
dries.vanysacker
Lid-
Items
10 -
Registratiedatum
-
Laatst bezocht
Over dries.vanysacker
- Verjaardag 06-01-1988
dries.vanysacker's prestaties
-
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
wel avg flipt niet meer nu en je heeft nog een worm ontdekt maar die is nu al verwijderd denk ik, moet ik nu alles nog verwijderen via uitvoeren: combofix/u en de rest doen zoals je al had gezegt? -
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
nog effetjes melden dat mijn computer niet wou afsluiten na dit vorige gedaan te hebben je zat waarschijnlijk vast heb dan ook zonder stroom moeten zetten en herop starten maar alles lijkt goed, khoop dat dit geen invloed heeft alles wat we gedaan hadden. btw nog eens merci voor de hulp -
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
ComboFix 09-04-28.05 - Dries Vanysacker 29/04/2009 16:12.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.502.157 [GMT 2:00] Gestart vanuit: c:\documents and settings\Dries Vanysacker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Dries Vanysacker\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt FILE :: C:\d1vmq.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\d1vmq.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))) . 2009-04-29 13:09 . 2009-04-29 13:47 -------- d--h--w C:\$AVG8.VAULT$ 2009-04-29 13:04 . 2009-04-29 13:04 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-29 13:04 . 2009-04-29 13:04 76040 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-29 13:04 . 2009-04-29 13:04 97928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-29 13:04 . 2009-04-29 13:06 -------- d-----w c:\windows\system32\drivers\Avg 2009-04-29 13:04 . 2009-04-29 13:04 -------- d-----w c:\documents and settings\Dries Vanysacker\Application Data\AVGTOOLBAR 2009-04-29 13:04 . 2009-04-29 13:04 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\Dries Vanysacker\Application Data\Malwarebytes 2009-04-28 06:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-28 06:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-27 20:06 . 2009-04-27 20:06 -------- d-----w c:\program files\Trend Micro 2009-04-27 15:07 . 2009-04-27 15:07 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-26 19:57 . 2001-09-06 19:27 5632 ----a-w c:\windows\system32\ptpusb.dll 2009-04-26 19:57 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys 2009-04-26 19:57 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys 2009-04-26 19:57 . 2008-04-14 17:02 159232 ----a-w c:\windows\system32\ptpusd.dll 2009-04-26 08:20 . 2009-04-29 13:48 -------- d-----w c:\program files\Common Files\Akamai 2009-04-25 15:33 . 2009-04-26 12:45 -------- d-----w C:\Autodesk 2009-04-16 15:52 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 15:52 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 15:52 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 15:52 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 15:52 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 15:52 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 15:52 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 15:52 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 15:52 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 15:51 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-06 14:20 . 2009-04-06 14:20 -------- d-----w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\DriveWorks Ltd 2009-04-03 16:37 . 2009-04-03 16:37 -------- d--h--r c:\documents and settings\Dries Vanysacker\Application Data\SecuROM 2009-04-03 16:37 . 2009-04-03 16:37 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-04-03 15:50 . 2006-09-28 14:04 68888 ----a-w c:\windows\system32\xinput1_3.dll 2009-04-03 15:50 . 2006-09-28 14:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll 2009-04-03 15:48 . 2009-04-03 15:48 -------- d-----w c:\windows\system32\AGEIA 2009-04-03 15:47 . 2009-04-03 15:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-28 07:09 . 2006-09-06 18:17 126096 ----a-w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-27 15:13 . 2008-04-28 16:45 -------- d-----w c:\program files\Common Files\Autodesk Shared 2009-04-22 19:05 . 2008-09-27 12:30 -------- d-----w c:\program files\MSECache 2009-04-17 06:36 . 2006-04-10 12:00 93948 ----a-w c:\windows\system32\perfc013.dat 2009-04-17 06:36 . 2006-04-10 12:00 515492 ----a-w c:\windows\system32\perfh013.dat 2009-04-03 15:48 . 2008-09-27 16:50 -------- d-----w c:\program files\AGEIA Technologies 2009-04-03 15:22 . 2006-07-18 10:35 -------- d-----w c:\program files\DivX 2009-04-03 15:22 . 2006-11-05 21:24 -------- d-----w c:\program files\Return to Castle Wolfenstein 2009-03-06 14:23 . 2006-04-10 12:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2006-04-10 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:18 . 2006-04-10 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 17:10 . 2004-08-04 00:58 2070400 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:08 . 2006-04-10 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2006-04-10 12:00 2193408 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2006-04-10 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2006-04-10 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2006-04-10 12:00 684544 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:56 . 2006-04-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2006-04-10 12:00 735744 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 10:39 . 2006-04-10 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2006-04-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-09-30 10:19 . 2008-09-30 10:19 596 -c--a-w c:\program files\SolidWorksswxJRNL.BAK 2006-07-18 10:35 . 2006-07-18 10:35 8 --sh--r c:\windows\system32\182E119D80.sys 2006-07-18 10:35 . 2006-07-18 10:35 4704 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-04-28_17.20.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-29 11:48 . 2009-04-29 11:48 16384 c:\windows\Temp\Perflib_Perfdata_750.dat + 2009-04-29 11:48 . 2009-04-29 11:48 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat + 2009-04-29 13:04 . 2009-04-29 13:04 26824 c:\windows\system32\drivers\avgmfx86.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-29 1235736] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-06 16251904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^Dries Vanysacker^Menu Start^Programma's^Opstarten^SolidWorks Task Scheduler Engine.lnk] path=c:\documents and settings\Dries Vanysacker\Menu Start\Programma's\Opstarten\SolidWorks Task Scheduler Engine.lnk backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\games\\Call Of Duty\\CoDMP.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1473:TCP"= 1473:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "1061:TCP"= 1061:TCP:Akamai NetSession Interface "1086:TCP"= 1086:TCP:Akamai NetSession Interface "1595:TCP"= 1595:TCP:Akamai NetSession Interface "2019:TCP"= 2019:TCP:Akamai NetSession Interface "1150:TCP"= 1150:TCP:Akamai NetSession Interface "1548:TCP"= 1548:TCP:Akamai NetSession Interface R1 mailKmd;mailKmd; [x] R1 Wbutton;Wbutton; [x] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 231704] R3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\DRIVERS\usb101et.sys [2004-08-03 32384] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-29 97928] S1 Hotkey;Hotkey; [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-29 875288] S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-29 76040] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - AVG8EMC *NewlyCreated* - AVG8WD *NewlyCreated* - AVGLDX86 *NewlyCreated* - AVGMFX86 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7577c2-19e8-11db-859b-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e142b44-54b6-11dc-a1d3-00166fac9e19}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38f72d8-3ca0-11dd-a32b-00166fac9e19}] \Shell\AutoRun\command - f:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e55560-474c-11dc-a1b2-00166fac9e19}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab FF - ProfilePath - c:\documents and settings\Dries Vanysacker\Application Data\Mozilla\Firefox\Profiles\3drs71h1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-29 16:17 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2009-04-29 16:21 ComboFix-quarantined-files.txt 2009-04-29 14:21 ComboFix2.txt 2009-04-29 12:02 ComboFix3.txt 2009-04-28 17:26 Pre-Run: 19.930.492.928 bytes beschikbaar Post-Run: 19.922.931.712 bytes beschikbaar 210 --- E O F --- 2009-04-28 18:47 -
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
ComboFix 09-04-28.03 - Dries Vanysacker 29/04/2009 13:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.502.233 [GMT 2:00] Gestart vanuit: c:\documents and settings\Dries Vanysacker\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))) . 2009-04-28 07:35 . 2009-03-12 15:42 108840 --sh--r C:\d1vmq.exe 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\Dries Vanysacker\Application Data\Malwarebytes 2009-04-28 06:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-28 06:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-27 20:06 . 2009-04-27 20:06 -------- d-----w c:\program files\Trend Micro 2009-04-27 15:07 . 2009-04-27 15:07 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-26 19:57 . 2001-09-06 19:27 5632 ----a-w c:\windows\system32\ptpusb.dll 2009-04-26 19:57 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys 2009-04-26 19:57 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys 2009-04-26 19:57 . 2008-04-14 17:02 159232 ----a-w c:\windows\system32\ptpusd.dll 2009-04-26 08:20 . 2009-04-29 11:49 -------- d-----w c:\program files\Common Files\Akamai 2009-04-25 15:33 . 2009-04-26 12:45 -------- d-----w C:\Autodesk 2009-04-16 15:52 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 15:52 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 15:52 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 15:52 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 15:52 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 15:52 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 15:52 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 15:52 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 15:52 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 15:51 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-06 14:20 . 2009-04-06 14:20 -------- d-----w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\DriveWorks Ltd 2009-04-03 16:37 . 2009-04-03 16:37 -------- d--h--r c:\documents and settings\Dries Vanysacker\Application Data\SecuROM 2009-04-03 16:37 . 2009-04-03 16:37 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-04-03 15:50 . 2006-09-28 14:04 68888 ----a-w c:\windows\system32\xinput1_3.dll 2009-04-03 15:50 . 2006-09-28 14:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll 2009-04-03 15:48 . 2009-04-03 15:48 -------- d-----w c:\windows\system32\AGEIA 2009-04-03 15:47 . 2009-04-03 15:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-28 07:09 . 2006-09-06 18:17 126096 ----a-w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-27 15:13 . 2008-04-28 16:45 -------- d-----w c:\program files\Common Files\Autodesk Shared 2009-04-22 19:05 . 2008-09-27 12:30 -------- d-----w c:\program files\MSECache 2009-04-17 06:36 . 2006-04-10 12:00 93948 ----a-w c:\windows\system32\perfc013.dat 2009-04-17 06:36 . 2006-04-10 12:00 515492 ----a-w c:\windows\system32\perfh013.dat 2009-04-03 15:48 . 2008-09-27 16:50 -------- d-----w c:\program files\AGEIA Technologies 2009-04-03 15:22 . 2006-07-18 10:35 -------- d-----w c:\program files\DivX 2009-04-03 15:22 . 2006-11-05 21:24 -------- d-----w c:\program files\Return to Castle Wolfenstein 2009-03-06 14:23 . 2006-04-10 12:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2006-04-10 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-02 17:11 . 2009-03-10 17:01 108423 --sh--r C:\2.com 2009-02-20 17:18 . 2006-04-10 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 17:10 . 2004-08-04 00:58 2070400 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:08 . 2006-04-10 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2006-04-10 12:00 2193408 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2006-04-10 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2006-04-10 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2006-04-10 12:00 684544 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:56 . 2006-04-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2006-04-10 12:00 735744 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 10:39 . 2006-04-10 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2006-04-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-09-30 10:19 . 2008-09-30 10:19 596 -c--a-w c:\program files\SolidWorksswxJRNL.BAK 2008-11-19 20:32 . 2008-01-05 10:56 67696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-11-19 20:32 . 2008-01-05 10:56 54376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-19 20:32 . 2008-01-05 10:56 34952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-11-19 20:32 . 2008-01-05 10:56 46720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-11-19 20:32 . 2008-01-05 10:56 172144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2006-07-18 10:35 . 2006-07-18 10:35 8 --sh--r c:\windows\system32\182E119D80.sys 2006-07-18 10:35 . 2006-07-18 10:35 4704 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-04-28_17.20.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-29 11:48 . 2009-04-29 11:48 16384 c:\windows\Temp\Perflib_Perfdata_750.dat + 2009-04-29 11:48 . 2009-04-29 11:48 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-06 16251904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKLM\~\startupfolder\C:^Documents and Settings^Dries Vanysacker^Menu Start^Programma's^Opstarten^SolidWorks Task Scheduler Engine.lnk] path=c:\documents and settings\Dries Vanysacker\Menu Start\Programma's\Opstarten\SolidWorks Task Scheduler Engine.lnk backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\games\\Call Of Duty\\CoDMP.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1473:TCP"= 1473:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "1061:TCP"= 1061:TCP:Akamai NetSession Interface "1086:TCP"= 1086:TCP:Akamai NetSession Interface "1595:TCP"= 1595:TCP:Akamai NetSession Interface "2019:TCP"= 2019:TCP:Akamai NetSession Interface R1 mailKmd;mailKmd; [x] R1 Wbutton;Wbutton; [x] R3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\DRIVERS\usb101et.sys [2004-08-03 32384] S1 Hotkey;Hotkey; [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19d5e86e-8e80-11db-a078-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7577c2-19e8-11db-859b-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c96618c-17d4-11de-a3e9-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e142b44-54b6-11dc-a1d3-00166fac9e19}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53f16d5a-74f4-11dd-a35f-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38f72d8-3ca0-11dd-a32b-00166fac9e19}] \Shell\AutoRun\command - f:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e55560-474c-11dc-a1b2-00166fac9e19}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dca118a8-0d92-11de-a3cf-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e93801-12d7-11de-a3dc-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab FF - ProfilePath - c:\documents and settings\Dries Vanysacker\Application Data\Mozilla\Firefox\Profiles\3drs71h1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-29 13:59 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3764) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2009-04-29 14:02 ComboFix-quarantined-files.txt 2009-04-29 12:01 ComboFix2.txt 2009-04-28 17:26 Pre-Run: 20.519.448.576 bytes beschikbaar Post-Run: 20.512.653.312 bytes beschikbaar 206 --- E O F --- 2009-04-28 18:47 -
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
moet ik nu dit alles doen als je daar eerst zei: uitvoeren: combofix/u ... of eerst nog iets anders? -
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
heb dit gedaan: gevonden bij de andere dat je gehelpt hebt Download Combofix naar je Bureaublad. Lees hier meer over correct gebruik van Combofix. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Volg de instructies, aanvaard de disclaimer door op Ja te klikken. Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA). Klik op OK en Ja om automatisch de Recovery Console te laten installeren. Klik na afloop terug op Ja om het scannen op malware te starten. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen. Post dit logje in je volgende antwoord, samen met een nieuw log van HiJackThis. resultaat combofix: ComboFix 09-04-27.05 - Dries Vanysacker 28/04/2009 19:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.502.242 [GMT 2:00] Gestart vanuit: c:\documents and settings\Dries Vanysacker\Bureaublad\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\Dries Vanysacker\Mijn documenten\My Documents.url C:\SETUP.BAT c:\windows\Downloaded Program Files.\cnsweb3d.inf c:\windows\Downloaded Program Files.\cnsweb3d.ocx c:\windows\system32\optyhww0.dll c:\windows\system32\urretnd.exe D:\Autorun.inf G:\Autorun.inf . (((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))) . 2009-04-28 07:35 . 2009-03-12 15:42 108840 --sh--r C:\d1vmq.exe 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\Dries Vanysacker\Application Data\Malwarebytes 2009-04-28 06:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-28 06:52 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-28 06:52 . 2009-04-28 06:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-27 20:06 . 2009-04-27 20:06 -------- d-----w c:\program files\Trend Micro 2009-04-27 15:07 . 2009-04-27 15:07 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-26 19:57 . 2001-09-06 19:27 5632 ----a-w c:\windows\system32\ptpusb.dll 2009-04-26 19:57 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys 2009-04-26 19:57 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys 2009-04-26 19:57 . 2008-04-14 17:02 159232 ----a-w c:\windows\system32\ptpusd.dll 2009-04-26 08:20 . 2009-04-28 17:19 -------- d-----w c:\program files\Common Files\Akamai 2009-04-25 15:33 . 2009-04-26 12:45 -------- d-----w C:\Autodesk 2009-04-16 15:52 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 15:52 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 15:52 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 15:52 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 15:52 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 15:52 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 15:52 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 15:52 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 15:52 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 15:51 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-06 14:20 . 2009-04-06 14:20 -------- d-----w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\DriveWorks Ltd 2009-04-03 16:37 . 2009-04-03 16:37 -------- d--h--r c:\documents and settings\Dries Vanysacker\Application Data\SecuROM 2009-04-03 16:37 . 2009-04-03 16:37 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-04-03 15:50 . 2006-09-28 14:04 68888 ----a-w c:\windows\system32\xinput1_3.dll 2009-04-03 15:50 . 2006-09-28 14:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll 2009-04-03 15:48 . 2009-04-03 15:48 -------- d-----w c:\windows\system32\AGEIA 2009-04-03 15:47 . 2009-04-03 15:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-28 07:09 . 2006-09-06 18:17 126096 ----a-w c:\documents and settings\Dries Vanysacker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-27 15:13 . 2008-04-28 16:45 -------- d-----w c:\program files\Common Files\Autodesk Shared 2009-04-22 19:05 . 2008-09-27 12:30 -------- d-----w c:\program files\MSECache 2009-04-17 06:36 . 2006-04-10 12:00 93948 ----a-w c:\windows\system32\perfc013.dat 2009-04-17 06:36 . 2006-04-10 12:00 515492 ----a-w c:\windows\system32\perfh013.dat 2009-04-03 15:48 . 2008-09-27 16:50 -------- d-----w c:\program files\AGEIA Technologies 2009-04-03 15:22 . 2006-07-18 10:35 -------- d-----w c:\program files\DivX 2009-04-03 15:22 . 2006-11-05 21:24 -------- d-----w c:\program files\Return to Castle Wolfenstein 2009-03-06 14:23 . 2006-04-10 12:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2006-04-10 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-03-02 17:11 . 2009-03-10 17:01 108423 --sh--r C:\2.com 2009-02-20 17:18 . 2006-04-10 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 17:10 . 2004-08-04 00:58 2070400 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:08 . 2006-04-10 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2006-04-10 12:00 2193408 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2006-04-10 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2006-04-10 12:00 734208 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2006-04-10 12:00 684544 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:56 . 2006-04-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2006-04-10 12:00 735744 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 10:39 . 2006-04-10 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2006-04-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-09-30 10:19 . 2008-09-30 10:19 596 -c--a-w c:\program files\SolidWorksswxJRNL.BAK 2008-11-19 20:32 . 2008-01-05 10:56 67696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-11-19 20:32 . 2008-01-05 10:56 54376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-19 20:32 . 2008-01-05 10:56 34952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-11-19 20:32 . 2008-01-05 10:56 46720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-11-19 20:32 . 2008-01-05 10:56 172144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2006-07-18 10:35 . 2006-07-18 10:35 8 --sh--r c:\windows\system32\182E119D80.sys 2006-07-18 10:35 . 2006-07-18 10:35 4704 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-06 16251904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] [HKLM\~\startupfolder\C:^Documents and Settings^Dries Vanysacker^Menu Start^Programma's^Opstarten^SolidWorks Task Scheduler Engine.lnk] path=c:\documents and settings\Dries Vanysacker\Menu Start\Programma's\Opstarten\SolidWorks Task Scheduler Engine.lnk backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\games\\Call Of Duty\\CoDMP.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1473:TCP"= 1473:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "1061:TCP"= 1061:TCP:Akamai NetSession Interface "1086:TCP"= 1086:TCP:Akamai NetSession Interface "1595:TCP"= 1595:TCP:Akamai NetSession Interface "2019:TCP"= 2019:TCP:Akamai NetSession Interface R1 mailKmd;mailKmd; [x] R1 Wbutton;Wbutton; [x] R3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\DRIVERS\usb101et.sys [2004-08-03 32384] S1 Hotkey;Hotkey; [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19d5e86e-8e80-11db-a078-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c7577c2-19e8-11db-859b-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c96618c-17d4-11de-a3e9-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e142b44-54b6-11dc-a1d3-00166fac9e19}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53f16d5a-74f4-11dd-a35f-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38f72d8-3ca0-11dd-a32b-00166fac9e19}] \Shell\AutoRun\command - f:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e55560-474c-11dc-a1b2-00166fac9e19}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dca118a8-0d92-11de-a3cf-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e93801-12d7-11de-a3dc-00166fac9e19}] \Shell\AutoRun\command - F:\d1vmq.exe \Shell\open\Command - F:\d1vmq.exe . Inhoud van de 'Gedeelde Taken' map . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-cbvcs - c:\windows\system32\urretnd.exe . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab FF - ProfilePath - c:\documents and settings\Dries Vanysacker\Application Data\Mozilla\Firefox\Profiles\3drs71h1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-28 19:20 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3596) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Voltooingstijd: 2009-04-28 19:26 - machine werd herstart ComboFix-quarantined-files.txt 2009-04-28 17:26 Pre-Run: 20.396.199.936 bytes beschikbaar Post-Run: 20.585.889.792 bytes beschikbaar 225 --- E O F --- 2009-04-27 23:12 van Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:26, on 28/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153231920254 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 6860 bytes -
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
heb dat van combofix/u geprobeert maar windows kent dit niet kan het zijn dat er iets mis typt was? -
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
heb ik al gedaan hier onder de logs van MBAM: Malwarebytes' Anti-Malware 1.36 Database versie: 2051 Windows 5.1.2600 Service Pack 3 28/04/2009 9:04:20 mbam-log-2009-04-28 (09-04-20).txt Scan type: Snelle Scan Objecten gescand: 91773 Verstreken tijd: 5 minute(s), 9 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 5 Registerwaarden geïnfecteerd: 1 Registerdata bestanden geïnfecteerd: 3 Mappen geïnfecteerd: 9 Bestanden geïnfecteerd: 13 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool (Rogue.RegTool) -> Delete on reboot. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Delete on reboot. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW\2009-04-27 20-11-370 (Rogue.RegTool) -> Delete on reboot. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW\2009-04-27 20-11-370 (Rogue.RegTool) -> Files: 444 -> Delete on reboot. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW\2009-04-27 20-15-560 (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW\2009-04-27 20-16-080 (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW\2009-04-27 20-16-130 (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\optyhww1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\Logs\2009-04-27 20-05-350.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW\2009-04-27 20-15-560\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW\2009-04-27 20-16-080\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\QuarantineW\2009-04-27 20-16-130\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Dries Vanysacker\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Start\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully. de logfile hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:14:47, on 28/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153231920254 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 7431 bytes btw alvast bedankt aan iedereen die mij wou en helpt dries -
help!! zit met een virus
dries.vanysacker reageerde op dries.vanysacker's topic in Archief Andere software
HEB IK GEDAAN HIER RESULTATEN: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:35, on 27/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\SolidWorks\sldworks.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153231920254 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002/SysVerChk.ocx O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002/AcDcToday.ocx O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%20LT%202002/InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O24 - Desktop Component 0: (no name) - http://f.screensavers.com/migration/ss/Bikinicom02_215.gif O24 - Desktop Component 1: (no name) - http://www.bird-man.com/images/attachments/_06_26_2004-babe.jpg -- -
hallo, kan iemand mij helpen, ik zit met een melding van mijn avg (2008) dat ik met een virus zit maar ik durf het er niet van doen want dan komt de melding dat sommige dingen niet meer zouden werken of dat het kan zijn dat mijn computer crasht, de melding van avg is: C:\Windows\system32\optyhwwo.dll virus found 32/heur C:\Windows\system32\urrenthd.exe virus found identified worm/ autorun.FR ik heb al systeem herstel geporbeerd maar dat wil hij ook al niet meer doen kan iemand mij helpen?

OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!