb het gevoel dat dit ook iets regelt?? Of zie ik nu overal spoken? HijakThis heb ik ook een nieuwe log gemaakt na het rebooten, misschien dat je nog een verschil ontdek met die van hiervoor. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:53:09, on 31-3-2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Java\jre6\bin\jqs.exe E:\Program Files\PC Tools Security\pctsAuxs.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Desktop Tray Clock\DTClock.exe E:\WINDOWS\AGRSMMSG.exe E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe E:\Program Files\Winamp\winampa.exe E:\Program Files\DivX\DivX Update\DivXUpdate.exe E:\Program Files\PC Tools Security\BDT\FGuard.exe E:\Program Files\PC Tools Security\pctsGui.exe E:\Program Files\Common Files\Java\Java Update\jusched.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe E:\Program Files\DAEMON Tools Pro\DTAgent.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Sweex\Installer\WINXP\SWU.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\UPHClean\uphclean.exe E:\Program Files\DAEMON Tools Pro\DTShellHlp.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe E:\Program Files\PC Tools Security\pctsSvc.exe E:\WINDOWS\system32\wuauclt.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Winamp\winamp.exe E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe E:\WINDOWS\system32\taskmgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FR12.nl - Waar Feyenoord is zijn wij! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD} - e:\windows\system32\aoigwerg.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKLM\..\Run: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [PCTools FGuard] E:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKLM\..\Run: [iSTray] "E:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [4E3E0230AEBB4E96] E:\Recycle.Bin\Recycle.Bin.exe O4 - HKCU\..\Run: [Kraxuquga] rundll32.exe "E:\WINDOWS\usysg3dp.dll",Startup O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\Run: [4E3E0230AEBB4E96] E:\Recycle.Bin\Recycle.Bin.exe (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [PackNoVs] "E:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe" --unsetvs (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [PackNoVs] "E:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe" --unsetvs (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sweex WiFi Utility.lnk = E:\Program Files\Sweex\Installer\WINXP\SWU.exe O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Browser Defender Update Service - Unknown owner - E:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\PC Tools Security\pctsSvc.exe -- End of file - 7222 bytes Hopelijk tot snel met weer een mooie oplossing grt
-
tuurlijk...nieuw logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:43:54, on 31-3-2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\svchost.exe E:\Program Files\PC Tools Security\pctsAuxs.exe E:\Program Files\PC Tools Security\pctsSvc.exe E:\WINDOWS\system32\rundll32.exe E:\WINDOWS\VistaDrive\VistaDrive.exe E:\WINDOWS\AGRSMMSG.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe E:\Program Files\DivX\DivX Update\DivXUpdate.exe E:\Program Files\PC Tools Security\BDT\FGuard.exe E:\Program Files\PC Tools Security\pctsGui.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Sweex\Installer\WINXP\SWU.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\UPHClean\uphclean.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\WINDOWS\system32\wuauclt.exe E:\Program Files\PC Tools Security\Update.exe E:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe E:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe E:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe E:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe E:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FR12.nl - Waar Feyenoord is zijn wij! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD} - e:\windows\system32\aoigwerg.dll (file missing) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [VistaDrive] E:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKLM\..\Run: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [PCTools FGuard] E:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKLM\..\Run: [iSTray] "E:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [Kraxuquga] rundll32.exe "E:\WINDOWS\usysg3dp.dll",Startup O4 - HKCU\..\Run: [Q8PS7ZCLN6] E:\WINDOWS\Epekoh.exe O4 - HKCU\..\Run: [NtWqIVLZEWZU] E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ens.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sweex WiFi Utility.lnk = E:\Program Files\Sweex\Installer\WINXP\SWU.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - Help and Support (file missing) O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - Help and Support (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583},CLSID,0,{1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583},Exec,0,E: - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583},MenuText,0,@xpsp3res.dll - (no file) O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: gmecoss - E:\Documents and Settings\NetworkService\Local Settings\Application Data\gmecoss.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Browser Defender Update Service - Unknown owner - E:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\PC Tools Security\pctsSvc.exe -- End of file - 7941 bytes
-
Ok :-( Misschien dat ik daar dan l wat mee heb verziekt, maar dat zie ik later wel weer. Eerst dit probleem maar eens zien op te lossen. Want mijn pc is hierdoor echt zo traag, niet normaal! Maar ik weet dus niet of dat nu nog komt door die antimalware doctor of een ander virus. Hopelijk kunnen jullie dat middels onderstaand logje achterhalen. Log HiJackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:49:14, on 31-3-2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe E:\WINDOWS\Explorer.EXE E:\Program Files\PC Tools Security\pctsAuxs.exe E:\Program Files\PC Tools Security\pctsSvc.exe E:\WINDOWS\system32\rundll32.exe E:\WINDOWS\VistaDrive\VistaDrive.exe E:\WINDOWS\AGRSMMSG.exe E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe E:\Program Files\DivX\DivX Update\DivXUpdate.exe E:\Program Files\PC Tools Security\BDT\FGuard.exe E:\Program Files\PC Tools Security\pctsGui.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Sweex\Installer\WINXP\SWU.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\UPHClean\uphclean.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe E:\WINDOWS\system32\wuauclt.exe E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FR12.nl - Waar Feyenoord is zijn wij! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD} - e:\windows\system32\aoigwerg.dll (file missing) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - E:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [VistaDrive] E:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKLM\..\Run: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [PCTools FGuard] E:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKLM\..\Run: [iSTray] "E:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [Kraxuquga] rundll32.exe "E:\WINDOWS\usysg3dp.dll",Startup O4 - HKCU\..\Run: [Q8PS7ZCLN6] E:\WINDOWS\Epekoh.exe O4 - HKCU\..\Run: [NtWqIVLZEWZU] E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ens.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Sweex WiFi Utility.lnk = E:\Program Files\Sweex\Installer\WINXP\SWU.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - Help and Support (file missing) O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - Help and Support (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583},CLSID,0,{1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583},Exec,0,E: - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583},MenuText,0,@xpsp3res.dll - (no file) O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: gmecoss - E:\Documents and Settings\NetworkService\Local Settings\Application Data\gmecoss.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Browser Defender Update Service - Unknown owner - E:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\PC Tools Security\pctsSvc.exe -- End of file - 7489 bytes Log MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6208 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 31-3-2011 6:09:55 mbam-log-2011-03-31 (06-09-55).txt Scantype: Volledige scan (C:\|D:\|E:\|) Objecten gescand: 302291 Verstreken tijd: 4 uur/uren, 24 minuut/minuten, 4 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 5 Registerwaarden geïnfecteerd: 2 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 39 Geheugenprocessen geïnfecteerd: e:\documents and settings\administrator\ruyif.exe (Heuristics.Shuriken) -> 3564 -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: e:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\OUU6KC5WPX (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ruyif (Heuristics.Shuriken) -> Value: ruyif -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OUU6KC5WPX (Trojan.FakeAlert) -> Value: OUU6KC5WPX -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: e:\documents and settings\administrator\ruyif.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. c:\documents and settings\kevin & deborah\application data\dwm.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\kevin & deborah\application data\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\kevin & deborah\local settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\kevin & deborah\local settings\Temp\44.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\components\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\vso\convertxtodvd\convertxtodvdv2x_goldcrackb2.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\program files\internet explorer\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\DpiSca.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\nbnnlwzg.dll (Trojan.Boaxxe) -> Quarantined and deleted successfully. c:\WINDOWS\system32\drivers\lunpteoo.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\10.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\27.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\29.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\Abv.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\Abw.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\Abx.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\Aby.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\B.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\D.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\doskeya.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\E.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\F.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\ifvb\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. e:\documents and settings\administrator\local settings\Temp\7.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. e:\WINDOWS\Temp\9.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. e:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot. e:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. e:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. e:\documents and settings\administrator\local settings\Temp\Enr.exe (Trojan.FakeAlert) -> Delete on reboot. Hoop echt dat dit snel opgelost is! Alvast heel erg bedank voor de reacties en de hulp! Groeten, Kevin
-
Ik heb sinds gister ook dit irritante virus. Nu had ik op dit forum al wat gelezen hierover via deze link, http://www.pc-helpforum.be/f201/antimalware-doctor-volledig-verwijderen-maar-hoe-26165/ Ik heb dit gevolgd maar helaas nog steeds problemen. Als ik deze stappen volg wordt antimalware wel uitgeschakeld. Alleen als ik de pc opnieuw opstart begint alles weer opnieuw. Het lijkt er dus op dat het hoofdbestand die alles opstart niet verwijderd wordt. Misschien dat er ook nog wel een ander virus gelijk is meegekomen. Kan iemand dit zien middels een HiJackThis log? het zou kunnen dat dit komt omdat er in HiJackThis andere stukken staan dan die in de link worden genoemd. Doordat mijn pc erg traag is door dit virus zet ik nu alvast een discussie op. Vanavond als ik thuis ben zal ik de HiJackthis log en de MBAM log plaatsen. Hopelijk kan iemand me dan helpen om dit vervelende virus voorgoed te verwijderen. Alvast heel erg bedankt. Grt Kevin
