Ga naar inhoud

PCdwaas

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    13

  • Registratiedatum

  • Laatst bezocht

PCdwaas's prestaties

Groentje

Groentje (2/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. PCdwaas
    Start -> Uitvoeren en typ: ComboFix /Uninstall lukt niet . Ik krijg een foutmelding. Alles werkt wel naar behoren . Bedankt voor de hulp !!!
  2. PCdwaas
    Kheb het bovenstaande gedaan en daarna avg terug geïnstalleerd en nog eens laten scannen. Geen virussen of dergelijke gevonden. Alles ziet er terug normaal uit nu. Ik hoop dat het zo blijft .Ik weet niet of ik nog iets moet doen nu? Zoniet, hartelijk dank voor je hulp!!!
  3. PCdwaas
    Het is antivir geworden. Na het scannen heb ik dit in quarantaine gezet. Virus TR/Crypt.XPACK.Gen2Date discovered:08/10/2009Type:Trojan Avira AntiVir Personal Report file date: zaterdag 13 november 2010 21:41 Scanning for 3043866 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : PRIVATE-E727259 Version information: BUILD.DAT : 10.0.0.592 31823 Bytes 9/08/2010 11:00:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 2/08/2010 15:09:56 AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 12:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 2/08/2010 15:10:00 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 09:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 11:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 15:10:03 VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 15:10:04 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 15:10:06 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 20:30:28 VBASE009.VDF : 7.10.13.80 2265600 Bytes 2/11/2010 20:30:33 VBASE010.VDF : 7.10.13.81 2048 Bytes 2/11/2010 20:30:33 VBASE011.VDF : 7.10.13.82 2048 Bytes 2/11/2010 20:30:33 VBASE012.VDF : 7.10.13.83 2048 Bytes 2/11/2010 20:30:33 VBASE013.VDF : 7.10.13.116 147968 Bytes 4/11/2010 20:30:34 VBASE014.VDF : 7.10.13.147 146944 Bytes 7/11/2010 20:30:34 VBASE015.VDF : 7.10.13.180 123904 Bytes 9/11/2010 20:30:34 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 20:30:35 VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 20:30:35 VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 20:30:35 VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 20:30:35 VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 20:30:35 VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 20:30:35 VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 20:30:35 VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 20:30:35 VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 20:30:35 VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 20:30:35 VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 20:30:35 VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 20:30:35 VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 20:30:35 VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 20:30:36 VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 20:30:36 VBASE031.VDF : 7.10.13.237 73728 Bytes 13/11/2010 20:30:36 Engineversion : 8.2.4.98 AEVDF.DLL : 8.1.2.1 106868 Bytes 2/08/2010 15:09:54 AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 13/11/2010 20:30:44 AESCN.DLL : 8.1.6.1 127347 Bytes 2/08/2010 15:09:53 AESBX.DLL : 8.1.3.1 254324 Bytes 2/08/2010 15:09:53 AERDL.DLL : 8.1.9.2 635252 Bytes 13/11/2010 20:30:43 AEPACK.DLL : 8.2.3.11 471416 Bytes 13/11/2010 20:30:42 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 2/08/2010 15:09:52 AEHEUR.DLL : 8.1.2.41 3043703 Bytes 13/11/2010 20:30:41 AEHELP.DLL : 8.1.14.0 246134 Bytes 13/11/2010 20:30:38 AEGEN.DLL : 8.1.3.24 401781 Bytes 13/11/2010 20:30:37 AEEMU.DLL : 8.1.2.0 393588 Bytes 2/08/2010 15:09:49 AECORE.DLL : 8.1.17.0 196982 Bytes 13/11/2010 20:30:37 AEBB.DLL : 8.1.1.0 53618 Bytes 2/08/2010 15:09:48 AVWINLL.DLL : 10.0.0.0 19304 Bytes 2/08/2010 15:09:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 2/08/2010 15:09:55 AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 2/08/2010 15:09:55 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2/08/2010 15:09:56 AVARKT.DLL : 10.0.0.14 227176 Bytes 2/08/2010 15:09:54 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2/08/2010 15:09:55 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 2/08/2010 15:09:56 NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 2/08/2010 15:10:08 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: zaterdag 13 november 2010 21:41 Starting search for hidden objects. HKEY_LOCAL_MACHINE\Software\Google\Update\network\secure-S-1-5-18\sk [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. c:\windows\explorer.exe c:\WINDOWS\explorer.exe [NOTE] The process is not visible. The scan of running processes will be started Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '67' Module(s) have been scanned Scan process 'avcenter.exe' - '62' Module(s) have been scanned Scan process 'avgnt.exe' - '50' Module(s) have been scanned Scan process 'sched.exe' - '56' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'avguard.exe' - '54' Module(s) have been scanned Scan process 'iexplore.exe' - '147' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'iexplore.exe' - '95' Module(s) have been scanned Scan process 'notepad.exe' - '26' Module(s) have been scanned Scan process 'explorer.exe' - '91' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '63' Module(s) have been scanned Scan process 'WMPNSCFG.exe' - '26' Module(s) have been scanned Scan process 'AdobeARM.exe' - '59' Module(s) have been scanned Scan process 'FSRremoS.EXE' - '18' Module(s) have been scanned Scan process 'ICO.EXE' - '17' Module(s) have been scanned Scan process 'hkcmd.exe' - '29' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'WMPNetwk.exe' - '53' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'spoolsv.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '173' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '35' Module(s) have been scanned Scan process 'winlogon.exe' - '76' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '392' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\Administrator\Desktop\BSINSTALLNL.exe [DETECTION] Contains virus patterns of Adware ADWARE/WhenU.A.54 C:\Documents and Settings\Administrator\My Documents\Mijn ontvangen bestanden\BSINSTALLNL.exe [DETECTION] Contains recognition pattern of the DR/SaveNow.BO.219 dropper C:\Documents and Settings\Administrator\My Documents\Mijn ontvangen bestanden\WinAVI Video Converter 7.1 and crack plus codecs.rar [0] Archive type: RAR [DETECTION] Is the TR/Agent.93184.M Trojan --> WinAVI_Video_Converter 7.1 and crack plus codecs\WinAVI_Video_Converter 7.1 and crack\keygen.exe [DETECTION] Is the TR/Agent.93184.M Trojan C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\defender.exe.vir [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan C:\System Volume Information\_restore{A747292F-A55F-4370-8347-48474412C30C}\RP13\A0002406.exe [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan Beginning disinfection: C:\System Volume Information\_restore{A747292F-A55F-4370-8347-48474412C30C}\RP13\A0002406.exe [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to the quarantine directory under the name '47a8b8f8.qua'. C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\defender.exe.vir [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan [NOTE] The file was moved to the quarantine directory under the name '5f759796.qua'. C:\Documents and Settings\Administrator\My Documents\Mijn ontvangen bestanden\WinAVI Video Converter 7.1 and crack plus codecs.rar [DETECTION] Is the TR/Agent.93184.M Trojan [NOTE] The file was moved to the quarantine directory under the name '0d22cd73.qua'. C:\Documents and Settings\Administrator\My Documents\Mijn ontvangen bestanden\BSINSTALLNL.exe [DETECTION] Contains recognition pattern of the DR/SaveNow.BO.219 dropper [NOTE] The file was moved to the quarantine directory under the name '6b708280.qua'. C:\Documents and Settings\Administrator\Desktop\BSINSTALLNL.exe [DETECTION] Contains virus patterns of Adware ADWARE/WhenU.A.54 [NOTE] The file was moved to the quarantine directory under the name '2ef4afba.qua'. End of the scan: zondag 14 november 2010 00:16 Used time: 1:36:58 Hour(s) The scan has been done completely. 4868 Scanned directories 221605 Files were scanned 5 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 5 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 221600 Files not concerned 1607 Archives were scanned 0 Warnings 5 Notes 372230 Objects were scanned with rootkit scan 3 Hidden objects were found
  4. PCdwaas
    Hallo, Het is eindelijk gelukt. Hier is het logtext van combofix ComboFix 10-11-12.01 - Administrator 24/09/2002 13:28:20.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1033.18.254.82 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\defender.exe c:\documents and settings\Administrator\Application Data\ezpinst.exe c:\documents and settings\Administrator\Application Data\pcouffin.sys c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system\vdremote.dll c:\windows\system\vdsvrlnk.dll c:\windows\system\winspool.drv c:\windows\system32\~.inf c:\windows\system32\e1000msg.dll ----- BITS: Mogelijk geïnfecteerde sites ----- hxxp://au.download.winj+|Cv+@J:NGD_DQ{zcxLJS@ Besmet exemplaar van c:\windows\system32\msgsvc.dll werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\msgsvc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSTEM -------\Service_system (((((((((((((((((((( Bestanden Gemaakt van 2002-08-24 to 2002-09-24 )))))))))))))))))))))))))))))) . 2010-11-04 21:04 . 2010-11-04 21:04 -------- d-----w- C:\82805a918b210130a889bf 2009-08-18 15:21 . 2009-08-18 15:21 -------- d-----w- C:\Download 2009-08-18 15:21 . 2009-08-18 15:24 -------- d-----w- C:\tmpDownload 2009-07-08 14:18 . 2009-07-08 14:20 -------- d-----w- C:\02c8659a6b835a0c4a72fa 2008-05-15 12:28 . 2008-05-15 12:28 -------- d-----w- C:\videooutput 2007-01-06 16:05 . 2009-08-18 15:20 -------- d-----w- C:\My Downloads 2006-07-11 20:06 . 2006-07-11 20:06 -------- d-----w- C:\adobe audition map 2006-07-09 19:10 . 2006-07-10 21:04 -------- d-----w- C:\Temp 2006-03-09 18:50 . 2006-03-09 18:50 -------- d-----r- C:\MSOCache . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-14 14:31 . 2005-12-05 14:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll 2008-04-14 00:12 . 2005-12-05 14:01 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe 2008-04-14 00:12 . 2005-12-05 14:01 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe 2008-04-14 00:12 . 2005-12-05 14:01 769024 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe 2008-04-14 00:12 . 2005-12-05 14:01 18432 ----a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe 2008-04-14 00:12 . 2005-12-05 14:01 726078 ----a-w- c:\windows\srchasst\srchui.dll 2008-04-14 00:12 . 2004-08-04 12:00 33280 ----a-w- c:\windows\help\sstub.dll 2008-04-14 00:12 . 2004-08-04 12:00 279040 ----a-w- c:\windows\help\tshoot.dll 2008-04-14 00:12 . 2005-12-05 14:01 58434 ----a-w- c:\windows\srchasst\srchctls.dll 2008-04-14 00:12 . 2004-08-04 12:00 34816 ----a-w- c:\windows\help\sniffpol.dll 2008-04-14 00:12 . 2005-12-05 14:01 38400 ----a-w- c:\windows\pchealth\helpctr\binaries\pchsvc.dll 2008-04-14 00:12 . 2005-12-05 14:01 102912 ----a-w- c:\windows\pchealth\helpctr\binaries\pchshell.dll 2008-04-14 00:11 . 2005-12-05 14:01 3166208 ----a-w- c:\windows\srchasst\msgr3en.dll 2008-04-14 00:11 . 2005-12-05 14:01 376832 ----a-w- c:\windows\pchealth\helpctr\binaries\msinfo.dll 2008-04-14 00:11 . 2007-04-06 20:24 39424 ----a-w- c:\windows\apppatch\acadproc.dll 2008-04-14 00:11 . 2004-08-04 12:00 245248 ----a-w- c:\windows\apppatch\acspecfc.dll 2008-04-14 00:11 . 2004-08-04 12:00 1852928 ----a-w- c:\windows\apppatch\acgenral.dll 2008-04-14 00:11 . 2004-08-04 12:00 141312 ----a-w- c:\windows\apppatch\aclua.dll 2008-04-14 00:11 . 2004-08-04 12:00 116224 ----a-w- c:\windows\apppatch\acxtrnal.dll 2008-04-13 18:45 . 2001-08-17 14:03 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys 2008-04-13 18:45 . 2001-08-17 14:03 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys 2004-08-04 12:00 . 2005-12-05 14:01 99840 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe 2004-08-04 12:00 . 2005-12-05 14:01 6656 ----a-w- c:\windows\pchealth\helpctr\binaries\HCAppRes.dll 2004-08-04 12:00 . 2005-12-05 14:01 35328 ----a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe 2004-08-04 12:00 . 2005-12-05 14:01 21504 ----a-w- c:\windows\pchealth\helpctr\binaries\brpinfo.dll 2004-08-04 12:00 . 2004-08-04 12:00 3374640 ----a-w- c:\windows\help\Tours\mmTour\tour.exe 2004-08-04 12:00 . 2004-08-04 12:00 152576 ----a-w- c:\windows\help\bnts.dll 2004-08-04 12:00 . 2001-08-17 22:37 77891 ----a-w- c:\windows\system32\usrmlnka.exe 2004-08-04 12:00 . 2001-08-17 22:37 69700 ----a-w- c:\windows\system32\usrshuta.exe 2004-08-04 12:00 . 2001-08-17 22:37 61508 ----a-w- c:\windows\system32\usrprbda.exe 2004-08-04 12:00 . 2001-08-17 22:36 55296 ----a-w- c:\windows\system32\dvdplay.exe 2004-08-04 12:00 . 2001-08-17 22:36 3200 ----a-w- c:\windows\system32\wowfax.dll 2004-08-04 12:00 . 2001-08-17 22:36 13824 ----a-w- c:\windows\system32\wowfaxui.dll 2004-08-04 12:00 . 2001-08-17 22:36 86073 ----a-w- c:\windows\system32\usrfaxa.dll 2004-08-04 12:00 . 2001-08-17 22:36 77890 ----a-w- c:\windows\system32\usrdpa.dll 2004-08-04 12:00 . 2001-08-17 22:36 77883 ----a-w- c:\windows\system32\usrrtosa.dll 2004-08-04 12:00 . 2001-08-17 22:36 69699 ----a-w- c:\windows\system32\usrcoina.dll 2004-08-04 12:00 . 2001-08-17 22:36 61500 ----a-w- c:\windows\system32\usrcntra.dll 2004-08-04 12:00 . 2001-08-17 22:36 53305 ----a-w- c:\windows\system32\usrlbva.dll 2004-08-04 12:00 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrvpa.dll 2004-08-04 12:00 . 2001-08-17 22:36 49211 ----a-w- c:\windows\system32\usrsdpia.dll 2004-08-04 12:00 . 2001-08-17 22:36 49209 ----a-w- c:\windows\system32\usrv80a.dll 2004-08-04 12:00 . 2001-08-17 22:36 45116 ----a-w- c:\windows\system32\usrvoica.dll 2004-08-04 12:00 . 2001-08-17 22:36 41019 ----a-w- c:\windows\system32\usrsvpia.dll 2004-08-04 12:00 . 2001-08-17 22:36 323641 ----a-w- c:\windows\system32\usrdtea.dll 2004-08-04 12:00 . 2001-08-17 22:36 102457 ----a-w- c:\windows\system32\usrv42a.dll 2004-08-04 12:00 . 2001-08-17 22:36 8192 ----a-w- c:\windows\system32\streamci.dll 2004-08-04 12:00 . 2001-08-17 22:36 72192 ----a-w- c:\windows\system32\sprio800.dll 2004-08-04 12:00 . 2001-08-17 22:36 70656 ----a-w- c:\windows\system32\sprio600.dll 2004-08-04 12:00 . 2001-08-17 22:36 69632 ----a-w- c:\windows\system32\spnike.dll 2004-08-04 12:00 . 2001-08-17 22:36 157696 ----a-w- c:\windows\system32\paqsp.dll 2004-08-04 12:00 . 2001-08-17 22:36 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll 2004-08-04 12:00 . 2001-08-17 14:06 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys 2004-08-04 12:00 . 2001-08-17 14:02 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys 2004-08-04 12:00 . 2001-08-17 14:02 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys 2004-08-04 12:00 . 2001-08-17 14:01 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys 2004-08-04 12:00 . 2001-08-17 13:57 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys 2004-08-04 12:00 . 2001-08-17 13:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys 2004-08-04 12:00 . 2001-08-17 13:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2004-08-04 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys 2004-08-04 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys 2004-08-04 12:00 . 2001-08-17 13:24 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys 2004-08-04 12:00 . 2001-08-17 13:24 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys 2002-08-21 04:13 . 2002-08-21 04:13 189952 ----a-w- c:\windows\system32\WISPTIS.EXE 2002-08-21 04:10 . 2002-08-21 04:10 204800 ----a-w- c:\windows\system32\INKED.DLL . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976] "Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "MFARestart"="c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" [2010-09-24 237408] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= . Inhoud van de 'Gedeelde Taken' map 2010-08-02 c:\windows\Tasks\expressripShakeIcon.job - c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-07-30 12:22] 2002-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:24] 2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 19:24] 2002-09-24 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] 2010-07-30 c:\windows\Tasks\switchSevenDays.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-07-30 12:24] 2010-08-02 c:\windows\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-07-30 12:24] 2010-07-30 c:\windows\Tasks\wavepadSevenDays.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-07-30 12:24] 2010-08-02 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-07-30 12:24] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = <local>;localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-Spyware Protection - c:\documents and settings\Administrator\Application Data\defender.exe HKLM-Run-WinDefender - c:\documents and settings\Administrator\Application Data\defender.exe Notify-avgrsstarter - avgrsstx.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2002-09-25 00:02 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1993962763-602609370-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,e9,22,66,b9,53,44,48,8c,69,f6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,7f,cb,a3,aa,75,b3,46,95,b4,ea,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,02,ed,9c,0f,f1,16,48,af,0d,26,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3476) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe c:\windows\system32\ICO.EXE c:\windows\system32\FSRremoS.EXE . ************************************************************************** . Voltooingstijd: 2002-09-25 00:12:59 - machine werd herstart ComboFix-quarantined-files.txt 2002-09-24 22:12 Pre-Run: 3.943.305.216 bytes free Post-Run: 4.005.179.392 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 459C1ECB3FF6D536215B4E5344F13247
  5. PCdwaas
    Kheb avg removal tool gebruikt. Ik kreeg bij het opstarten volgende melding Windows cannot find C:\DOCUME~1\Admini~1\Locals~1\Temp\7zS8.tmp\avgremovery.exe' . Make sure you typed the name correctly and then try again. To search fore a file ... ---------- Post toegevoegd om 16:19 ---------- Vorige post was om 16:18 ---------- Aangezien windows automatisch afsloot en opstarte zit ik weer met die worm. Moet ik hem eerst verwijderen in safe mode of hoeft dat niet? ---------- Post toegevoegd om 16:21 ---------- Vorige post was om 16:19 ---------- Wss wel anders kan ik combofix niet opstarten of toch proberen met op te starten. ---------- Post toegevoegd om 16:22 ---------- Vorige post was om 16:21 ---------- Kga eerst in veilige mode en findykill zijn werk laten doen.
  6. PCdwaas
    Nee dat gaat niet, als ik ok duw sluit combofix af.
  7. PCdwaas
    Hallo Kape, Ik heb avg eraf gekregen, maar krijg nog steeds volgende melding, Combofix cannot run when avg is installed This is due to avg's targeting of combofix's files/processes It would be dangerous to continue please uninstall avg or use another tool Ik heb avg verwijdert zoals op het vorige bericht beschreven. Ik heb de computer afgesloten en terug opgestart. De worm was er dan terug. terug opgestart in veilige modus en Findykill gebruikt. Terug gewoon opgestart en Combofix geprobeerd, maar kreeg de melding zoals hierboven vermeld. Mss kan je mij nog eens helpen? alvast bedankt
  8. PCdwaas
    Hallo Kape, Ik heb combofix geprobeerd, maar dat lukte niet door avg. Ik heb avg uitgeschakeld maar dat lukt ook niet. Daarna heb ik avg proberen te verwijderen maar dat lukt ook niet. kheb al wat gegoogled en programma's gedownload om avg te verwijderen maar het lukt me niet. Ik krijg de volgende melding Fout: Actie is mislukt voor registersleutel HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: registersleutel maken…. Toegang geweigerd. Is mij dat een ramp als ge der niets van kent
  9. PCdwaas
    Hallo Kape, Ik heb een beetje te vroeg victorie gekraaid denk ik. Vandaag starte ik mijn computer op en de worm was er terug. Ik ben dan in veilige modus opgestart en findykill zijn werk laten doen. Na stap 2 bij Findykill kon ik terug gewoon opstarten en leek er terug niets aan de hand, behalve dat mijn avg niet automatisch ging na het opstarten. Ik heb avg verwijderd en opnieuw geïnstalleerd, maar om de download te voltooien moet de computer terug opgestart worden. Toen ik dat deed was de worm er terug. Voor de rest had ik alle stappen ondernomen die u me vermeld had. Hiermee vraag ik nogmaals hulp...
  10. PCdwaas
    Dat ziet er dik in orde uit Kape. Hartelijk dank voor uw hulp. Voor iemand die er niets van kent zijn zulke dingen een ramp. Gelukkig zijn er mensen die er wel wat van kennen . Ik denk dat alles in orde is of moet ik nog iets doen? Ik laat mijn computer nog eens scannen met ad-aware, ccleaner en avg. Ik weet niet of avg een goede virusscanner is. Mijn computer vertraagt er wel door denk ik. Zijn er betere gratis virusscanners? Of mag jij je daar niet over uitspreken? Nogmaals bedankt en hopelijk heb ik je hulp nooit meer nodig.
  11. PCdwaas
    Het is findykill geworden. Hijackthis lukte niet. ----------------- FindyKill V4.005 ------------------ * User : david - PRIVATE-E727259 * Emplacement : C:\Program Files\FindyKill * Outils Mis a jours le 17/10/08 par Chiquitine29 * Recherche effectuée à 15:35:03 le di 24/09/2002 * Windows XP - Internet Explorer 8.0.6001.18702 ((((((((((((((((( *** Recherche *** )))))))))))))))))) --------------- [ Processus actifs ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FreeFixer\freefixer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe --------------- [ Fichiers/Dossiers infectieux ] ---------------- »»»» Presence des fichiers dans C: »»»» Presence des fichiers dans C:\WINDOWS »»»» Presence des fichiers dans C:\WINDOWS\Prefetch Present ! - C:\WINDOWS\Prefetch\XP_BLASTERPATCH_NLD[1].EXE-25B991A1.pf »»»» Presence des fichiers dans C:\WINDOWS\system32 »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers »»»» Presence des fichiers dans C:\Documents and Settings\david\Application Data »»»» Presence des fichiers dans C:\DOCUME~1\david\LOCALS~1\Temp --------------- [ Registre / Startup ] ---------------- ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe Mouse Suite 98 Daemon REG_SZ ICO.EXE NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" AVG9_TRAY REG_SZ C:\PROGRA~1\AVG\AVG9\avgtray.exe WinDefender REG_SZ C:\Documents and Settings\Administrator\Application Data\defender.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background --------------- [ Registre / Clés infectieuses ] ---------------- --------------- [ Etat / Services ] ---------------- +- Services : [ Auto=2 Demande=3 Désactivé=4 ] Ndisuio - Type de démarrage = 3 EapHost - Type de démarrage = 3 Ip6Fw - Type de démarrage = 3 SharedAccess - Type de démarrage = 2 wuauserv - Type de démarrage = 2 wscsvc - Type de démarrage = 2 --------------- [ Recherche dans supports amovibles] ---------------- +- Informations : C: - Fixed Drive +- presence des fichiers : --------------- [ Registre / Moutpoint2 ] ---------------- -> Recherche négative. ------------------- ! Fin du rapport ! --------------------
  12. PCdwaas
    Hallo, Alvast bedankt om te reageren. Ik kan opstarten in veilige modus. Kheb nu het probleem dat ik Hijackthis niet kan downloaden. Ik krijg de volgende melding : The system administrator has set policies to prevent this installation. Sommige programma's kan ik downloaden , andere niet. Kheb al een paar tooltjes geprobeerd om de worm te verwijderen (zoals symantec) maar ze vinden hem niet. Ik heb ook al geprobeerd te policies te enabelen maar dat lukt me ook niet. Na een uur of 5 prutsen is het terug tijd om hulp te vragen denk ik. Hopelijk kan je mij helpen. Sommige internetpagina's sluit hij ook af in veillige modus. Alvast bedankt voor de hulp.
  13. PCdwaas
    Hallo, kzit met het volgende probleem. Ik ben de gelukkige eigenaar van w32 blaster worm. Ik kan geen antivirus,email of andere programma's openen of downloaden. Wanneer ik bv een tooltje probeer te downloaden om de worm te verwijderen krijg ik de volgende vermelding: naam.exe cannot start naam.exe is infected by W32/blaster worm Please activate Spyware Protection to protect your computer Het enige wat ik ken opstarten is mijn internet. Kan iemand mij aub helpen om die worm eraf te krijgen? Mijn PCkennis is heel klein. Alvast bedankt
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.