Marlboro

Woehoe na volledige scan met mcafee geen virus gevonden, bye bye virus! Hartstikke bedankt voor al jullie hulp, werkelijk waar fantastisch! map Qoobox staat er nog maar mijn pc functioneert weer normaal dus lijkt me geen probleem toch. Groetjes

Ok, doordat ik domweg die spatie was vergeten liep het allemaal stroef...maar het is nu gelukt! Daarnaast heb ik een mcafee cd van mn huisgenoot geleend en erop gezet. Er is ook weer internet:) Kan alleen nog steeds niet dat mapje C:\Qoobox verwijderen. Ik heb nog geen melding van McAfee gehad dat er een virus zit, is die dus weg? Er is weer licht in de tunnel Wat moet mijn volgende stap worden?

Okay manueel is die c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP verwijdert Via uitvoeren combofix/uninstall vindt hij niet en map C:\Qoobox kan hij niet helemaal verwijderen dus die is er nog voor een deel. CCleaner procedure heb ik uitgevoerd, maar heb nog steeds geen internet dus kan niet de AVG opnieuw installeren... Ziet er zeker niet best uit he? Thanks al jullie moeite

Sorry voor wellicht een simpele vraag, maar hoe verwijder ik manueel c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP? Lastig is dat ik nog steeds geen internet op mijn geinfecteerde computer heb na het verwijderen van AVG...

Nu ik AVG heb verwijderd heb ik geen verbinding meer met internet...ik typ nu dan ook via een andere computer. Ik heb wel een actieve verbinding nodig voor de combofix. Combofix is nu bezig naar het zoeken van besmette bestanden, maar kan dus niet windows recovery console halen van internet. Kan ik dat vanuit deze 'gezonde' computer downloaden en dan via een stick op de geïnfecteerde computer zetten? ---------- Post toegevoegd om 15:21 ---------- Vorige post was om 15:08 ---------- Log van mijn combofix na zoeken van besmette bestanden: ComboFix 10-11-30.08 - D.R. Sampimon 01-12-2010 15:05:00.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.270 [GMT 1:00] Gestart vanuit: c:\documents and settings\D.R. Sampimon\Mijn documenten\Downloads\ComboFix.exe FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66} WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documenten\Server\admin.txt Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\explorer.exe Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\winlogon.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))) . 2010-11-29 22:30 . 2010-11-29 22:30 -------- d-----w- c:\program files\Enigma Software Group 2010-11-29 22:29 . 2010-11-30 13:59 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP 2010-11-29 22:29 . 2010-11-29 22:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-11-29 21:09 . 2010-11-29 21:09 -------- d-----w- c:\documents and settings\D.R. Sampimon\Application Data\Malwarebytes 2010-11-29 21:08 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 21:08 . 2010-11-29 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-29 21:08 . 2010-12-01 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-29 21:08 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-29 20:29 . 2010-11-29 20:29 -------- d-----w- C:\$AVG 2010-11-02 22:34 . 2010-11-02 22:34 -------- d-----w- c:\documents and settings\D.R. Sampimon\Local Settings\Application Data\AVG Security Toolbar 2010-11-02 22:19 . 2010-11-02 22:19 -------- d-----w- c:\documents and settings\D.R. Sampimon\Application Data\AVG10 2010-11-02 22:05 . 2010-11-02 22:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-11-02 22:02 . 2010-12-01 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2010-11-02 22:00 . 2010-11-02 22:00 -------- d-----w- c:\program files\AVG 2010-11-02 21:48 . 2010-11-02 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2010-11-02 21:06 . 2010-11-02 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-11-02 21:06 . 2010-11-02 21:06 -------- d-----w- c:\documents and settings\D.R. Sampimon\Application Data\SUPERAntiSpyware.com 2010-11-02 21:05 . 2010-11-29 21:10 -------- d-----w- c:\program files\SUPERAntiSpyware . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-28 20:15 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-09-28 20:15 . 2003-03-18 21:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-09-18 10:23 . 2004-09-13 20:04 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-09-13 20:04 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-09-13 20:04 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-18 06:53 . 2004-09-13 20:04 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-10 05:52 . 2004-09-13 20:14 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:52 . 2004-09-13 20:04 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:52 . 2004-09-13 20:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-29 2424560] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816] "DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560] "nwiz"="nwiz.exe" [2003-10-06 741376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-28 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\RaUI.exe [2009-10-6 1630208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 19:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10-5-2010 19:41 67656] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [16-2-2010 21:02 11264] S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [12-1-2004 16:51 1252474] . Inhoud van de 'Gedeelde Taken' map 2010-11-29 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-12-01 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2010-12-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-448539723-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-448539723-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hotmail.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\D.R. Sampimon\Application Data\Mozilla\Firefox\Profiles\eavktxi2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/ FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\D.R. Sampimon\Application Data\Mozilla\Firefox\Profiles\eavktxi2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: TVU Web Player: firefox@tvunetworks.com - c:\documents and settings\D.R. Sampimon\Application Data\Mozilla\Firefox\Profiles\eavktxi2.default\extensions\firefox@tvunetworks.com . - - - - ORPHANS VERWIJDERD - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-12-01 15:12 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(780) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(3780) c:\windows\system32\webcheck.dll c:\program files\SUPERAntiSpyware\SASSEH.DLL c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Sitecom\Common\RegistryWriter.exe c:\windows\system32\wscntfy.exe c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Voltooingstijd: 2010-12-01 15:17:43 - machine werd herstart ComboFix-quarantined-files.txt 2010-12-01 14:17 Pre-Run: 35.903.586.304 bytes beschikbaar Post-Run: 36.006.998.016 bytes beschikbaar - - End Of File - - 2286A709F189AAD22AD56E5C86B24958

Ik heb via de security center van AVG zowel de avg tijdelijk uitgeschakeld als de firewall. Probeerde combofix te starten, maar die zegt: combofix cannot run when AVG is installed. It would be dangerous to continue. Please uninstall AVG. Moet ik dus AVG er af halen?

De 2de log van hijackThis na fix checked: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:45:32, on 30-11-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG10\avgfws.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sitecom\Common\RegistryWriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgam.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Sitecom\Common\RaUI.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mysteryville%202/Images/stg_drm.ocx O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225074486500 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mysteryville%202/Images/armhelper.ocx O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe -- End of file - 7887 bytes De log van malwarebytes na een snelle scan (of moest ik een volledige scan doen?): Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 5214 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30-11-2010 17:55:27 mbam-log-2010-11-30 (17-55-27).txt Scantype: Snelle scan Objecten gescand: 139022 Verstreken tijd: 8 minuut/minuten, 11 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:43:44, on 30-11-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG10\avgfws.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sitecom\Common\RegistryWriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgchsvx.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\AVG\AVG10\avgam.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mysteryville%202/Images/stg_drm.ocx O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225074486500 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mysteryville%202/Images/armhelper.ocx O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: uysefb8732hrfuishdiugfuysf - {B1B220C1-A503-59BD-F413-03B53A2C8954} - C:\WINDOWS\system32\avfbwiphh4.dll (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe -- End of file - 8036 bytes thanks voor de snelle reactie!

Beste iedereen ik als computerleek heb hard hulp nodig. Probeerde gister barcelona madrid te kijken en klikte op een link via google en nu krijg ik de hele tijd een melding op mijn avg dat er dingen op de witte lijst zijn gezet. Detectie meervoudige bedreiging: win32/patched en telkens bij 2 bestanden: c:\windows\system32\winlogon.exe c:\windows\explorer.exe Ik heb al malwarebytes, superantispyware en avg gedraaid, maar het blijft maar constant komen. Ik las in een andere topic iets over combofix, maar ik krijg dan een melding dat het gevaarlijke software is, toch doorgeklikt en dan krijg ik een melding dat ik avg er vanaf moet halen. Deze stap heb ik nog niet durven doen, omdat mijn computer dan helemaal onbeschermd is toch en ik bang ben dat het virus zich dieper doordringt in mijn systeem... Kan ik er nog iets zelf aan doen, of moet ik de computer wegbrengen, wat natuurlijk zeer onhandig is. Alvast bedankt voor het meedenken en de eventuele tips groetjes