Ga naar inhoud

Nogmaals FCCU virus


Aanbevolen berichten

Hallo,

Ik heb ook het FCCU virus op mijn laptop zitten. Ik heb hier op deze site er al wat over gelezen, ik zou dus hijackthis moeten installeren, nu het probleem bij mij is dat mijn pc niet in veilige modus wil starten (ook niet met netwerkmogelijkheden of opdrachtprompt). Telkens ik dit doe, verschijnt er dan een fractie van een seconde een blauw scherm (nog voor ik het "windows aan het laden" beeld zie) en waarop iets staat met onder andere "virussen", maar meer kan ik niet lezen, het gaat te snel. Hierna start hij terug op en moet ik weer F8 indrukken om op het menu met opstartmogelijkheden te komen.

Ik vrees dat ik in de miserie zit...

Iemand een idee of advies?

Is er iets mogelijk via F12? Met BIOS en systeeminstellingen of zo?

Het gaat om een Dell latitude E4600 met windows XP.

Alvast bedankt,

myt

aangepast door myt
extra info
Link naar reactie
Delen op andere sites

Download op een andere niet geïnfecteerde computer de Kaspersky Rescue CD en sla deze op je bureaublad op.

Download daarna IMG Burn en sla deze op je bureaublad op en installeer deze.

Start "IMG burn" en klik op "Write image file to disc"

  • Selecteer het image bestand van de Kaspersky Rescue CD en klik op de knop "Write"

  • Stop de Kaspersky Rescue CD, in de PC.
  • Start die PC opnieuw op.
  • Druk op een toets om het rescue systeem van Kaspersky te starten.

Bij “Press any key to enter the menu” druk je op gelijk welke toets om het menu van de Kaspersky Rescue CD te openen.

· Kies in het volgende scherm de optie "Kaspersky Rescue Disk - Grafische modus" en druk op enter.

· Druk hierna op "A" om de licentie overeenkomst te accepteren.

· Druk linksonderin het scherm op de taakbalk op het "pijltje" en kies de optie "bestandsbeheer"

· Ga in het bestandsbeheer naar "discs" en kies de "systeemschijf" waar Windows op staat.

· Navigeer naar de volgende map:

C:\Windows

  • Navigeer nu naar het volgende vetgedrukte bestand: explorer.exe
  • Klik nu met de rechtermuisknop op dit bestand en kies "Move to trash" en klik daarna op "OK"

· Navigeer nu naar het volgende vetgedrukte bestand: twexx32.dll

· Klik nu met de rechtermuisknop op dit bestand en kies "rename"

· Hernoem twexx32.dll nu naar explorer.exe

· Bevestig dit door op de knop "Accept" te klikken.

· Druk linksonderin het scherm op de taakbalk op het "pijltje" en kies de optie "Computer herstarten" en klik daarna op "Ja"

· Verwijder de 'Kaspersky Rescue CD' uit de CD/DVD drive als hierom wordt gevraagd en druk daarna op een willekeurige toets om het systeem opnieuw op te starten.

Link naar reactie
Delen op andere sites

  • 2 weken later...

hey,

alvast bedankt voor de hulp!

ik had verleden week niet veel tijd, nu wel weer.

De explorer.exe file zit bij mij in de map c:\winnt, ik vond daar geen file twexx32.dll dus heb er maar niets veranderd. Ik heb dus wel 2 of 3 tal keer kaspersky rescue cd laten draaien, in het begin kon ik na zo'n scan nog niets doen, na een 2e of 3e keer kon ik dan terug windows opstarten (zie log hieronder). Hierna heb ik McAfee en malwarebytes ge-update en laten draaien. McAfee heeft nog 2 infecties gevonden (zie log hieronder), malwarebytes vond niets meer.

Ik heb dan hijackthis geïnstalleerd, zie log hieronder.

Is het nu in orde of nog suggesties?

Kaspersky rescue cd scan:

--------------------------

Objects Scan: completed 16 hours ago (events: 19, objects: 377401, time: 08:25:29)

4/5/12 6:14 AM Task completed

4/5/12 6:14 AM Disinfected: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts

4/5/12 6:14 AM Disinfected: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts

4/4/12 10:50 PM Detected: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts

4/4/12 10:48 PM Untreated: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts Postponed

4/4/12 10:48 PM Detected: Trojan.Win32.Hosts2.gen C:/_OTM/MovedFiles/03062011_193052/C_WINNT/System32/drivers/etc/hosts

4/4/12 9:55 PM Untreated: Trojan-Ransom.Win32.Foreign.dhp C:/Documents and Settings/Joachim/Local Settings/Temp/arg279143.exe Postponed

4/4/12 9:55 PM Detected: Trojan-Ransom.Win32.Foreign.dhp C:/Documents and Settings/Joachim/Local Settings/Temp/arg279143.exe

4/4/12 9:54 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Joachim/Local Settings/Temp/0.20814534072178137.htm Postponed

4/4/12 9:54 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Joachim/Local Settings/Temp/0.20814534072178137.htm

4/4/12 9:54 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Joachim/Local Settings/Temp/0.13216184327747338.htm Postponed

4/4/12 9:54 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Joachim/Local Settings/Temp/0.13216184327747338.htm

4/4/12 9:54 PM Untreated: Trojan-Spy.Win32.Lurk.vq C:/Documents and Settings/Joachim/Local Settings/Temp/0.12011851835546083.htm Postponed

4/4/12 9:54 PM Detected: Trojan-Spy.Win32.Lurk.vq C:/Documents and Settings/Joachim/Local Settings/Temp/0.12011851835546083.htm

4/4/12 9:54 PM Untreated: Exploit.Java.CVE-2011-3544.ga C:/Documents and Settings/Joachim/Application Data/Sun/Java/Deployment/cache/6.0/6/607811c6-71001744/Wiki.class Postponed

4/4/12 9:54 PM Detected: Exploit.Java.CVE-2011-3544.ga C:/Documents and Settings/Joachim/Application Data/Sun/Java/Deployment/cache/6.0/6/607811c6-71001744/Wiki.class

4/4/12 9:54 PM Untreated: Trojan-Downloader.Win32.Avalod.tf C:/Documents and Settings/Joachim/Application Data/Sun/Java/Deployment/cache/6.0/38/54f24a26-371756c2 Postponed

4/4/12 9:54 PM Detected: Trojan-Downloader.Win32.Avalod.tf C:/Documents and Settings/Joachim/Application Data/Sun/Java/Deployment/cache/6.0/38/54f24a26-371756c2

4/4/12 9:49 PM Task started

Objects Scan: completed 2 hours ago (events: 2, objects: 1507, time: 00:02:11)

4/5/12 8:18 PM Task completed

4/5/12 8:16 PM Task started

Objects Scan: completed 1 hour ago (events: 2, objects: 375898, time: 00:58:57)

4/5/12 9:21 PM Task completed

4/5/12 8:22 PM Task started

<>: not defined: 0 (events: 1, objects: , time: 00:00:00)

4/5/12 9:45 PM Task started

Objects Scan: completed <1 minute ago (events: 2, objects: 377417, time: 01:00:51)

4/5/12 10:59 PM Task completed

4/5/12 9:58 PM Task started

McAfee scan:

-------------

9/04/2012 20:44:55 Programmabestandsversie = 5400.1158

9/04/2012 20:44:55 Versie AntiVirus-DAT = 6675.0

9/04/2012 20:44:55 Aantal detectiedefinities in EXTRA.DAT = Geen

9/04/2012 20:44:55 Namen van detectiedefinities in EXTRA.DAT = Geen

9/04/2012 20:44:43 Scan is gestart DELL\Joachim Volledige scan

9/04/2012 20:48:45 Niet gescand (het bestand is gecodeerd) c:\Documents and Settings\All Users\Application Data\TrackMania\Cache\E50C148420641E05E6E6DEA01AEC4B11_Skins%5cVehicles%5cCarCommon%5cAudi_R8_GT3.zip

9/04/2012 20:49:48 Verwijderd Joachim ODS(Volledige scan) c:\Documents and Settings\Joachim\Application Data\Sun\Java\Deployment\cache\6.0\47\718e082f-4e1da9bd\L.class JV/Exploit-Blacole.a (Paard van Troje)

9/04/2012 20:50:41 Verwijderd Joachim ODS(Volledige scan) c:\Documents and Settings\Joachim\Local Settings\Temporary Internet Files\Content.IE5\8QM1KNUS\main[1].htm JS/Exploit-Blacole.q!htm (Paard van Troje)

9/04/2012 20:51:40 Niet gescand (het bestand is gecodeerd) c:\Documents and Settings\Joachim\Mijn documenten\GrabIt Downloads\NIBBBQHPDH1.part01.rar

9/04/2012 20:51:45 Niet gescand (het bestand is gecodeerd) c:\Documents and Settings\Joachim\Mijn documenten\GrabIt Downloads\NIBBBQHPDH1.part84.rar

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Scanoverzicht

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande processen : 70

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gedetecteerde processen: 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde processen : 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande opstartsectoren : 2

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gedetecteerde opstartsectoren: 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde opstartsectoren : 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande bestanden: 124747

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Bestanden met detecties: 2

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Bestandsdetecties: 2

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde bestanden: 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Verwijderde bestanden: 2

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Niet-gescande bestanden: 26

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Scanoverzicht (Register scannen)

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande sleutels : 58602

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gedetecteerde sleutels: 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde sleutels: 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Verwijderde sleutels : 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Scanoverzicht (Cookies scannen)

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gescande cookies : 3903

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Gedetecteerde cookies: 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Opgeschoonde cookies : 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Verwijderde cookies : 0

9/04/2012 23:28:04 Scanoverzicht DELL\Joachim Duur : 2:43:21

9/04/2012 23:28:04 Scan is voltooid DELL\Joachim Volledige scan

hijackthis log file:

-----------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:04:02, on 10/04/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINNT\system32\AESTFltr.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINNT\system32\hkcmd.exe

C:\WINNT\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINNT\system32\PMService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\mfevtps.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\system32\svchost.exe

c:\program files\Uphclean\uphclean.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www/proxy_conf.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25488

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINNT\system32\EZ_GPO_Tool.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231615082718

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231615075093

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.uzleuven.be/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - AppInit_DLLs: winmm.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

O23 - Service: Energy Star EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINNT\system32\PMService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 12855 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www/proxy_conf.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25488

O1 - Hosts: ÿþ127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download MVPS Hosts.

Unzip het programma naar een door u bepaalde locatie.

Klik rechts op mvps.bat en kies voor “uitvoeren” om mvps.bat op te starten.

Druk op toets om door te gaan.

Van het bestaande bestand HOSTS op de standaardlocatie C:\windows\system32\drivers\etc wordt een backup gemaakt met de naam HOSTS.MVP

Dan wordt het bestand vervangen door de actuele MVPS Hosts-versie.

Maak dan een nieuw logje met Hijackthis.

Link naar reactie
Delen op andere sites

Bedankt voor de snelle reactie!

nieuwe hijack this log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:08:04, on 10/04/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINNT\system32\AESTFltr.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINNT\system32\hkcmd.exe

C:\WINNT\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINNT\system32\PMService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\mfevtps.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\system32\svchost.exe

c:\program files\Uphclean\uphclean.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O1 - Hosts: ::1 localhost #[iPv6]

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINNT\system32\EZ_GPO_Tool.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231615082718

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231615075093

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.uzleuven.be/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - AppInit_DLLs: winmm.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

O23 - Service: Energy Star EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINNT\system32\PMService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 12300 bytes

Link naar reactie
Delen op andere sites

Dit ziet er goed uit.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Link naar reactie
Delen op andere sites

eerste maal had ik combofix uitgevoerd maar vond hierna die log niet meer terug, heb het net nogmaals laten lopen,

hier combofix log:

nogmaals bedankt!

ComboFix 12-04-11.01 - Joachim 14/04/2012 14:07:46.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3536.2942 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Joachim\Bureaublad\ComboFix.exe

AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-14 to 2012-04-14 ))))))))))))))))))))))))))))))

.

.

2012-04-10 15:16 . 2012-04-11 18:53 -------- d--h--r- c:\documents and settings\Joachim\Onlangs geopend

2012-04-10 12:47 . 2012-04-10 12:47 -------- d-----w- c:\program files\CCleaner

2012-04-10 11:32 . 2012-04-10 11:32 388096 ----a-r- c:\documents and settings\Joachim\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-10 11:32 . 2012-04-10 11:32 -------- d-----w- c:\program files\Trend Micro

2012-04-04 21:46 . 2012-04-05 06:14 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 13:56 . 2011-03-03 21:48 22344 ----a-w- c:\winnt\system32\drivers\mbam.sys

2012-02-03 09:57 . 2006-04-24 13:31 1860224 ----a-w- c:\winnt\system32\win32k.sys

2012-01-29 10:38 . 2012-01-29 10:38 18816 ----a-w- c:\winnt\system32\drivers\dvd43llh.sys

2006-06-26 13:31 . 2008-11-25 08:06 4390 -c--a-w- c:\program files\jintegra_regjvm_JavaKwsVM.reg

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-11_19.06.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-14 11:47 . 2012-04-14 11:47 16384 c:\winnt\Temp\Perflib_Perfdata_8d4.dat

+ 2012-04-14 11:47 . 2012-04-14 11:47 16384 c:\winnt\Temp\Perflib_Perfdata_6b0.dat

- 2006-04-24 13:30 . 2012-04-11 12:53 85342 c:\winnt\system32\perfc013.dat

+ 2006-04-24 13:30 . 2012-04-14 11:51 85342 c:\winnt\system32\perfc013.dat

- 2006-04-24 13:30 . 2012-04-11 12:53 67282 c:\winnt\system32\perfc009.dat

+ 2006-04-24 13:30 . 2012-04-14 11:51 67282 c:\winnt\system32\perfc009.dat

+ 2006-04-24 13:30 . 2012-04-14 11:51 497804 c:\winnt\system32\perfh013.dat

- 2006-04-24 13:30 . 2012-04-11 12:53 497804 c:\winnt\system32\perfh013.dat

- 2006-04-24 13:30 . 2012-04-11 12:53 431478 c:\winnt\system32\perfh009.dat

+ 2006-04-24 13:30 . 2012-04-14 11:51 431478 c:\winnt\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"AESTFltr"="c:\winnt\system32\AESTFltr.exe" [2008-05-20 466944]

"Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2008-04-14 144384]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]

"EPA_EZ_GPO_Tool"="c:\winnt\system32\EZ_GPO_Tool.exe" [2005-01-21 69632]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-03-27 136768]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-22 442467]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2011-10-24 421888]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]

"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2011-03-08 136216]

"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2011-03-08 170008]

"Persistence"="c:\winnt\system32\igfxpers.exe" [2011-03-08 145432]

"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

"c:\\Documents and Settings\\Joachim\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Documents and Settings\\Joachim\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5sp.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp_server.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [31/07/2008 22:41 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [31/07/2008 22:41 21352]

R2 EPA_GPO_PMService;Energy Star EZ GPO Power Management Configuration Tool;c:\winnt\system32\PMService.exe [21/01/2005 16:07 81920]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/03/2011 23:48 654408]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [25/08/2010 20:07 22816]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\winnt\system32\mfevtps.exe [22/10/2010 13:01 69192]

R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [3/09/2008 15:05 108160]

R3 cvusbdrv;Broadcom USH CV;c:\winnt\system32\drivers\cvusbdrv.sys [25/11/2008 10:36 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [3/09/2008 14:33 244368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\winnt\system32\drivers\IntcHdmi.sys [6/01/2012 15:16 116224]

R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [3/03/2011 23:48 22344]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/01/2011 15:48 136176]

S3 camfilt2;camfilt2;c:\winnt\system32\drivers\camfilt2.sys [8/01/2011 16:02 94720]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2/06/2011 11:08 11336]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/01/2011 15:48 136176]

S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [22/10/2010 13:01 66536]

S3 Revoflt;Revoflt;c:\winnt\system32\drivers\revoflt.sys [19/01/2010 19:56 27064]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - uphcleanhlp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-17 c:\winnt\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2012-03-25 c:\winnt\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-07 06:14]

.

2012-04-14 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 13:48]

.

2012-04-11 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 13:48]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.standaard.be/index.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-14 14:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

"C040AC1900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(1828)

c:\documents and settings\Joachim\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\winnt\system32\webcheck.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

Voltooingstijd: 2012-04-14 14:15:18

ComboFix-quarantined-files.txt 2012-04-14 12:15

ComboFix2.txt 2012-04-11 19:08

.

Pre-Run: 29.221.900.288 bytes beschikbaar

Post-Run: 29.218.537.472 bytes beschikbaar

.

- - End Of File - - 053FD52BB57BE08FCA68D850F46F8F1C

Link naar reactie
Delen op andere sites

ik gebruik mijn pc momenteel nog zo weinig mogelijk, binnen wat ik doe lijkt alles normaal, maar dat was al zo van voor de combofix scan, en deze scan heeft wel nog de eerste keer abnormale dingen gevonden dacht ik.

ikzelf wist niet dat je zo ver moest gaan om die infectie ervan af te halen, maar zou toch graag zeker zijn dat alles weg is...

ik was op vakantie de laatste dagen, daarmee dat het iets langer geduurd heeft voor ik kon antwoorden.

toch nogmaals superbedankt voor de moeite die jullie doen!!

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.