Ga naar inhoud

antiviri

UB40
 Delen

Aanbevolen berichten

UB40 Leerling

UB40

Geplaatst:
Geplaatst:

Hallo allemaal,

Mijn laptop heeft sinds vanavond last van 'antiviri' ofzoiets . Nu heb ik het inmiddels zover dat het programma niet meer opstart (gedaan via regedit).

Hier alvast het hijack this logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:15:59, on 13-7-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system\dwm.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\dpdnepdqa\gdbktnctssd.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\Services.exe

C:\Documents and Settings\Chris\Application Data\svhost.exe

C:\WINDOWS\regedit.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\HijackThis (1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\Application Data\svhost.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [Windows Service Host] C:\Documents and Settings\Administrator\Application Data\svhost.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Services] C:\WINDOWS\Services.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Service Host] C:\Documents and Settings\Chris\Application Data\svhost.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Windows Services] C:\WINDOWS\Services.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: IpSectPro service (darkness) - Unknown owner - C:\WINDOWS\system\dwm.exe

--

End of file - 4589 bytes

Alvast bedankt, Jordy

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop darkness

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete darkness

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\Application Data\svhost.exe

O4 - HKLM\..\Run: [Windows Service Host] C:\Documents and Settings\Administrator\Application Data\svhost.exe

O4 - HKLM\..\Run: [Windows Services] C:\WINDOWS\Services.exe

O4 - HKCU\..\Run: [Windows Service Host] C:\Documents and Settings\Chris\Application Data\svhost.exe

O4 - HKCU\..\Run: [Windows Services] C:\WINDOWS\Services.exe

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
UB40 Leerling

UB40

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4314

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

14-7-2010 23:16:46

mbam-log-2010-07-14 (23-16-46).txt

Scantype: Snelle scan

Objecten gescand: 133496

Verstreken tijd: 16 minuut/minuten, 30 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 5

Registerwaarden geïnfecteerd: 3

Registerdata geïnfecteerd: 1

Mappen geïnfecteerd: 1

Bestanden geïnfecteerd: 43

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft (Backdoor.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.

Registerdata geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\Documents and Settings\Chris\Application Data\svhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Application Data\svhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3905509622-6577247017-831297888-7973\mgrls32.exe (Worm.Autorun.B) -> Delete on reboot.

C:\WINDOWS\system32\drivers\ManyCamq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\114.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\2328142e.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\922.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\eiyskans.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\lurqjkle.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\mf9ipdd44.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\drleovjj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\wpjt0oof.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\xb5y8f33u.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\netgisg.exe (Backdoor.Votwup) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\qcqtps.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\awkvrft.exe (Backdoor.Votwup) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\bohvby.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\2600ddb4.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\2dfad96d.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\5cc798bf.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\64e94188.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\b1ad283f.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\DP8O4UUJ\wzdcjrp[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\DP8O4UUJ\rpldr32[1].exe (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\DP8O4UUJ\fwelcx[1].htm (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\DP8O4UUJ\hypwhc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\VGC0DEMF\yptozgozmu[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\VGC0DEMF\yptozgozmu[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\VGC0DEMF\gnemtrzxsn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\YYOT69NX\loaderadv600[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\YYOT69NX\rvqxfn[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\aspimgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\updata.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\785.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\Chris\Local Settings\Temp\_check32.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:28:15, on 14-7-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

E:\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\DOCUME~1\Chris\APPLIC~1\DivX\DRVMSU~1\msftldr.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

--

End of file - 4070 bytes

aangepast door UB40
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Oeps ... Malwarebytes heeft wel een berg rotzooi van de PC gehaald. Je zou misschien toch eens kunnen beginnen met een antivirusprogramma te downloaden, anders blijft het dweilen met de kraan open. Geen wonder dat allerlei ongedierte op de PC is aangespoeld ... en blijft aanspoelen :sad

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

O20 - AppInit_DLLs: C:\DOCUME~1\Chris\APPLIC~1\DivX\DRVMSU~1\msftldr.dll

Klik op 'Fix checked' om de items te verwijderen.

Laat dan Malwarebytes opnieuw scannen. Schakel de PC uit en start hem opnieuw op.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
  • Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht; samen met een nieuw HijackThis log en een nieuw log van Malwarebytes.

Link naar reactie
Delen op andere sites
UB40 Leerling

UB40

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

ComboFix 10-07-14.04 - Chris 15-07-2010 17:58:13.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.361 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Chris\LOCALS~1\Temp\install_flash_player.exe

c:\documents and settings\Chris\Local Settings\Application Data\hceusiine

c:\documents and settings\Chris\Local Settings\Application Data\hceusiine\ytcsqnctssd.exe

c:\documents and settings\Chris\Local Settings\Application Data\Windows Server

c:\documents and settings\Chris\Local Settings\Application Data\Windows Server\config.data

c:\documents and settings\Chris\Local Settings\Application Data\Windows Server\thread.xml

c:\documents and settings\Chris\Local Settings\Application Data\Windows Server\worker.info

c:\documents and settings\Chris\setup_dex_1.0.7228.exe

c:\windows\Fonts\mlog

c:\windows\google_cache879.tmp

c:\windows\system32\dfttuyo.txt

c:\windows\system32\dfttuyox.exe

c:\windows\system32\hlp.dat

c:\windows\system32\Install.txt

c:\windows\system32\msmxjchn.dll

Besmet exemplaar van c:\windows\system32\drivers\ndis.sys werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\ndis.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASPIMGR

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-15 to 2010-07-15 ))))))))))))))))))))))))))))))

.

2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes

2010-07-14 20:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-14 20:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-14 20:13 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-14 20:05 . 2010-07-14 20:05 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2010-07-14 20:05 . 2010-07-14 20:05 2560 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftdm32.exe

2010-07-14 20:05 . 2010-07-14 20:05 2560 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftdm.exe

2010-07-14 20:05 . 2010-07-14 20:05 16384 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftstp.exe

2010-07-14 20:05 . 2010-07-14 20:05 40960 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msfteml.dll

2010-07-14 20:05 . 2010-07-14 20:05 49152 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftcore.dll

2010-07-14 20:05 . 2010-07-14 20:05 28672 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftldr.dll

2010-07-13 22:06 . 2010-07-14 21:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-07-13 22:06 . 2010-07-13 22:06 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-07-13 20:56 . 2010-07-13 20:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-07-13 20:19 . 2010-07-13 20:21 -------- d-----w- c:\program files\VirtualDJ

2010-07-13 20:15 . 2010-07-13 20:15 -------- d-----w- c:\documents and settings\Chris\Application Data\Apple Computer

2010-07-13 19:27 . 2010-07-13 19:27 2303 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com

2010-07-13 18:06 . 2010-07-13 18:06 -------- d-----w- c:\documents and settings\Chris\Application Data\PCDJ

2010-07-13 18:03 . 2010-07-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDJ

2010-07-13 17:57 . 2010-07-13 18:57 -------- d-----w- c:\program files\PCDJ DEX

2010-07-13 16:29 . 2010-07-13 16:29 2105 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\msnia.login.live.com

2010-07-13 16:29 . 2010-07-13 16:29 2095 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\login.live.com

2010-07-12 23:31 . 2010-07-13 20:28 159112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-12 16:49 . 2010-07-12 16:49 -------- d-----w- c:\program files\Gravity

2010-07-11 15:00 . 2010-07-11 15:00 2165 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com

2010-07-06 20:33 . 2010-05-24 18:33 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-07-06 20:33 . 2010-07-06 20:33 -------- d-----w- c:\program files\ffdshow

2010-07-03 18:40 . 2010-07-13 15:49 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-07-03 15:57 . 2010-07-03 15:57 -------- d--h--w- c:\windows\PIF

2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\windows\system32\drivers\NSS

2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\program files\Norton Security Scan

2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\program files\NortonInstaller

2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-07-03 12:10 . 2010-07-03 12:53 -------- d-----w- c:\program files\LQ Software

2010-07-01 21:13 . 2010-07-01 21:13 0 ----a-w- c:\windows\nsreg.dat

2010-07-01 21:13 . 2010-07-01 21:13 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Mozilla

2010-06-29 16:58 . 2010-06-29 17:00 -------- d-----w- c:\program files\QuickTime

2010-06-29 16:58 . 2010-06-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-29 16:57 . 2010-06-29 16:57 -------- d-sh--w- c:\documents and settings\Chris\PrivacIE

2010-06-29 16:57 . 2010-06-29 16:57 -------- d-----w- c:\program files\Common Files\Apple

2010-06-29 16:57 . 2010-06-29 16:57 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple

2010-06-29 16:56 . 2010-06-29 16:57 -------- d-----w- c:\program files\Apple Software Update

2010-06-29 16:56 . 2010-06-29 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-06-29 16:56 . 2010-06-29 16:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple Computer

2010-06-29 14:48 . 2010-06-29 14:48 128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\fusioncache.dat

2010-06-29 14:48 . 2010-06-29 14:50 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\ApplicationHistory

2010-06-29 09:02 . 2008-04-14 17:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-06-29 08:42 . 2010-07-14 22:04 -------- d-----w- c:\documents and settings\Chris\Application Data\BitTorrent

2010-06-29 08:42 . 2010-06-29 08:42 -------- d-----w- c:\program files\BitTorrent

2010-06-27 11:56 . 2010-06-27 11:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\DOSBox

2010-06-27 11:56 . 2010-06-27 12:32 -------- d-----w- c:\program files\DOSBox-0.74

2010-06-27 11:55 . 2010-06-27 11:55 25 ----a-w- c:\windows\popcinfot.dat

2010-06-27 11:55 . 2010-06-27 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games

2010-06-26 22:24 . 2010-06-26 22:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-06-26 17:23 . 2010-06-26 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-06-26 17:22 . 2010-06-26 17:22 -------- d-sh--w- c:\documents and settings\Chris\IETldCache

2010-06-26 17:20 . 2010-06-26 17:20 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Search

2010-06-26 17:15 . 2010-06-26 17:15 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-26 17:13 . 2010-05-06 10:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-26 17:13 . 2010-05-06 10:36 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-26 17:13 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-26 17:13 . 2010-06-27 19:30 -------- d-----w- c:\windows\ie8updates

2010-06-26 17:13 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-26 17:09 . 2010-06-26 17:11 -------- dc-h--w- c:\windows\ie8

2010-06-26 16:50 . 2010-06-26 16:50 -------- d-----w- c:\windows\system32\XPSViewer

2010-06-26 16:50 . 2010-06-26 16:50 -------- d-----w- c:\program files\Reference Assemblies

2010-06-26 16:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-06-26 16:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-06-26 16:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-06-26 16:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-06-26 16:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-06-26 16:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-06-26 16:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-06-26 16:49 . 2010-06-26 16:49 -------- d-----w- C:\04043b209dec1c33afa59ab71e

2010-06-26 16:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-06-26 16:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-06-26 16:38 . 2010-06-26 16:38 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Desktop Search

2010-06-26 16:37 . 2010-06-27 19:22 -------- d-----w- c:\program files\Windows Desktop Search

2010-06-26 16:37 . 2010-06-26 16:37 -------- d-----w- c:\windows\system32\GroupPolicy

2010-06-26 16:36 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2010-06-26 16:36 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2010-06-26 16:36 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2010-06-26 16:36 . 2010-06-26 16:36 -------- d-----w- c:\program files\Windows Media Connect 2

2010-06-26 16:34 . 2010-06-26 16:34 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-06-26 16:31 . 2010-06-26 16:32 -------- d-----w- c:\windows\system32\URTTemp

2010-06-26 10:03 . 2010-07-12 17:23 -------- d-----w- c:\program files\zf

2010-06-16 16:09 . 2010-05-06 10:36 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-16 16:09 . 2010-05-06 10:36 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-16 16:09 . 2010-05-06 10:36 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-06-16 16:09 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-16 16:09 . 2010-05-06 10:36 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-06-16 16:09 . 2009-03-08 02:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll

2010-06-16 16:09 . 2009-03-08 02:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll

2010-06-16 16:09 . 2009-02-06 19:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-15 14:49 . 2010-01-12 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-14 20:17 . 2010-01-12 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-07-14 20:05 . 2010-02-06 15:26 -------- d-----w- c:\documents and settings\Chris\Application Data\DivX

2010-07-13 22:09 . 2010-03-31 15:30 -------- d-----w- c:\documents and settings\Chris\Application Data\dvdcss

2010-07-13 20:26 . 2010-04-04 19:50 -------- d-----w- c:\documents and settings\Chris\Application Data\.purple

2010-07-13 19:39 . 2010-02-07 12:35 -------- d-----w- c:\documents and settings\Chris\Application Data\vlc

2010-07-13 18:06 . 2010-01-12 19:42 69640 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-07 17:46 . 2003-04-08 12:00 537436 ----a-w- c:\windows\system32\perfh013.dat

2010-07-07 17:46 . 2003-04-08 12:00 101538 ----a-w- c:\windows\system32\perfc013.dat

2010-07-06 16:40 . 2010-02-07 12:37 3376 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-26 16:50 . 2010-01-12 19:52 -------- d-----w- c:\program files\MSBuild

2010-06-14 14:31 . 2010-01-12 13:06 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-05-31 11:01 . 2010-05-31 11:00 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-23 18:35 . 2010-04-24 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-05-23 18:34 . 2010-04-24 21:36 -------- d-----w- c:\documents and settings\Chris\Application Data\Skype

2010-05-23 18:29 . 2010-04-24 21:37 -------- d-----w- c:\documents and settings\Chris\Application Data\skypePM

2010-05-06 10:37 . 2006-06-23 12:29 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:10 . 2003-04-08 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-24 21:37 . 2010-04-24 21:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-04-20 05:35 . 2003-04-08 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

.

------- Sigcheck -------

[7] 2008-04-14 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . 34280C5B6B875D7100504204CFFD7527 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2005-03-02 . 0B62745CE93E8C6F56547F70269DBABC . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll

[-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2004-08-04 . 8E5D344FD717D35EE7ED1C8E0AD0CBE6 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2003-04-08 . 2E8CEC28BE4D9B830BA0AFF73C9279F7 . 561664 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB890859_0$\user32.dll

[7] 2008-04-14 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-14 . E118FC715924EDB5648A9B47319A40E8 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2006-05-19 . B6CF1CC6D4DC9FF11C35FD1CA4D744D3 . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819_0$\ws2_32.dll

[7] 2004-08-04 . 06EBCBE58321E924980148B7E3DBD753 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2003-04-08 . 3EA6EDC08BB3F373839060EA8B40CE72 . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB914388_0$\ws2_32.dll

[7] 2008-04-14 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[-] 2008-04-14 . 5B75040C101C65694B9EAC24BF2088F2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[7] 2004-08-04 . 3B728289DFA923A2C12BE827382C2DB1 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-07-13 6082368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"Windows Service Host"= c:\documents and settings\Chris\Application Data\svhost.exe

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\LQ Software\\msnmsgr.exe"=

S0 kdddtq;kdddtq; [x]

S0 skmkmetq;skmkmetq; [x]

S2 ManyCamq;ManyCamq;\??\c:\windows\System32\DRIVERS\ManyCamq.sys --> c:\windows\System32\DRIVERS\ManyCamq.sys [?]

S3 ATMELFVNETusb(505A_2958)®;ATMEL FVNETusb(505A_2958)® Service for ATMEL USB FastVNET (505A);c:\windows\system32\drivers\vnet5a8x.sys [20-2-2010 18:29 119936]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]

S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\Chris\BUREAU~1\AIRCRA~1.COM\AIRCRA~1.3-W\bin\PEEK5.SYS --> c:\docume~1\Chris\BUREAU~1\AIRCRA~1.COM\AIRCRA~1.3-W\bin\PEEK5.SYS [?]

.

Inhoud van de 'Gedeelde Taken' map

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-436374069-854245398-1004Core.job

- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 12:17]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-436374069-854245398-1004UA.job

- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 12:17]

2010-07-13 c:\windows\Tasks\Norton Security Scan for Chris.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 07:48]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = <local>

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\ozdkuk7y.default\

FF - plugin: c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-15 18:09

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3272)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2010-07-15 18:15:52 - machine werd herstart

ComboFix-quarantined-files.txt 2010-07-15 16:15

Pre-Run: 21.944.426.496 bytes beschikbaar

Post-Run: 22.062.223.360 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 77F6FF005A1C2FA28403D47C77E75DD9

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:19:59, on 15-7-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

E:\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

--

End of file - 3833 bytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4314

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15-7-2010 18:44:28

mbam-log-2010-07-15 (18-44-28).txt

Scantype: Snelle scan

Objecten gescand: 131747

Verstreken tijd: 21 minuut/minuten, 31 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

En ik heb inmiddels anti virus geinstalleerd.

aangepast door UB40
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst: (aangepast)

En welk antivirusprogramma mag dat dan wel zijn ?

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\System32\DRIVERS\ManyCamq.sys

c:\windows\popcinfot.dat

Folder::

c:\program files\Common Files\Symantec Shared

c:\documents and settings\All Users\Application Data\Norton

c:\windows\system32\drivers\NSS

c:\program files\Norton Security Scan

c:\documents and settings\All Users\Application Data\Symantec

c:\program files\NortonInstaller

c:\documents and settings\All Users\Application Data\NortonInstaller

Driver::

kdddtq

skmkmetq

ManyCamq

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

aangepast door kape
Link naar reactie
Delen op andere sites
UB40 Leerling

UB40

Geplaatst:
  • Auteur
Geplaatst:

Ik heb Sophos als anti virus programma geïnstalleerd.

Hieronder het combo logje:

ComboFix 10-07-14.04 - Chris 15-07-2010 19:16:23.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.203 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Chris\Bureaublad\CFScript.txt..txt

AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

FILE ::

"c:\windows\popcinfot.dat"

"c:\windows\System32\DRIVERS\ManyCamq.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Norton

c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\isolate.ini

c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Module9000.txt

c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\Connections\connections.dat

c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{65190544-26C3-43a4-A78A-694964901607}.dat

c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{6E3396BD-C6A6-4f0f-9254-267F9058FEC4}.dat

c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat

c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{D4F4CC32-7A41-4684-AE57-41E59E9B4503}.dat

c:\documents and settings\All Users\Application Data\Norton\symdata.xml

c:\documents and settings\All Users\Application Data\NortonInstaller

c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\07-03-2010-16h30m11s\Install.1.mft.7z

c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\07-03-2010-16h30m11s\NortonInstall-07-03-2010-16h30m11s.log

c:\documents and settings\All Users\Application Data\Symantec

c:\documents and settings\All Users\Application Data\Symantec\symdata.xml

c:\program files\Common Files\Symantec Shared

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\catalog.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\cceraser.dll

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ecmsvr32.dll

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\eeCtrl.sys

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ERASER.grd

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ERASER.sig

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ERASER.spm

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ERASER.sys

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ESRDEF.BIN

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\HH

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\naveng.sys

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\naveng32.dll

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\navex15.sys

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\navex32a.dll

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ncsacert.txt

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\scrauth.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\symaveng.cat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\symaveng.inf

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\SymErase.cat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\SymErase.inf

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TCDEFS.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TCSCAN7.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TCSCAN8.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TCSCAN9.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\technote.txt

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TINF.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\tinfidx.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TINFL.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TSCAN1.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\tscan1hd.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\V.GRD

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\V.SIG

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN.INF

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN1.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN2.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN3.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN4.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN5.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN6.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN7.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN8.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN9.DAT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\virscant.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\WHATSNEW.TXT

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\zdone.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\catalog.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.grd

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sig

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.spm

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\esrdef.bin

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\hh

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng.sys

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\navex15.sys

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\symaveng.cat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\symaveng.inf

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SymErase.cat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SymErase.inf

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcdefs.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan7.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan8.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan9.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\technote.txt

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinf.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfl.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tscan1.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tscan1hd.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\v.grd

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\v.sig

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan.inf

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan1.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan2.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan3.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan4.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan5.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan6.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan7.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan8.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan9.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\whatsnew.txt

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\zdone.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\definfo.dat

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\umcat_01.db

c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\usage.dat

c:\program files\Norton Security Scan

c:\program files\Norton Security Scan\Engine\2.7.3.34\{2A85E335-7417-424d-AD89-31DED1689794}.dat

c:\program files\Norton Security Scan\Engine\2.7.3.34\{407D1C08-B366-4aca-92FB-E04E97F6681D}.dat

c:\program files\Norton Security Scan\Engine\2.7.3.34\BilBDRes.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\ccL80U.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\ccScanw.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\ccVrTrst.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\dec_abi.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\DefLoad.exe

c:\program files\Norton Security Scan\Engine\2.7.3.34\DefUtDCD.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\diLueCbk.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\ecmldr32.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\HeartBt.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\help.htm

c:\program files\Norton Security Scan\Engine\2.7.3.34\Microsoft.VC80.CRT.manifest

c:\program files\Norton Security Scan\Engine\2.7.3.34\msl.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\msvcp80.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\msvcr80.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe

c:\program files\Norton Security Scan\Engine\2.7.3.34\patch25d.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\PrdDtRes.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\ReputationCacheDB.db

c:\program files\Norton Security Scan\Engine\2.7.3.34\RevList.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\SAUpdt.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanCore.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanRes.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanText.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\SKUCfg.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\SKURes.dll

c:\program files\Norton Security Scan\Engine\2.7.3.34\SymHTML.dll

c:\program files\Norton Security Scan\isolate.ini

c:\program files\NortonInstaller

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\13\01\InstUI.loc

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\ccL80U.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\ccSet.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Engine.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\extract.dat

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\fallback.dat

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\finalzed.dat

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Install.mft

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstUI.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\layout.dat

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Lue.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\msvcm80.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\msvcp80.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\msvcr80.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\ProdCbk.dll

c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\SKUCfg.dll

c:\windows\popcinfot.dat

c:\windows\system32\drivers\NSS

c:\windows\system32\drivers\NSS\0207030.022\isolate.ini

Besmet exemplaar van c:\windows\system32\ws2_32.dll werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\ws2_32.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KDDDTQ

-------\Legacy_MANYCAMQ

-------\Legacy_SKMKMETQ

-------\Service_kdddtq

-------\Service_ManyCamq

-------\Service_skmkmetq

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-15 to 2010-07-15 ))))))))))))))))))))))))))))))

.

2010-07-15 17:14 . 2010-07-15 17:14 2157 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com

2010-07-15 16:50 . 2010-07-15 16:50 2105 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\msnia.login.live.com

2010-07-15 16:50 . 2010-07-15 16:50 2095 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\login.live.com

2010-07-15 16:27 . 2010-07-15 16:27 -------- d-----w- c:\program files\Common Files\Cisco Systems

2010-07-15 16:27 . 2009-07-30 10:36 152192 ----a-r- c:\windows\system32\drivers\savonaccesscontrol.sys

2010-07-15 16:27 . 2009-07-30 10:36 24064 ----a-r- c:\windows\system32\drivers\savonaccessfilter.sys

2010-07-15 16:27 . 2009-12-07 07:22 26664 ----a-w- c:\windows\system32\SophosBootTasks.exe

2010-07-15 16:26 . 2010-07-15 16:32 -------- d-----w- c:\program files\Sophos

2010-07-15 16:26 . 2010-07-15 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos

2010-07-15 16:25 . 2008-05-23 05:38 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys

2010-07-15 16:25 . 2010-07-15 16:25 -------- d-----w- C:\savw_9_sa

2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes

2010-07-14 20:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-14 20:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-14 20:13 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-14 20:05 . 2010-07-14 20:05 -------- d-----r- c:\documents and settings\LocalService\Favorieten

2010-07-14 20:05 . 2010-07-14 20:05 2560 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftdm32.exe

2010-07-14 20:05 . 2010-07-14 20:05 2560 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftdm.exe

2010-07-14 20:05 . 2010-07-14 20:05 16384 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftstp.exe

2010-07-14 20:05 . 2010-07-14 20:05 40960 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msfteml.dll

2010-07-14 20:05 . 2010-07-14 20:05 49152 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftcore.dll

2010-07-14 20:05 . 2010-07-14 20:05 28672 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftldr.dll

2010-07-13 22:06 . 2010-07-14 21:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-07-13 22:06 . 2010-07-13 22:06 -------- d-----w- c:\program files\Hitman Pro 3.5

2010-07-13 20:56 . 2010-07-13 20:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-07-13 20:19 . 2010-07-13 20:21 -------- d-----w- c:\program files\VirtualDJ

2010-07-13 20:15 . 2010-07-13 20:15 -------- d-----w- c:\documents and settings\Chris\Application Data\Apple Computer

2010-07-13 18:06 . 2010-07-13 18:06 -------- d-----w- c:\documents and settings\Chris\Application Data\PCDJ

2010-07-13 18:03 . 2010-07-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDJ

2010-07-13 17:57 . 2010-07-13 18:57 -------- d-----w- c:\program files\PCDJ DEX

2010-07-12 23:31 . 2010-07-13 20:28 159112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-12 16:49 . 2010-07-12 16:49 -------- d-----w- c:\program files\Gravity

2010-07-11 15:00 . 2010-07-11 15:00 2165 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com

2010-07-06 20:33 . 2010-05-24 18:33 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-07-06 20:33 . 2010-07-06 20:33 -------- d-----w- c:\program files\ffdshow

2010-07-03 15:57 . 2010-07-03 15:57 -------- d--h--w- c:\windows\PIF

2010-07-03 12:10 . 2010-07-03 12:53 -------- d-----w- c:\program files\LQ Software

2010-07-01 21:13 . 2010-07-01 21:13 0 ----a-w- c:\windows\nsreg.dat

2010-07-01 21:13 . 2010-07-01 21:13 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Mozilla

2010-06-29 16:58 . 2010-06-29 17:00 -------- d-----w- c:\program files\QuickTime

2010-06-29 16:58 . 2010-06-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-29 16:57 . 2010-06-29 16:57 -------- d-sh--w- c:\documents and settings\Chris\PrivacIE

2010-06-29 16:57 . 2010-06-29 16:57 -------- d-----w- c:\program files\Common Files\Apple

2010-06-29 16:57 . 2010-06-29 16:57 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple

2010-06-29 16:56 . 2010-06-29 16:57 -------- d-----w- c:\program files\Apple Software Update

2010-06-29 16:56 . 2010-06-29 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-06-29 16:56 . 2010-06-29 16:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple Computer

2010-06-29 14:48 . 2010-06-29 14:48 128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\fusioncache.dat

2010-06-29 14:48 . 2010-06-29 14:50 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\ApplicationHistory

2010-06-29 09:02 . 2008-04-14 17:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-06-29 08:42 . 2010-07-14 22:04 -------- d-----w- c:\documents and settings\Chris\Application Data\BitTorrent

2010-06-29 08:42 . 2010-06-29 08:42 -------- d-----w- c:\program files\BitTorrent

2010-06-27 11:56 . 2010-06-27 11:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\DOSBox

2010-06-27 11:56 . 2010-06-27 12:32 -------- d-----w- c:\program files\DOSBox-0.74

2010-06-27 11:55 . 2010-06-27 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games

2010-06-26 22:24 . 2010-06-26 22:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-06-26 17:23 . 2010-06-26 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-06-26 17:22 . 2010-06-26 17:22 -------- d-sh--w- c:\documents and settings\Chris\IETldCache

2010-06-26 17:20 . 2010-06-26 17:20 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Search

2010-06-26 17:15 . 2010-06-26 17:15 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-26 17:13 . 2010-05-06 10:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-06-26 17:13 . 2010-05-06 10:36 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-26 17:13 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-26 17:13 . 2010-06-27 19:30 -------- d-----w- c:\windows\ie8updates

2010-06-26 17:13 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-06-26 17:09 . 2010-06-26 17:11 -------- dc-h--w- c:\windows\ie8

2010-06-26 16:50 . 2010-06-26 16:50 -------- d-----w- c:\windows\system32\XPSViewer

2010-06-26 16:50 . 2010-06-26 16:50 -------- d-----w- c:\program files\Reference Assemblies

2010-06-26 16:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-06-26 16:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-06-26 16:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-06-26 16:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-06-26 16:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-06-26 16:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-06-26 16:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-06-26 16:49 . 2010-06-26 16:49 -------- d-----w- C:\04043b209dec1c33afa59ab71e

2010-06-26 16:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-06-26 16:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-06-26 16:38 . 2010-06-26 16:38 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Desktop Search

2010-06-26 16:37 . 2010-06-27 19:22 -------- d-----w- c:\program files\Windows Desktop Search

2010-06-26 16:37 . 2010-06-26 16:37 -------- d-----w- c:\windows\system32\GroupPolicy

2010-06-26 16:36 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2010-06-26 16:36 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2010-06-26 16:36 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2010-06-26 16:36 . 2010-06-26 16:36 -------- d-----w- c:\program files\Windows Media Connect 2

2010-06-26 16:34 . 2010-06-26 16:34 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-06-26 16:31 . 2010-06-26 16:32 -------- d-----w- c:\windows\system32\URTTemp

2010-06-26 10:03 . 2010-07-15 16:56 -------- d-----w- c:\program files\zf

2010-06-16 16:09 . 2010-05-06 10:36 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-16 16:09 . 2010-05-06 10:36 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-16 16:09 . 2010-05-06 10:36 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-06-16 16:09 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2010-06-16 16:09 . 2010-05-06 10:36 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-06-16 16:09 . 2009-03-08 02:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll

2010-06-16 16:09 . 2009-03-08 02:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll

2010-06-16 16:09 . 2009-02-06 19:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-15 17:25 . 2010-04-04 19:50 -------- d-----w- c:\documents and settings\Chris\Application Data\.purple

2010-07-15 17:18 . 2010-01-12 19:42 70408 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-15 14:49 . 2010-01-12 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-14 20:17 . 2010-01-12 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-07-14 20:05 . 2010-02-06 15:26 -------- d-----w- c:\documents and settings\Chris\Application Data\DivX

2010-07-13 22:09 . 2010-03-31 15:30 -------- d-----w- c:\documents and settings\Chris\Application Data\dvdcss

2010-07-13 19:39 . 2010-02-07 12:35 -------- d-----w- c:\documents and settings\Chris\Application Data\vlc

2010-07-07 17:46 . 2003-04-08 12:00 537436 ----a-w- c:\windows\system32\perfh013.dat

2010-07-07 17:46 . 2003-04-08 12:00 101538 ----a-w- c:\windows\system32\perfc013.dat

2010-07-06 16:40 . 2010-02-07 12:37 3376 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-26 16:50 . 2010-01-12 19:52 -------- d-----w- c:\program files\MSBuild

2010-06-14 14:31 . 2010-01-12 13:06 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2010-05-31 11:01 . 2010-05-31 11:00 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-23 18:35 . 2010-04-24 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-05-23 18:34 . 2010-04-24 21:36 -------- d-----w- c:\documents and settings\Chris\Application Data\Skype

2010-05-23 18:29 . 2010-04-24 21:37 -------- d-----w- c:\documents and settings\Chris\Application Data\skypePM

2010-05-06 10:37 . 2006-06-23 12:29 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:10 . 2003-04-08 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-24 21:37 . 2010-04-24 21:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-04-20 05:35 . 2003-04-08 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

.

------- Sigcheck -------

[7] 2008-04-14 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . 34280C5B6B875D7100504204CFFD7527 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2005-03-02 . 0B62745CE93E8C6F56547F70269DBABC . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll

[-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2004-08-04 . 8E5D344FD717D35EE7ED1C8E0AD0CBE6 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2003-04-08 . 2E8CEC28BE4D9B830BA0AFF73C9279F7 . 561664 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB890859_0$\user32.dll

[7] 2008-04-14 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[-] 2008-04-14 . 5B75040C101C65694B9EAC24BF2088F2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[7] 2004-08-04 . 3B728289DFA923A2C12BE827382C2DB1 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-07 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-07-13 6082368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-9-4 429096]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"Windows Service Host"= c:\documents and settings\Chris\Application Data\svhost.exe

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\LQ Software\\msnmsgr.exe"=

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [15-7-2010 18:27 152192]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [15-7-2010 18:27 24064]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [7-9-2009 12:11 104488]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7-9-2009 12:11 93736]

S3 ATMELFVNETusb(505A_2958)®;ATMEL FVNETusb(505A_2958)® Service for ATMEL USB FastVNET (505A);c:\windows\system32\drivers\vnet5a8x.sys [20-2-2010 18:29 119936]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]

S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\Chris\BUREAU~1\AIRCRA~1.COM\AIRCRA~1.3-W\bin\PEEK5.SYS --> c:\docume~1\Chris\BUREAU~1\AIRCRA~1.COM\AIRCRA~1.3-W\bin\PEEK5.SYS [?]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [15-7-2010 18:25 14976]

.

Inhoud van de 'Gedeelde Taken' map

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-436374069-854245398-1004Core.job

- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 12:17]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-436374069-854245398-1004UA.job

- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 12:17]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = <local>

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\ozdkuk7y.default\

FF - plugin: c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-15 19:29

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(2716)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Sophos\AutoUpdate\ALsvc.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2010-07-15 19:34:31 - machine werd herstart

ComboFix-quarantined-files.txt 2010-07-15 17:34

ComboFix2.txt 2010-07-15 16:15

Pre-Run: 21.508.681.728 bytes beschikbaar

Post-Run: 21.571.358.720 bytes beschikbaar

- - End Of File - - 7A4BA8DCD1F95ABA4912C458B0C14951

Link naar reactie
Delen op andere sites
UB40 Leerling

UB40

Geplaatst:
  • Auteur
Geplaatst:

Kent u toevallig ook nog een gratis virus scanner?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:53:46, on 15-7-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Pidgin\pidgin.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

E:\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Sophos AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--

End of file - 4484 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Voor een gratis virusscanner kan je terecht bij AVG, AVAST of ANTIVIR bvb.

Nu alles er terug netjes uitziet, mag je aan het "opruimen" beginnen.

Verwijder HijackThis via Software.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.