Computer totaal geïnfecteerd

Status
Niet open voor verdere reacties.
Tyz3r

Tyz3r

Gebruiker
Lid geworden
2 sep 2007
Berichten
154
Na het downloaden van een torrent is mijn computer totaal geïnfecteerd. Het enige dat nog werkt is AVG (maar die kan er ook niet veel meer aan doen) en het virus. Er dagen ook steeds schermen op zoals 'Antivirus software alert' En een melding 'Windows Security Alert' Die ik niet meer vertrouw omdat AVG zegt dat die geïnfecteerd zijn. Als ik op die melding klik van Windows Security Alert komt er ook Security Suite, die ik nog nooit eerder heb gezien die steeds vraagt om software te kopen, anders ben ik "Unprotected" Ook vertrouw ik Security Suite niet, omdat er staat "Perfoming scan" ipv PerfoRming Scan en "Curent state" ipv CurRent State. Er worden ook steeds websites opgestart als porno.org en viagra.com

Als ik in veilige modus wil opstarten bij uitvoeren en dan msconfig krijg ik de melding "Application cannot be executed. The file msconfig.exe is infected. Do you want to activate your antivirus software now?" Dat krijg ik trouwens zelfs als ik alleen maar op het bureaublad de rechter muisknop klik.

Voor de duidelijkheid: Echt bijna niets werkt meer op de computer, ik zit nu dus ook op mijn laptop, niet op de computer.

Kan iemand mij helpen?
 
Ja lastig probleem,je bent waarschijnlijk het slachtoffer van een trojan die je niet zo 1 2 3 wegkrijgt.Deze cybercriminelen zijn er op uit om je te laten betalen voor nep antivirussoftware.Ik weet niet hoe de configuratie van je pc eruit ziet of je meerdere partities hebt e.d. anders zou ik persoonlijk opnieuw installeren ( C: partitie weggooien en dan weer opnieuw aanmaken tijdens installatie) dan ben je er zeker vanaf.Als C: je enigste partitie is wordt 't een ander verhaal ( als je data hebt die je niet wil verliezen),je kunt proberen in de veilige modus Mbam te installeren en die te laten draaien met administartorrechten.Het programma + NL handleiding is te downloaden via de link in m'n handtekening.
Succes.
Edit: Hier is een link van een HelpMijTopic om zulke infecties te verwijderen,schijnt te werken.
 
Laatst bewerkt:
Bedankt! Het was mij toch gelukt in de veilige modus te komen, maar daar kan ik natuurlijk geen internet verbinding maken, dus heb ik het programmaatje op een externe harde schijf gezet, vanuit daar geïnstalleerd op de computer. Het programma draait nu, inmiddels 22 geïnfecteerde objecten gescand.
 
Hoop voor je dat je er vanaf komt,heb m'n laatste post trouwens bijgewerkt voor als het je niet lukt.Hou me op de hoogte.
 
Het heeft nog niet geholpen... wel alvast bedankt voor al je hulp!
 
Welk besturingssysteem heb je? Heb je al naar de link gekeken in #2 ? Dat zou moeten werken afhankelijk v.h. besturingssysteem dat je hebt.Het is idd een lastige infectie,ik heb nog wel anders een oplossing deze hier die wel erg "tricky" is maar heb 'm zelf al eens uitgevoerd en werkte perfect.
 
Ik heb Windows XP Professional en ik heb al naar de link in #2 gekeken ja.
 
En ik neem aan dat ik alle mogelijke oplossingen moet uitvoeren in de veilige modus?

Edit:
Ik ben Combofix nu toch in normale modus aan het uitvoeren omdat dit ook in de tutorial gebeurd en omdat ik het idee heb dat dat toch beter is.
 
Laatst bewerkt:
Omdat ik combofix vanaf mijn externe harde schijf had geïnstalleerd, staat de harde schijf nog gekoppeld aan mijn computer, maar nou zag ik dat combofix een map op die harde schijf verwijderd heeft (de autorun) is dat wel de bedoeling? En moet ik die harde schijf nu loskoppelen?
 
Combofix had je eigenlijk van je buroblad moeten fraaien,dat staat ook in de handleiding als ik me niet vergis.Over die map autorun hoef je je geen zorgen te maken,die is waarschijnlijk een onderdeel van die trojan.Als je in je pc komt schakel dan systeemherstel uit,herstart de pc en zet hem dan weer aan,dan zijn al je herstelpunten weg want daar gaan de virussen zich ook nestelen.
 
Ik heb combofix van mijn harde schijf op mijn bureaublad geplaatst, vanuit daar heb ik combofix gedraaid.

Hoe schakel ik systeemherstel uit?

Combofix is nu klaar, het virus zie ik nu niet meer, wel rechts onderin de melding: "U bent mogelijk de dupe geworden van softwarevervalsing." De log.txt zie ik nu, die zal ik zo hier posten.
 
Hier de log.txt:

ComboFix 10-08-14.02 - Computer 15-08-2010 15:11:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.991.543 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Computer\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Computer\Local Settings\Application Data\bmopddcas
c:\documents and settings\Computer\Local Settings\Application Data\bmopddcas\nqirxutshdw.exe
c:\documents and settings\Computer\Local Settings\Application Data\dkuqdabvj
c:\documents and settings\Computer\Local Settings\Application Data\dkuqdabvj\nsuwdjqshdw.exe
c:\documents and settings\Computer\Local Settings\Application Data\Windows Server
c:\windows\$NtUninstallMTF1011$
c:\documents and settings\Computer\Application Data\ohydy.exe
c:\documents and settings\Computer\Local Settings\Application Data\bmopddcas\nqirxutshdw.exe
c:\documents and settings\Computer\Local Settings\Application Data\dkuqdabvj\nsuwdjqshdw.exe
c:\documents and settings\Computer\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\Computer\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Computer\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Computer\Local Settings\Application Data\Windows Server\uses32.dat
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
E:\Autorun.inf

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\explorer.exe

Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Psyche
-------\Service_PsycheEnqueue
-------\Legacy_IPFW
-------\Legacy_IP_FW
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_ip_fw
-------\Service_ipfw


(((((((((((((((((((( Bestanden Gemaakt van 2010-07-15 to 2010-08-15 ))))))))))))))))))))))))))))))
.

2010-08-14 23:56 . 2010-08-14 23:56 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-14 23:41 . 2010-08-14 23:41 -------- d-----w- c:\documents and settings\Computer\Application Data\Malwarebytes
2010-08-14 23:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 23:41 . 2010-08-14 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 23:41 . 2010-08-14 23:41 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2010-08-14 23:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-14 23:13 . 2010-08-14 23:13 -------- d-sh--w- c:\documents and settings\Computer\Onlangs geopend
2010-08-14 23:00 . 2010-08-14 23:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-14 19:35 . 2010-08-14 19:37 -------- d-----w- c:\documents and settings\Computer\Application Data\B8683D8A2430AB3B5BD37231D8E65445
2010-08-13 21:48 . 2010-08-14 20:03 0 ----a-w- c:\documents and settings\Computer\Local Settings\Application Data\prvlcl.dat
2010-08-13 01:13 . 2010-08-13 01:13 -------- d-----w- c:\program files\AVG
2010-08-13 01:13 . 2010-08-13 01:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg9
2010-08-11 21:47 . 2010-08-11 21:47 -------- d-----w- c:\documents and settings\Computer\Application Data\Souptoys
2010-08-11 21:47 . 2010-08-11 21:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Souptoys
2010-08-11 21:47 . 2010-08-11 21:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Souptoys2
2010-08-07 21:06 . 2010-08-07 21:06 -------- d-----w- c:\program files\Lighthouse Point 3D Screensaver
2010-08-07 21:06 . 2010-06-02 14:22 920576 ----a-w- c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2010-08-06 18:41 . 2010-08-06 18:41 -------- d-----w- c:\program files\Audacity
2010-08-05 18:23 . 2010-08-05 21:05 -------- d-----w- c:\program files\Freeplayer2
2010-08-05 16:29 . 2010-08-14 19:53 -------- d-----w- c:\documents and settings\Computer\Local Settings\Application Data\Spotify
2010-08-05 16:29 . 2010-08-14 19:53 -------- d-----w- c:\documents and settings\Computer\Application Data\Spotify
2010-08-05 16:29 . 2010-08-05 16:29 655360 ----a-w- c:\documents and settings\Computer\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-08-05 16:29 . 2010-08-05 16:29 282624 ----a-w- c:\documents and settings\Computer\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-08-05 16:29 . 2010-08-05 16:29 208896 ----a-w- c:\documents and settings\Computer\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-08-05 16:29 . 2010-08-05 16:29 -------- d-----w- c:\program files\Spotify
2010-08-05 04:40 . 2010-08-05 04:40 3026 ----a-w- c:\windows\system32\drivers\hwinterface.sys
2010-08-05 04:06 . 2010-08-05 04:06 -------- d-----w- c:\program files\MySQL
2010-08-05 04:06 . 2010-08-05 04:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\MySQL
2010-08-05 04:04 . 2010-08-05 04:04 -------- d-----w- c:\documents and settings\Computer\Application Data\HeidiSQL
2010-08-05 04:04 . 2010-08-05 04:04 -------- d-----w- c:\program files\HeidiSQL
2010-08-05 04:04 . 2010-08-05 04:04 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\HeidiSQL
2010-08-04 22:21 . 2010-08-04 22:21 2605008 ----a-w- c:\documents and settings\Computer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-08-04 12:51 . 2010-08-04 12:51 -------- d-----w- c:\program files\Sweex
2010-08-03 09:21 . 2010-08-03 09:21 503808 ----a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2da6c0d6-n\msvcp71.dll
2010-08-03 09:21 . 2010-08-03 09:21 499712 ----a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2da6c0d6-n\jmc.dll
2010-08-03 09:21 . 2010-08-03 09:21 348160 ----a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2da6c0d6-n\msvcr71.dll
2010-08-03 09:21 . 2010-08-03 09:21 61440 ----a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1f9f1525-n\decora-sse.dll
2010-08-03 09:21 . 2010-08-03 09:21 12800 ----a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1f9f1525-n\decora-d3d.dll
2010-08-03 08:28 . 2010-08-06 15:15 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-08-03 08:26 . 2010-08-06 15:21 -------- d-----w- c:\program files\Replay Music 3
2010-08-03 08:26 . 2010-08-03 08:26 -------- d-----w- c:\windows\Replay Music
2010-08-03 07:19 . 2010-08-03 07:19 -------- d-----w- c:\program files\CCleaner
2010-07-30 20:12 . 2010-07-30 20:12 -------- d-----w- c:\program files\energyXT
2010-07-30 10:40 . 2010-07-30 10:43 -------- d-----w- c:\program files\Chainer
2010-07-30 10:40 . 2010-07-30 10:40 -------- d-----w- c:\documents and settings\Computer\Application Data\Xlutop
2010-07-28 19:40 . 2010-07-28 19:40 -------- d-----w- c:\windows\.jagex_cache_32
2010-07-28 15:32 . 2010-07-28 15:32 -------- d-----w- c:\program files\BitTorrent
2010-07-28 11:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 13:24 . 2008-09-08 11:32 7864320 ---ha-w- c:\documents and settings\Computer\NTUSER.DAT
2010-08-15 13:24 . 2008-09-08 11:30 229376 ---ha-w- c:\documents and settings\LocalService\NTUSER.DAT
2010-08-15 13:24 . 2008-09-08 11:30 229376 ---ha-w- c:\documents and settings\NetworkService\NTUSER.DAT
2010-08-14 23:05 . 2010-08-14 22:59 524288 ---ha-w- c:\documents and settings\Administrator\NTUSER.DAT
2010-08-14 19:43 . 2010-04-07 20:35 -------- d-----w- c:\documents and settings\Computer\Application Data\Skype
2010-08-14 19:39 . 2010-04-06 19:04 -------- d-----w- c:\documents and settings\Computer\Application Data\BitTorrent
2010-08-14 14:01 . 2010-04-07 20:36 -------- d-----w- c:\documents and settings\Computer\Application Data\skypePM
2010-08-13 01:19 . 2010-04-07 20:28 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-13 01:19 . 2010-04-07 20:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-13 01:19 . 2010-04-07 20:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-12 21:35 . 2008-10-23 17:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TechSmith
2010-08-12 16:07 . 2008-09-08 11:33 79136 -c--a-w- c:\documents and settings\Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 15:02 . 2010-06-22 20:07 -------- d-----w- c:\program files\DivX
2010-08-12 15:02 . 2010-06-22 20:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DivX
2010-08-11 14:07 . 2010-04-08 18:23 99 ----a-w- c:\documents and settings\Computer\jagex_runescape_preferences2.dat
2010-08-11 14:06 . 2010-04-08 18:22 46 ----a-w- c:\documents and settings\Computer\jagex_runescape_preferences.dat
2010-08-11 14:04 . 2010-04-08 18:23 41 ----a-w- c:\documents and settings\Computer\jagex__preferences3.dat
2010-08-05 03:58 . 2010-08-05 03:58 24576 ----a-w- c:\windows\Fonts\Lcd32.fon
2010-08-05 00:52 . 2010-03-31 17:40 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-08-04 12:51 . 2010-05-29 12:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 12:46 . 2001-09-07 10:00 548398 ----a-w- c:\windows\system32\perfh013.dat
2010-08-04 12:46 . 2001-09-07 10:00 106586 ----a-w- c:\windows\system32\perfc013.dat
2010-08-02 14:15 . 2009-02-04 17:48 -------- d-----w- c:\documents and settings\Computer\Application Data\Apple Computer
2010-08-02 13:54 . 2009-01-06 19:32 -------- d-----w- c:\program files\Google
2010-07-30 10:40 . 2010-04-05 13:44 -------- d-----w- c:\program files\VSTplugins
2010-07-06 12:29 . 2010-06-22 20:11 -------- d-----w- c:\documents and settings\Computer\Application Data\DivX
2010-07-06 11:49 . 2010-04-07 20:10 -------- d-----w- c:\program files\Java
2010-06-30 12:33 . 2004-08-03 23:03 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 15:04 . 2004-08-03 23:03 219136 ----a-w- c:\windows\system32\uxtheme.dll
2010-06-29 15:03 . 2010-06-29 15:03 77824 ----a-w- c:\windows\SkycarUninstall.exe
2010-06-29 13:15 . 2010-06-29 13:15 2568656 ----a-w- c:\documents and settings\Computer\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-06-26 17:32 . 2010-06-26 17:32 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-26 15:56 . 2010-06-26 15:56 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 15:56 . 2010-06-26 15:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
2010-06-24 12:27 . 2004-08-03 23:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-03 22:56 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 20:09 . 2010-06-22 20:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-03 23:03 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-09-08 11:24 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-03 23:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01 . 2010-06-22 20:10 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-06-22 20:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2010-04-01 21:47 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-04-01 21:47 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-04-01 21:47 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 13:41 . 2010-06-09 13:41 84480 -c--a-w- c:\documents and settings\Computer\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-06-03 06:42 . 2010-04-07 20:28 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 13:59 . 2009-01-11 15:38 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-30 13:59 . 2009-01-11 15:38 214816 -c--a-w- c:\windows\system32\PnkBstrB.exe
2010-05-29 12:41 . 2009-01-11 15:38 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-25 16:21 . 2010-05-25 16:21 503808 -c--a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-594fb6f2-n\msvcp71.dll
2010-05-25 16:21 . 2010-05-25 16:21 499712 -c--a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-594fb6f2-n\jmc.dll
2010-05-25 16:21 . 2010-05-25 16:21 348160 -c--a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-594fb6f2-n\msvcr71.dll
2010-05-25 16:21 . 2010-05-25 16:21 61440 -c--a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1af49e08-n\decora-sse.dll
2010-05-25 16:21 . 2010-05-25 16:21 12800 -c--a-w- c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1af49e08-n\decora-d3d.dll
2010-05-19 20:59 . 2010-05-19 20:59 150528 ----a-w- c:\windows\system32\mkx.dll
2010-05-19 20:59 . 2010-05-19 20:59 109568 ----a-w- c:\windows\system32\avi.dll
2010-05-19 20:59 . 2010-05-19 20:59 141824 ----a-w- c:\windows\system32\mp4.dll
2010-05-19 20:58 . 2010-05-19 20:58 123392 ----a-w- c:\windows\system32\ogm.dll
2010-05-19 20:58 . 2010-05-19 20:58 113152 ----a-w- c:\windows\system32\dsmux.exe
2010-05-19 20:58 . 2010-05-19 20:58 154112 ----a-w- c:\windows\system32\ts.dll
2010-05-19 20:58 . 2010-05-19 20:58 249856 ----a-w- c:\windows\system32\dxr.dll
2010-05-19 20:57 . 2010-05-19 20:57 97792 ----a-w- c:\windows\system32\avs.dll
2010-05-19 20:57 . 2010-05-19 20:57 137728 ----a-w- c:\windows\system32\mkv2vfr.exe
2010-05-19 20:57 . 2010-05-19 20:57 93184 ----a-w- c:\windows\system32\avss.dll
2010-05-19 20:57 . 2010-05-19 20:57 358400 ----a-w- c:\windows\system32\gdsmux.exe
2010-05-19 20:55 . 2010-05-19 20:55 80384 ----a-w- c:\windows\system32\mkzlib.dll
2010-05-19 20:55 . 2010-05-19 20:55 24576 ----a-w- c:\windows\system32\mkunicode.dll
2009-04-09 20:47 . 2010-04-05 13:44 5 -c--a-w- c:\program files\thumbsfiles56.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-07 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-19 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-13 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\docume~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-29 813584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:thenoobscape.no-ip.org

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7-4-2010 22:28 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7-4-2010 22:28 243024]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [5-8-2010 6:40 3026]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [13-8-2010 3:16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [13-8-2010 3:16 308136]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [29-5-2010 14:10 10384]
R2 MySQL51;MySQL51;"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\program files\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\program files\MySQL\MySQL Server 5.1\bin\mysqld [?]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [24-10-2008 10:37 4096]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [27-3-2010 18:25 352256]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [27-3-2010 18:25 33792]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9-11-2009 19:12 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate1ca0ac891a74178;Google Updateservice (gupdate1ca0ac891a74178);c:\program files\Google\Update\GoogleUpdate.exe [6-4-2010 21:08 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18-12-2009 10:58 11336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\Computer\LOCALS~1\Temp\RarSFX0\kerneld.wnt --> c:\docume~1\Computer\LOCALS~1\Temp\RarSFX0\kerneld.wnt [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15-8-2010 1:41 38224]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [24-2-2005 12:29 162176]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-6-2010 17:56 697328]
.
Inhoud van de 'Gedeelde Taken' map

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2010-04-05 10:34]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 19:08]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 19:08]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-682003330-1003Core.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-07 15:19]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1801674531-682003330-1003UA.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-07 15:19]

2010-08-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-08-15 c:\windows\Tasks\User_Feed_Synchronization-{F123B0C5-5905-45FB-8C7E-10414275BF04}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.kudsite.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Computer\Application Data\Mozilla\Firefox\Profiles\wu2ebr9w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/firefox?client=firefox-a&rls=org.mozilla:nl:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-fbyytdyg - c:\documents and settings\Computer\Local Settings\Application Data\dkuqdabvj\nsuwdjqshdw.exe
HKCU-Run-auqoxulv - c:\documents and settings\Computer\Local Settings\Application Data\bmopddcas\nqirxutshdw.exe
HKLM-Run-sta - jmgap.dll
HKLM-Run-fbyytdyg - c:\documents and settings\Computer\Local Settings\Application Data\dkuqdabvj\nsuwdjqshdw.exe
HKLM-Run-auqoxulv - c:\documents and settings\Computer\Local Settings\Application Data\bmopddcas\nqirxutshdw.exe
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe
AddRemove-InstallShield_{C4EE60C6-515F-4BAE-AB76-2D54DBC0875D} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-{26D5F6FC-FB4F-4B5C-944A-49C791F76D5C} - c:\documents and settings\Computer\Local Settings\Application Data\{65C494FD-F80E-4C08-992C-E580BDA48D2D}\BB FlashBack.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 15:27
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85DB2EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7747f28
\Driver\ACPI -> ACPI.sys @ 0xf76b9cb8
\Driver\atapi -> atapi.sys @ 0xf764b852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\docume~1\Computer\LOCALS~1\Temp\RarSFX0\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1801674531-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{31B5E7C4-25B2-88E1-F63A-837A20D97D6D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naklofnibmpnoaajmjciehngfnln"=hex:6b,61,6e,64,63,66,61,6d,6b,6a,68,70,66,61,
66,6f,6a,6a,63,63,62,62,00,00
"mailiinenijdpkmmidkdcnoeme"=hex:6b,61,6e,64,63,66,61,6d,6b,6a,68,70,66,61,66,
6f,6a,6a,63,63,62,62,00,00

[HKEY_USERS\S-1-5-21-1644491937-1801674531-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32BEC961-B6A8-C13A-9416-93C012EA8BA2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaejbajlehkbdjcehl"=hex:6a,61,69,6f,6f,6d,63,61,64,6b,67,62,61,6e,68,65,65,69,
6d,67,00,00
"haollljenfhplioo"=hex:6a,61,69,6f,6f,6d,63,61,64,6b,67,62,61,6e,68,65,65,69,
6d,67,00,1f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2756)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Voltooingstijd: 2010-08-15 15:34:59 - machine werd herstart
ComboFix-quarantined-files.txt 2010-08-15 13:34

Pre-Run: 30.226.239.488 bytes beschikbaar
Post-Run: 30.135.697.408 bytes beschikbaar

- - End Of File - - 05D6B40131F1E3AC813FE91477B69DB4
 
Systeemherstel uitschakelen in XP;
Windowstoets+ Pause/Break-toets
tab "Systeemherstel"
aanvinken: Systeemherstel op alle stations uitschakelen" o.i.d.
herstarten en dan weer inschakelen en evt. handmatig een nieuw herstelpunt maken.
Dat van die waarschuwing,ja de GenuineAdvantageFix is blijkbaar ook verwijderd daar kan ik niet meer over zeggen.Als je de installatie zelf hebt gedaan zul je wel weten wat ik bedoel.
Maar zoals ik begrijp werkt nu weer alles normaal?
 
Laatst bewerkt:
Heb ik gedaan. Ik word nu dood gegooid met de melding dat ik mogelijk de dupe ben geworden van softwarevervalsing. Is m'n computer nu helemaal in orde? En wat doe ik met Bittorrent? Daarin had ik de torrent gezet die dus mogelijk het virus heeft veroorzaakt.
 
Je pc is nu blijkbaar OK. De map waar die torrent in staat leegmaken en evt.downloads ook.
In het vervolg alle downloads evt. handmatig goed laten scannen door een goede virusscanner en eerst de reviews doorlezen v.d. torrents die je downloadt.
 
Toen ik met Total Commander zocht naar de torrent (en dus de map waar hij in staat) ging mozilla firefox direct naar een "Gerapporteerde aanvalsite" Ik heb toen onmiddelijk alles met Bittorrent verwijderd, moet ik nu nog iets doen?
 
Excuus! Vraag is nog niet opgelost! Is ook weer aangepast.

Ik heb de meldingen dat mijn windows niet legaal is weg kunnen krijgen, maar ik heb het idee dat het virus nog niet weg is. Nu gaat Internet Explorer af en toe plotseling aan en naar een 'not found' pagina en AVG meldde dat er weer 3 mappen infected waren, hoe krijg ik het virus volledig en voor goed weg?!
 
Laatst bewerkt:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:17:24, on 15-8-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Nqyzaa.exe
C:\DOCUME~1\Computer\LOCALS~1\Temp\Nxe.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kudsite.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33171&LegitCheckError=3
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [muBlinder] c:\Documents and Settings\Computer\Local Settings\Temp\Tijdelijke map 1 voor muBlinder-1.zip\muBlinder.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ZE18MW23GY] C:\DOCUME~1\Computer\LOCALS~1\Temp\Nxe.exe
O4 - HKCU\..\Run: [Dtoqe] rundll32.exe "C:\WINDOWS\kcrtltl.dll",Startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate1ca0ac891a74178) (gupdate1ca0ac891a74178) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8017 bytes
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan