Ga naar inhoud

trojaans paard


dgpatje

Aanbevolen berichten

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\nrcpactnpevim.exe

Folder::

c:\documents and settings\Patrick\Application Data\Sky-Banners

c:\program files\$NtUninstallWTF1012$

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Alles gedaan zoals je gevraagd had. Alleen is er niet gevraagd geweest om de computer terug op te starten, dus heb ik dat ook niet gedaan.

Het logje startte automatisch op, dus hier volgt het :

ComboFix 10-06-09.04 - Patrick 10/06/2010 20:45:32.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1023.480 [GMT 2:00]

Gestart vanuit: d:\mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: d:\mijn documenten\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\system32\nrcpactnpevim.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Patrick\Application Data\Sky-Banners

c:\documents and settings\Patrick\Application Data\Sky-Banners\skb\log.xml

c:\program files\$NtUninstallWTF1012$

c:\program files\$NtUninstallWTF1012$\elUninstall.exe

c:\windows\system32\nrcpactnpevim.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-10 to 2010-06-10 ))))))))))))))))))))))))))))))

.

2010-06-10 11:04 . 2010-06-10 11:04 503808 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\msvcp71.dll

2010-06-10 11:04 . 2010-06-10 11:04 499712 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\jmc.dll

2010-06-10 11:04 . 2010-06-10 11:04 348160 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\msvcr71.dll

2010-06-09 17:14 . 2010-06-09 17:14 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-09 12:45 . 2010-06-10 18:43 -------- d--h--r- c:\documents and settings\Patrick\Onlangs geopend

2010-06-03 17:21 . 2010-06-03 17:21 -------- d-----w- c:\program files\CCleaner

2010-06-03 16:32 . 2010-06-03 16:32 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-02 17:42 . 2010-06-02 17:42 -------- d-----w- c:\documents and settings\Patrick\Application Data\Malwarebytes

2010-06-02 17:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-02 17:41 . 2010-06-02 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-02 17:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-02 17:41 . 2010-06-02 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-02 15:46 . 2010-06-02 15:46 -------- d-----w- c:\program files\Trend Micro

2010-05-31 16:22 . 2010-05-31 16:22 -------- d--h--w- c:\documents and settings\Administrator\Onlangs geopend

2010-05-31 16:22 . 2010-05-31 16:22 -------- d--h--w- c:\documents and settings\Administrator\Netwerkprinteromgeving

2010-05-31 16:22 . 2010-05-31 16:22 -------- d-----w- c:\documents and settings\Administrator\Mijn documenten

2010-05-31 16:22 . 2010-05-31 16:22 -------- d-----w- c:\documents and settings\Administrator\Favorieten

2010-05-31 16:22 . 2010-05-31 16:22 -------- d-----w- c:\documents and settings\Administrator\Bureaublad

2010-05-31 16:22 . 2010-05-31 16:22 -------- d-----r- c:\documents and settings\Administrator\Menu Start

2010-05-30 17:00 . 2010-05-31 16:21 -------- d--h--w- c:\documents and settings\Administrator\Sjablonen

2010-05-30 17:00 . 2010-05-31 16:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

2010-05-30 17:00 . 2010-06-03 16:32 -------- d-----w- c:\documents and settings\Administrator

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-10 09:54 . 2009-11-24 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-06-03 07:48 . 2009-05-18 19:26 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 07:48 . 2009-05-18 19:26 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-28 11:04 . 2001-09-07 12:00 91688 ----a-w- c:\windows\system32\perfc013.dat

2010-03-28 11:04 . 2001-09-07 12:00 511526 ----a-w- c:\windows\system32\perfh013.dat

2010-03-23 14:53 . 2009-05-18 19:30 73936 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-17 08:21 . 2010-03-17 08:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-17 08:20 . 2009-05-18 19:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]

"nwiz"="nwiz.exe" [2007-04-12 1626112]

"SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896]

"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]

"WinSys2"="c:\windows\system32\winsys2.exe" [2006-12-15 217088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-19 68592]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-9-3 176128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 688128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/05/2009 21:26 216200]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/05/2009 21:26 242896]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17/03/2010 10:20 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 10:20 308064]

R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 10:26 508288]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/02/2010 16:50 135664]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2010-06-10 c:\windows\Tasks\1-klik Onderhoud.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-03 15:48]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 14:50]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 14:50]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.msn.be/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

Trusted Zone: dexia.be\directnet

DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-$NtUninstallWTF1012$ - c:\program files\$NtUninstallWTF1012$\elUninstall.exe

AddRemove-nrcpactnpevim - c:\windows\system32\nrcpactnpevim.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-10 20:48

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2010-06-10 20:48:54

ComboFix-quarantined-files.txt 2010-06-10 18:48

ComboFix2.txt 2010-06-10 18:06

Pre-Run: 90.723.213.312 bytes beschikbaar

Post-Run: 90.721.329.152 bytes beschikbaar

- - End Of File - - 56B1C8C713C2D949420EF896AD85C12B

En ook nog het logje van HijackThis :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:54:19, on 10/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2.be/mailconfig/config/bin/AccountHelper.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 9268 bytes

Link naar reactie
Delen op andere sites

Nu zijn we er helemaal :-)

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Link naar reactie
Delen op andere sites

Alles loopt op het eerste zicht terug normaal. :-)

Alvast bedankt voor de weer uitstekende hulp.

Nog een laatste vraagje : vorige keer moesten we ook het programma HijackThis verwijderen, moest dit nu ook of mag dit toch blijven staan voor eventueel een volgende keer?

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.