Kan Lokaal station C: niet meer openen. Virus actief

[lopkjel90]

Hallo,

Ik heb een vraag. De afgelopen tijd heb ik ineens last van een virus/spyware of iets dergelijks. Ik heb mijn avg antivirus laten draaien, verder heb ik het programma malwarebytes anti-malware laten draaien.

Ik krijg het virus er met geen mogelijkheid af. Ik hoop daarom ook dat iemand mij verder kan helpen.

Het probleem concreet: Malwarebytes blokkeert continue dezelfde ip adressen wat waarschijnlijk het virus is? 91.207.5.254 en 89.149.241.206

Verder kan ik ik niet in mijn lokaal station (c:) komen. Er wordt dan gevraagd met welk programma ik het bestand wil openen.

Ik heb een hijachthis log gemaakt die ik hieronder in het volgende bericht zal plaatsen. En verder heb ik er het de logfile bijgedaan van mijn laatste scan van Malwarebytes. Deze zal ik daar ook bij plaatsen.

Hopelijk kunnen jullie mij verder helpen.

alvast bedankt,

Martijn

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:29:44, on 4-7-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Parental Control\bin\pcontrol.exe

C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\PersistenceThread.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Parental Control] "C:\Program Files\Parental Control\bin\pcontrol.exe" --start

O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto

O4 - HKLM\..\Run: [EasyMode] "%ProgramFiles%\\ASUS\\Easy Mode\\Easy Mode.exe" --limitedUserImportRegister

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

O4 - HKCU\..\Run: [sRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-21-1237872269-3069003418-4003544512-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: SuperHybridEngine.lnk = ?

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O20 - Winlogon Notify: igdlogin - igdlogin.dll (file missing)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: privoxy - The Privoxy team - Privoxy - Home Page - C:\Program Files\Privoxy\privoxy.exe

O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe

--

End of file - 11343 bytes

---------- Post toegevoegd om 14:40 ---------- Vorige post was om 14:39 ----------

Dit is het logbestand van malwarebytes.

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4266

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

2-7-2010 13:24:05

mbam-log-2010-07-02 (13-24-05).txt

Scantype: Volledige scan (C:\|)

Objecten gescand: 191977

Verstreken tijd: 1 uur/uren, 39 minuut/minuten, 33 seconde(n)

Geheugenprocessen geïnfecteerd: 3

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 7

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 25

Geheugenprocessen geïnfecteerd:

C:\WINDOWS\Temp\wpv161277975926.exe (Trojan.Dropper) -> Failed to unload process.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\2633.exe (Packed.Krap) -> Failed to unload process.

C:\WINDOWS\Temp\wpv691277976203.exe (Trojan.Dropper) -> Failed to unload process.

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft® system manager (Packed.Krap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dso32 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\WINDOWS\Temp\wpv161277975926.exe (Trojan.Dropper) -> Delete on reboot.

C:\WINDOWS\explorer.exe:userini.exe (Trojan.Dropper) -> Delete on reboot.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\2633.exe (Packed.Krap) -> Delete on reboot.

C:\WINDOWS\Temp\wpv691277976203.exe (Trojan.Dropper) -> Delete on reboot.

C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\219d1d.exe (Packed.Krap) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\6565867.exe (Packed.Krap) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\684329.exe (Packed.Krap) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\690.exe (Packed.Krap) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM11.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM1A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temp\~TM9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temporary Internet Files\Content.IE5\ESTRTIJ2\update[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Local Settings\Temporary Internet Files\Content.IE5\ESTRTIJ2\default[1].exe (Packed.Krap) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{47B113EA-49A6-41C5-998C-6CE5321200C1}\RP135\A0042069.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{47B113EA-49A6-41C5-998C-6CE5321200C1}\RP135\A0042079.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{47B113EA-49A6-41C5-998C-6CE5321200C1}\RP135\A0042080.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\wpv001277975441.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\wpv311277560280.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\wpv481277975692.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msvcrt2.dll (Malware.Traces) -> Quarantined and deleted successfully.

C:\Documents and Settings\Martijn Fransen\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

[kape]

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O20 - Winlogon Notify: igdlogin - igdlogin.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

[*]Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

[*]Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

[*]ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware

[*]Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.

NOTE: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[lopkjel90]

heej Kape,

thanks voor je reactie, ik heb net ergens anders hier ook al een zelfde soort probleem gelezen met de oplossing ervan. ook dmv combofix.

dit heb ik uitgevoerd en momenteel doet hij het weer.

Ik heb net nog een Hijack uitgevoerd. Deze zal ik hier plaatsen. Maar kun jij zien of er nog iets in zit wat er niet hoort?

alvast bedankt..

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:57:34, on 4-7-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\PersistenceThread.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Parental Control] "C:\Program Files\Parental Control\bin\pcontrol.exe" --start

O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto

O4 - HKLM\..\Run: [EasyMode] "%ProgramFiles%\\ASUS\\Easy Mode\\Easy Mode.exe" --limitedUserImportRegister

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

O4 - HKCU\..\Run: [sRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-21-1237872269-3069003418-4003544512-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-21-1237872269-3069003418-4003544512-500\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (User 'Administrator')

O4 - HKUS\S-1-5-21-1237872269-3069003418-4003544512-500\..\Run: [sRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: SuperHybridEngine.lnk = ?

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: privoxy - The Privoxy team - www.privoxy.org - C:\Program Files\Privoxy\privoxy.exe

O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe

--

End of file - 10689 bytes

4 juli 2010 aangepast door lopkjel90

[kape]

Dit is OK ... maar mag ik ook je logje van Combofix even zien. Mogelijk zijn er toch nog wat zaken te verwijderen, ondanks het feit dat je probleem zichtbaar opgelost is.

[lopkjel90]

Hier het logje van combofix:

ComboFix 10-07-03.06 - Martijn Fransen 04-07-2010 21:17:21.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.229 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Martijn Fransen\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Martijn Fransen\Bureaublad\CFScript.txt

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\system32\ConTest.dll"

"c:\windows\system32\drivers\gaopdxserv.sys"

"c:\windows\system32\SysRestore.dll"

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-04 to 2010-07-04 ))))))))))))))))))))))))))))))

.

2010-07-04 17:32 . 2010-07-04 17:32 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\URSoft

2010-07-04 17:31 . 2010-07-04 17:31 -------- d-----w- c:\program files\Your Uninstaller 2010

2010-07-04 16:06 . 2008-04-15 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe

2010-07-04 16:06 . 2008-04-15 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe

2010-07-04 14:24 . 2010-07-04 14:24 388096 ----a-r- c:\documents and settings\Martijn Fransen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-07-04 14:24 . 2010-07-04 14:24 -------- d-----w- c:\program files\Trend Micro

2010-07-02 23:05 . 2010-07-04 18:26 -------- d-----w- c:\program files\Common Files\PC Tools

2010-07-02 22:23 . 2010-07-02 22:23 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\Uniblue

2010-06-30 20:36 . 2010-06-30 21:20 -------- d-----w- c:\documents and settings\Martijn Fransen\.jenny

2010-06-30 11:05 . 2010-06-30 11:05 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\cache

2010-06-30 11:04 . 2010-06-30 11:57 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\FullTiltPoker

2010-06-30 11:03 . 2010-06-30 11:57 -------- d-----w- c:\program files\Full Tilt Poker

2010-06-29 00:25 . 2010-06-29 00:25 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\Deployment

2010-06-26 22:03 . 2010-06-26 22:03 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\PCHealth

2010-06-23 10:49 . 2010-07-04 19:14 -------- d--h--r- c:\documents and settings\Martijn Fransen\Onlangs geopend

2010-06-23 08:53 . 2010-06-23 08:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-23 08:24 . 2010-06-23 08:24 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-06-23 08:21 . 2010-06-23 08:21 -------- d-----w- c:\program files\CCleaner

2010-06-23 08:06 . 2010-06-23 08:06 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\WinPatrol

2010-06-23 08:06 . 2009-06-15 14:58 0 ----a-w- c:\documents and settings\Martijn Fransen\Application Data\WinPatrol\Config.sys

2010-06-23 08:06 . 2009-06-15 14:58 0 ----a-w- c:\documents and settings\Martijn Fransen\Application Data\WinPatrol\Autoexec.bat

2010-06-23 08:05 . 2010-06-23 10:58 -------- d-----w- c:\program files\Unlocker

2010-06-22 06:57 . 2010-06-22 06:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-06-05 10:18 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-04 21:51 . 2010-06-04 21:51 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\Apple Computer

2010-06-04 21:48 . 2010-06-04 21:48 -------- d-----w- c:\program files\QuickTime

2010-06-04 21:47 . 2010-06-04 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-04 21:46 . 2010-06-04 21:46 -------- d-----w- c:\program files\Common Files\Apple

2010-06-04 21:45 . 2010-06-04 21:45 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\Apple

2010-06-04 21:45 . 2010-06-04 21:45 -------- d-----w- c:\program files\Apple Software Update

2010-06-04 21:45 . 2010-06-04 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-06-04 21:45 . 2010-06-04 21:45 -------- d-----w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\Apple Computer

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-04 18:37 . 2010-04-08 10:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-04 18:31 . 2009-06-15 16:40 87646 ----a-w- c:\windows\system32\perfc013.dat

2010-07-04 18:31 . 2009-06-15 16:40 502700 ----a-w- c:\windows\system32\perfh013.dat

2010-07-04 17:38 . 2009-12-22 17:46 0 ----a-w- c:\documents and settings\Martijn Fransen\Local Settings\Application Data\prvlcl.dat

2010-07-02 11:29 . 2009-06-15 16:40 1037312 ----a-w- c:\windows\explorer.exe

2010-06-23 08:32 . 2009-06-16 08:55 -------- d-----w- c:\program files\Windows Live

2010-06-22 06:57 . 2009-12-09 11:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-22 06:56 . 2009-12-09 11:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-12 08:59 . 2009-06-16 08:46 -------- d-----w- c:\program files\ASUS

2010-06-09 13:48 . 2009-06-16 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-06-05 10:17 . 2009-12-20 18:26 -------- d-----w- c:\program files\Java

2010-06-05 09:27 . 2010-02-15 11:14 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-04 08:53 . 2009-06-16 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-06-03 11:18 . 2010-06-02 22:15 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\Skype

2010-06-03 10:10 . 2010-06-02 22:17 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\skypePM

2010-06-02 22:17 . 2010-06-02 22:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-06-01 19:30 . 2010-06-01 19:30 -------- d-----w- c:\program files\Enigma Software Group

2010-06-01 19:29 . 2010-06-01 19:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-05-31 19:06 . 2009-12-09 11:40 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-31 19:06 . 2009-12-09 11:40 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-05-31 18:09 . 2009-12-09 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-05-31 10:22 . 2010-05-29 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-05-31 10:22 . 2010-05-29 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-31 10:21 . 2010-05-30 21:01 -------- d-----w- c:\program files\Trojan Remover

2010-05-31 10:20 . 2009-06-16 09:31 -------- d-----w- c:\program files\Privoxy

2010-05-30 21:01 . 2010-05-30 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2010-05-30 20:51 . 2010-05-30 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-05-13 11:15 . 2010-04-08 10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-12 18:01 . 2010-05-12 15:48 -------- d-----w- c:\program files\Hide Folders 2009

2010-05-12 18:00 . 2009-12-03 23:51 -------- d-----w- c:\documents and settings\Martijn Fransen\Application Data\ASUS

2010-05-12 17:50 . 2010-05-12 16:30 -------- d-----w- c:\program files\Lavasoft

2010-05-12 16:22 . 2010-05-12 15:46 269824 ----a-w- c:\windows\system32\supermenuhook.dll

2010-05-12 15:46 . 2010-05-12 15:46 -------- d-----w- c:\program files\SuperLogix

2010-05-12 15:09 . 2010-05-12 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-05-12 15:09 . 2010-05-12 15:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-05-11 14:28 . 2010-05-11 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-05-11 11:45 . 2010-05-11 11:45 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-05-04 17:21 . 2009-06-15 16:40 832512 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 17:21 . 2009-06-15 16:40 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-05-04 17:21 . 2009-06-15 16:40 17408 ----a-w- c:\windows\system32\corpol.dll

2010-05-02 08:10 . 2009-06-15 16:40 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 13:39 . 2010-04-08 10:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2010-04-08 10:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:35 . 2009-06-15 16:40 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-17 00:11 . 2010-04-17 00:11 307056 ----a-w- c:\windows\WLXPGSS.SCR

2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-07-04_16.10.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-04 18:26 . 2010-07-04 18:26 16384 c:\windows\Temp\Perflib_Perfdata_6ec.dat

+ 2009-06-15 16:40 . 2010-07-04 18:31 68804 c:\windows\system32\perfc009.dat

- 2009-06-15 16:40 . 2010-07-04 08:50 68804 c:\windows\system32\perfc009.dat

+ 2009-06-15 16:40 . 2010-07-04 18:31 435908 c:\windows\system32\perfh009.dat

- 2009-06-15 16:40 . 2010-07-04 08:50 435908 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]

@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"

[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]

2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]

@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"

[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]

2009-11-06 23:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-13 396800]

"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]

"Parental Control"="c:\program files\Parental Control\bin\pcontrol.exe" [2009-03-20 1104384]

"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]

"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-04 696320]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-14 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-14 354840]

"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-12-14 96792]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-16 376832]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-5 604776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-06-22 06:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]

2009-12-03 05:31 65536 ----a-w- c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9-12-2009 13:40 52872]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [1-6-2010 10:48 11448]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9-12-2009 13:40 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9-12-2009 13:40 243024]

R1 policyappblockservice;Parental Control Application Filter;c:\program files\Parental Control\bin\policyappblock.sys [2-2-2009 22:22 5120]

R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22-6-2010 8:56 921440]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22-6-2010 8:56 308136]

R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19-5-2009 18:29 107744]

R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [16-6-2009 10:05 583360]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29-4-2009 11:10 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8-4-2010 12:32 20952]

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [16-6-2009 11:38 233512]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21-4-2009 13:25 39040]

S1 SuperMounter;SuperMounter; [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8-4-2010 12:33 304464]

S2 privoxy;privoxy;c:\program files\Privoxy\privoxy.exe --service --> c:\program files\Privoxy\privoxy.exe --service [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16-6-2009 10:06 1684736]

S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3-7-2010 1:05 583640]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\documents and settings\Martijn Fransen\Application Data\Mozilla\Firefox\Profiles\am5w77vf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3048)

c:\program files\ASUS\Eee Storage\XPClient.dll

c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll

c:\program files\ASUS\Eee Storage\EcaremeDLL.dll

c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll

c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2010-07-04 21:38:57

ComboFix-quarantined-files.txt 2010-07-04 19:38

ComboFix2.txt 2010-07-04 18:46

ComboFix3.txt 2010-07-04 16:45

ComboFix4.txt 2010-07-04 16:17

Pre-Run: 69.522.042.880 bytes beschikbaar

Post-Run: 69.512.011.776 bytes beschikbaar

- - End Of File - - B595AB3A7F012A7785C7E45D55FF2A40

[kape]

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van bestandje en gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder manueel volgende vetgedrukte bestand :

c:\documents and settings\Martijn Fransen\Local Settings\Application Data\prvlcl.dat

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

[lopkjel90]

Okeee bedankt voor je hulp!

Heb nu alles uitgevoerd.

ik kom binnenkort nog wel een keer langs bij een ander onderwerp van mijn andere pc haha!

bedankt voor je goede hulp!

Martijn

[kape]

Graag gedaan