Last van virus/malware/spyware en virusscan werkt niet meer

[kurt5]

hij blijft zeggen dat avg moet gewist worden er is nergens een spoor van avg behalve een icoontje dichtbij het horloge. Niets lukt alles wat ik probeer op te starten zoals combofix of hijack sluit vanzelf af zonder ee spoor na te laten. Ik ga een logje meeleveren van avg rescue CD voor usb, hij heeft de pc gescand bij het opstarten, misschien heb je er iets aan.

avgremover.log

[kurt5]

Heb er toch terug avg antivirus x64 kunnen opzetten, ga morgen met het hulpmiddel van avg de free editie eraf doen (hopelijk deze keer volledig) en proberen een hijackthislog en combofixlog te posten.

---------- Post toegevoegd om 23:29 ---------- Vorige post was om 23:19 ----------

Verdorie te vroeg victorie gekraaid, alles is bij het oude gebleven. Nu weet ik helemaal niet meer. Iemand?

[kape]

Wijzig het bestand combofix.exe eens in een andere naam bvb. 12345.exe ... en probeer dan eens of scannen (met de huidige onduidelijke toestand van AVG) wél lukt ?

[kurt5]

Blijft hetzelfde "ComboFix cannot run when AVG is installed. This is due to AVG's targeting of ComboFix's files/processes. It would be dangerous to continue. Please uninstall AVG or use another tool" komt iedere keer als melding.

[kape]

AVG (zowel de oude versie, als de nieuwe download) heb je toch verwijderd ? Laat dan CCleaner nog eens los op bestanden en register.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

[kurt5]

Verwijderen gaat niet meer en als ik remover laat lopen zegt hij dat alles verwijderd is, alleen blijft er een systeemmap staan in het menu start. Op de bijlage zie het openingsscherm van avg zoals nu bij mij en daaronder zoals het hoort. Ik heb gedaan wat je zei ivm ccleaner maar niets is veranderd

Miserie.doc

[kurt5]

Het is gelukt om Kaspersky Virus Removal Tool te laten scannen. Na de scan zeg ik hoe het gegaan is. Fingers cross

[kurt5]

Eindelijk, het is gelukt om een HijackThis-log te maken en hier is het

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:16:58, on 12/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

J:\1213456.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b02e53bd000000000000001a70351b31&tlver=1.4.19.19&affID=17160

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP - United States | Laptop Computers, Desktops, Printers, Servers and more

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - Windows Live OneCare

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer.CAB

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: Bonjour-service (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe (file missing)

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)

O23 - Service: SeaPort - Unknown owner - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TabletService - Unknown owner - C:\WINDOWS\system32\Tablet.exe (file missing)

O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (file missing)

--

End of file - 11375 bytes

En een logje van ComboFix

ComboFix 11-07-12.09 - Administrator 12/07/2011 22:34:41.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.543 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\123456.exe

AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Kaspersky Anti-virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\IsUn0413.exe

c:\windows\unin0413.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-06-12 to 2011-07-12 ))))))))))))))))))))))))))))))

.

.

2011-07-12 20:30 . 2011-07-12 20:31 -------- d-----w- C:\123456

2011-07-12 20:24 . 2011-07-12 20:24 118784 ----a-w- c:\windows\system32\chg.exe

2011-07-12 17:08 . 2011-07-12 17:08 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2011-07-11 21:13 . 2011-07-11 21:13 -------- d-----w- C:\$AVG

2011-07-11 20:21 . 2011-07-11 20:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group

2011-07-11 19:44 . 2011-07-11 19:44 -------- d-----w- c:\program files\Windows Sidebar

2011-07-09 16:37 . 2011-07-09 16:37 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-07-09 14:18 . 2011-07-11 18:53 -------- d-----w- c:\program files\Panda Security

2011-07-09 14:07 . 2011-07-09 14:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\f-secure

2011-07-09 14:05 . 2011-07-09 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2011-07-09 09:46 . 2011-07-09 09:46 -------- d-----w- c:\program files\Kaspersky Lab

2011-07-08 22:21 . 2011-07-08 22:21 -------- d-----w- c:\program files\Common Files\Solidworks Shared

2011-07-08 22:21 . 2011-07-08 22:21 -------- d-----w- c:\program files\BobCAD-CAM

2011-07-08 22:21 . 2011-07-08 22:21 -------- d-----w- C:\BobCAD-CAM Data

2011-06-29 10:36 . 2011-06-29 10:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers

2011-06-29 10:35 . 2011-06-29 10:36 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2011-06-29 10:35 . 2011-06-29 10:36 -------- d-----w- c:\program files\DVDVideoSoft

2011-06-28 18:58 . 2011-06-28 18:59 -------- d-----w- c:\program files\DdxProg

2011-06-23 20:43 . 2011-06-23 21:00 -------- d-----w- c:\program files\MP3Gain

2011-06-21 10:32 . 2011-06-21 10:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth

2011-06-18 09:30 . 2011-06-18 09:30 -------- d-----w- c:\documents and settings\NetworkService\Mijn documenten

2011-06-17 10:30 . 2011-06-17 11:05 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 21:33 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-12 19:04 . 2009-11-12 17:59 58112 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-07-12 19:01 . 2006-12-19 09:30 81920 ----a-w- c:\windows\system32\IoctlSvc_exe_1310417148.arl

2011-07-12 17:12 . 2008-05-26 21:18 439808 ----a-w- c:\windows\system32\searchindexer.exe

2011-05-02 15:31 . 2004-08-04 08:03 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 08:03 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 06:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:05 . 2004-08-04 08:03 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:05 . 2004-08-04 08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 16:05 . 2004-08-04 08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 12:01 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 06:15 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 . FCACAD9819D9A698AC93A7188D97F355 . 112128 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe

.

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2008-04-14 . 164B6F619C579FAD4E548ACC654FF710 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2004-08-04 . 78D969F35CD64BF0761F731FCA5FC99D . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe

.

c:\windows\System32\wuauclt.exe ... is niet aanwezig !!

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-06-10 11:29 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-11-29 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-11-17 106496]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^Sonic INSTALLit! Setup.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\Sonic INSTALLit! Setup.lnk

backup=c:\windows\pss\Sonic INSTALLit! Setup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2006-10-22 22:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2008-06-10 11:29 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-06-19 08:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2008-06-10 11:29 2049320 ----a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=

"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\CAMPOST V17\\bin\\win32\\icamflm.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpHost.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:RealVNC

.

R2 KeyP;KeyP;c:\windows\system32\drivers\KEYP.SYS [24/11/2009 20:47 19456]

R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [12/11/2009 20:27 161792]

S1 DK12DRV;DK12 WindowsNT Driver;c:\windows\system32\DRIVERS\DK12DRV.SYS --> c:\windows\system32\DRIVERS\DK12DRV.SYS [?]

S2 DK2DRV;DK2 WindowsNT Driver;\??\c:\windows\system32\Drivers\DK2DRV.SYS --> c:\windows\system32\Drivers\DK2DRV.SYS [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 21:58 136176]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 21:58 136176]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 19:57]

.

2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 19:57]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

Trusted Zone: bnpparibasfortis.be\www

Trusted Zone: dexia.be\directnet

Trusted Zone: google.be\www

Trusted Zone: google.com\earth

TCP: DhcpNameServer = 195.130.131.5 195.130.130.133

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS VERWIJDERD - - - -

.

MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe

AddRemove-Symbolen Acad 2000-14-LT98 Deel 1 - c:\windows\unin0413.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-12 22:40

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

.

c:\windows\$NtUninstallKB362$:SummaryInformation 0 bytes hidden from API

.

Scan succesvol afgerond

verborgen bestanden: 1

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,91,f3,ef,6b,ef,23,4d,8f,eb,74,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,91,f3,ef,6b,ef,23,4d,8f,eb,74,\

.

[HKEY_USERS\S-1-5-21-1532317299-4141702635-3741651046-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,42,98,d8,35,bc,de,46,93,a1,d9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,14,71,e1,eb,1a,d3,48,90,c6,bd,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,42,98,d8,35,bc,de,46,93,a1,d9,\

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\*PNPe28d\0000]

@DACL=(02 0000)

"Service"="1258051470"

"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"

"Class"="System"

"DeviceDesc"="PCI bus"

"Mfg"="Technologies Inc"

"LocationInformation"="on Microsoft ACPI-Compliant System"

"ConfigFlags"=dword:00000000

"Capabilities"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(900)

c:\windows\system32\GTGina.dll

.

Voltooingstijd: 2011-07-12 22:42:11

ComboFix-quarantined-files.txt 2011-07-12 20:42

.

Pre-Run: 66.595.524.608 bytes beschikbaar

Post-Run: 66.831.831.040 bytes beschikbaar

.

- - End Of File - - FAFC8851C6E935F26528ADB375FDEFB9

12 juli 2011 aangepast door kurt5

[kape]

In de o23-lijnen zitten heel wat programma's met de melding "file missing". Wil je die eens allemaal bekijken en melden of je die allemaal verwijderd hebt (en dus niet meer actief zijn).

Dit vetgedrukte bestand mag je manueel verwijderen : c:\windows\system32\chg.exe

En met Hijackthis mag je het volgende doen :

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b02e53bd000000000 000001a70351b31&tlver=1.4.19.19&affID=17160

Klik op 'Fix checked' om de items te verwijderen.

[kurt5]

Deze ken ik niet en heb ik niet gewist, tenzij Kaspersky dit heeft gedaan want hij had 24 slechte files gevonden. Hetgeen ik moest aanvinken staat er niet meer, ik moet wel zeggen dat ik ComboFix na het Hijacklog heb laten lopen misschien heeft ComFix dit opgeruimd.

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)

O23 - Service: SeaPort - Unknown owner - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (file missing)