Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Win32/Cryptor

None
13 antwoorden
  • Beste lezer,
    ik heb sinds gisteren het Cryptor-virus op mijn laptop en wil er graag vanaf. Ik heb eerdere posts over dit virus gelezen, maar aangezien ik niet echt heel veel verstand heb van computers en nog minder van virussen, heb ik niet echt een idee wat ik hier moet posten.

    AVG geeft me de melding (bij het opstarten van Firefox):
    threat detected!
    File name:
    C:\\Windows\System32\gaopdxpexplvptyipmephihoxctyreecykjppq.dll

    threat name: Virus identified Win32/Cryptor
    Detected on open.

    Als ik het bestand wil verwijderen krijg ik eerst pop-ups of ik dat wel zeker weet, want het kan een crash veroorzaken, maar ook al klik ik op ja, wordt het bestand niet verwijderd. Wat wel gebeurt is dat mn pc vastloopt, maar is dan ook alles.

    Ik hoop dat iemand me kan helpen, want ik heb geen flauw idee wat ik hiermee aan moet.
    Zoals ik zei, weet ik ook niet wat ik hier moet posten, dus dat hoor ik graag.

    Alvast enorm bedankt, Marloes
  • Als je even googled naar win32/cryptor zie je allerlei oplossingen. :o
  • Download [b:9c722940f5]HiJackThis[/b:9c722940f5]

    Dubbelklik op HJTInstall.exe
    Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Klik op "Do a systemscan and save a logfile". en hang dit logje aan je volgende bericht.

    NB. Ben je een gebruiker van Windows Vista dan moet je eerst rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".
  • Allereerst super bedankt voor je antwoord!
    Hier is het logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:44:51, on 20-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.nl/s/v/39.22/uploader2.cab
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4D44CE-3BB9-4CAB-A741-F88AF595B976}: NameServer = 85.255.112.8,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF016CB-3B72-40D2-9F2D-EEF897070E2F}: NameServer = 85.255.112.8,85.255.112.156
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.8,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.8,85.255.112.156
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 11115 bytes
  • Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

    [b:d8397ac5a4]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4D44CE-3BB9-4CAB-A741-F88AF595B976}: NameServer = 85.255.112.8,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF016CB-3B72-40D2-9F2D-EEF897070E2F}: NameServer = 85.255.112.8,85.255.112.156
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.8,85.255.112.156
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.8,85.255.112.156
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL[/b:d8397ac5a4]

    Klik op 'Fix checked' om de items te verwijderen.

    Open kladblok en plak volgende vetgedrukte tekst in een leeg venster:

    [b:d8397ac5a4]REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"="avgrsstx.dll" [/b:d8397ac5a4]

    Sla dit op, op je Bureaublad als regfix.reg, met als type "alle bestanden"
    Dubbelklik op regfix.reg en sta het toevoegen aan het register toe.

    Download [b:d8397ac5a4]MBAM (Malwarebytes' Anti-Malware).[/b:d8397ac5a4]

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
    De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
    Daarna zal het vragen om de computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.

    Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.
  • Hmm.. ik heb alles gedaan tot aan
    'Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien". '

    Dan probeer ik MBAM te starten, maar er gebeurt niks. Windows vraagt of ik wil doorgaan met het starten van de applicatie (of iets in die trant) en ik klik keurig op 'ja', maar er gebeurt niks..

    Suggesties over wat ik verkeerd heb gedaan of wat er anders kan/moet?
  • Geef het bestand MBAM.exe van Malwarebytes eens een andere naam bvb. scan.exe en probeer dan eens of het nu wel opstart ?
  • Hmm.. nee, werkt ook niet. Ik heb het .exe bestand de naam scan.exe gegeven, dat lukt, maar het zorgt er niet voor dat het programma nu wel opgestart wordt.. Ik krijg de melding:

    "Malwarebytes' Anti-Malware werkt niet meer
    Er is een probleem opgetreden waardoor het programma niet goed meer werkt. Het programma wordt gesloten en u krijgt een melding als een oplossing beschikbaar is." En dan moet ik klikken op 'programma afsluiten'

    Andere toepassingen van MBAM, zoals de guide, werken trouwens ook niet. Tekstbestanden daarentegen doen het wel gewoon.

    Zijn er andere dingen die ik nog kan proberen?
  • Download [b:51fcd421dc]Combofix[/color:51fcd421dc][/b:51fcd421dc] naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:51fcd421dc]download Combofix opnieuw[/b:51fcd421dc].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:51fcd421dc]
    Dubbelklik op [b:51fcd421dc]Combofix.exe[/b:51fcd421dc] om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op [b:51fcd421dc]Ja[/b:51fcd421dc] te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:51fcd421dc]JA[/b:51fcd421dc] te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op [b:51fcd421dc]OK[/b:51fcd421dc] en [b:51fcd421dc]Ja[/b:51fcd421dc] om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op [b:51fcd421dc]Ja[/b:51fcd421dc] om het scannen op malware te starten.
    Tijdens het runnen van de fix, [b:51fcd421dc]NIET[/b:51fcd421dc] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:51fcd421dc]
    Wanneer de fix voltooid is en na herstart, zal de log [b:51fcd421dc]Combofix.txt[/b:51fcd421dc] openen.

    Post dit logje in je volgende antwoord.
  • ComboFix 09-03-19.02 - Marloes 2009-03-22 11:19:20.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1013.314 [GMT 1:00]
    Gestart vanuit: c:\users\Marloes\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    c:\program files\Mozilla Firefox\plugins
    pclntax_ZangoSA.dll
    c:\program files\ShoppingReport
    c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    c:\programdata\ZangoSA
    c:\programdata\ZangoSA\ZangoSA.dat
    c:\programdata\ZangoSA\ZangoSA_kyf.dat
    c:\programdata\ZangoSA\ZangoSAAbout.mht
    c:\programdata\ZangoSA\ZangoSAau.dat
    c:\programdata\ZangoSA\ZangoSAEula.mht
    c:\recycler\S-7-7-80-100004771-100009543-100006648-2484.com
    c:\users\Marloes\AppData\Roaming\WeatherDPA
    c:\users\Marloes\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
    c:\users\Marloes\AppData\Roaming\Zango
    c:\users\Marloes\FAVORI~1\Online Security Test.url
    c:\users\Marloes\Favorites\Online Security Test.url
    c:\windows\system32\drivers\gaopdxbxrrqmoqvrwdtndtyqhijmtpqrwbftxf.sys
    c:\windows\system32\gaopdxpexplvptyipmephihoxctyreecykjppq.dll
    c:\windows\system32\lsprst7.dll
    c:\windows\system32\prsgrc.dll
    D:\Autorun.inf
    d:\recycler\S-7-7-80-100004771-100009543-100006648-2484.com

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_gaopdxserv.sys


    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-22 to 2009-03-22 ))))))))))))))))))))))))))))))
    .

    2009-03-21 00:52 . 2009-03-21 00:52 <DIR> d——– c:\users\All Users\Malwarebytes
    2009-03-21 00:52 . 2009-03-21 00:52 <DIR> d——– c:\programdata\Malwarebytes
    2009-03-21 00:52 . 2009-02-11 10:19 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
    2009-03-21 00:52 . 2009-02-11 10:19 15,504 –a—— c:\windows\System32\drivers\mbam.sys
    2009-03-21 00:51 . 2009-03-22 00:53 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-03-20 12:43 . 2009-03-20 12:43 <DIR> d——– c:\users\Gast
    2009-03-20 12:43 . 2009-03-20 12:43 <DIR> d——– c:\program files\Trend Micro
    2009-03-17 16:54 . 2009-03-17 16:54 <DIR> d——– c:\windows\Downloaded Installations
    2009-03-16 20:56 . 2009-03-18 14:00 <DIR> d——– c:\users\Marloes\AppData\Roaming\uTorrent
    2009-03-16 20:56 . 2009-03-16 20:56 <DIR> d——– c:\program files\uTorrent
    2009-03-16 20:37 . 2009-03-16 20:37 <DIR> d——– c:\program files\SPSSInc
    2009-03-11 00:03 . 2009-02-09 04:10 2,033,152 –a—— c:\windows\System32\win32k.sys
    2009-03-11 00:02 . 2008-12-16 04:29 8,147,456 –a—— c:\windows\System32\wmploc.DLL
    2009-03-11 00:02 . 2008-11-27 05:43 268,288 –a—— c:\windows\System32\schannel.dll
    2009-03-11 00:02 . 2008-12-16 06:31 7,680 –a—— c:\windows\System32\spwmp.dll
    2009-03-11 00:02 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\msdxm.ocx
    2009-03-11 00:02 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\dxmasf.dll
    2009-03-09 14:44 . 2009-03-21 00:45 <DIR> d——– c:\users\Marloes\Tracing
    2009-03-09 14:25 . 2009-03-09 14:25 <DIR> d——– c:\program files\Windows Live SkyDrive
    2009-03-09 14:25 . 2009-03-09 14:25 <DIR> d——– c:\program files\Microsoft
    2009-03-09 14:20 . 2009-03-09 14:20 <DIR> d——– c:\program files\Common Files\Windows Live

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-19 23:07 ——— d—–w c:\users\Marloes\AppData\Roaming\Skype
    2009-03-19 23:01 ——— d—–w c:\users\Marloes\AppData\Roaming\skypePM
    2009-03-17 16:42 ——— d—–w c:\program files\Common Files\SPSS
    2009-03-14 15:48 ——— d—–w c:\program files\Windows Mail
    2009-03-14 01:05 ——— d—–w c:\programdata\Microsoft Help
    2009-03-09 13:24 ——— d—–w c:\program files\Windows Live
    2009-02-26 11:01 ——— d—–w c:\program files\Microsoft Silverlight
    2009-02-20 11:50 ——— d—–w c:\program files\Safari
    2009-02-13 12:56 ——— d—–w c:\program files\Java
    2009-02-04 18:47 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-02-04 18:47 ——— d—–w c:\program files\Avanquest update
    2009-02-04 12:43 ——— d—–w c:\programdata\avg8
    2009-02-04 12:42 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-24 16:08 56 —ha-w c:\users\All Users\ezsidmv.dat
    2009-01-24 16:08 56 —ha-w c:\programdata\ezsidmv.dat
    2009-01-24 15:19 ——— d—–w c:\programdata\Skype
    2009-01-24 15:19 ——— d—–w c:\program files\Skype
    2009-01-24 15:19 ——— d—–w c:\program files\Common Files\Skype
    2009-01-24 10:37 ——— d—–w c:\users\Marloes\AppData\Roaming\Van Dale
    2009-01-24 10:35 ——— d—–w c:\program files\Van Dale
    2009-01-22 15:07 9 —-a-w c:\users\Marloes\AppData\Roaming\mdb.bin
    2008-10-28 14:26 174 –sha-w c:\program files\desktop.ini
    2008-03-26 16:53 310 —-a-w c:\users\Marloes\AppData\Roaming\wklnhst.dat
    2008-03-10 14:16 59,163,944 —-a-w c:\users\Marloes\iTunesSetup.exe
    2008-12-15 19:38 122,880 —-a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2008-07-14 20:42 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-07-14 20:42 32,768 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-07-14 20:42 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-08 393216]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-13 148888]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 29744]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

    c:\users\Marloes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)
    "DefaultOutboundAction"= 0 (0x0)
    "DefaultInboundAction"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1124E437-7522-43D4-B470-A525A51BE4AD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
    "{E654DDF3-5A8C-4BD1-BD84-F59B42278E57}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
    "{04C70ABC-FDB5-4E21-9BE6-FAF9F9C70CF5}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{6E2E838A-880C-4DF0-A4E2-0EB028A279A6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{48387A30-4BD5-4DD0-8559-4A4373FB5CC3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{09821BB7-EE90-4714-9C28-10E6B2AC27C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{7F986E89-225D-4EA6-AA6E-12ECA0993252}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{49E1204C-A833-430E-AE9E-08F7F849C737}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{396D8A8C-58DB-4837-9D5C-2D567AE218DF}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{BFF52246-91CC-4400-AF0F-73629C35E27D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{CD282B5F-51C8-46B3-8E5E-9509D7E7C92F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{6279B854-FB66-4173-A1AD-E24BDF6223AD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{EDF243F3-8F32-4C64-ACC4-0BA83D67F742}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{B35FAB0C-FFAA-4C35-91E3-DFAA98E74399}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{CE2E0055-CA27-4786-9742-967CF7070746}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{EA37FB20-4258-455B-A2EB-E6FEAA9BBCAD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{D643713D-43EE-4EA9-9A9F-9EDCA020888D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{A003EB5A-E6EE-427D-9D61-BD8E84ABC7A4}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{EB63B3B9-428F-4ED8-8958-7CBFD8054D68}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
    "{6C27AF12-E3B6-4724-BCA2-354FF9A56B00}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
    "{2CD95910-277B-4CB4-AD4C-4E463BCF5853}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
    "{602B1990-0285-41DD-A5D4-2719C1D1FEF2}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
    "{A285A661-B130-4F0C-879F-AE95C2C52969}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
    "{89B10C46-A658-4A7D-A0A5-4AD49BCB7B29}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
    "{26577260-7B7E-492D-A2E6-2D35CD57AA52}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{B7631719-45BC-428C-A772-E23DDBB33249}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{3C0424A5-D0B4-4C74-8F8F-D9FA95EB5378}c:\\users\\marloes\\desktop\\utorrent.exe"= UDP:c:\users\marloes\desktop\utorrent.exe:utorrent.exe
    "UDP Query User{3C2C9308-731A-4DC6-A12A-351155B46699}c:\\users\\marloes\\desktop\\utorrent.exe"= TCP:c:\users\marloes\desktop\utorrent.exe:utorrent.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-06-28 325128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-03-03 73728]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-28 298264]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-03-04 111104]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-03 29744]
    S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\System32\drivers\vmcam323av.sys [2009-01-19 232960]
    S3 vvftav323;vvftav323;c:\windows\System32\drivers\vvftav323.sys [2009-01-19 475136]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce73b87-728a-11dd-9bf9-001d0941f9a4}]
    \shell\AutoRun\command - G:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c01422-eeb5-11dc-a414-001d0941f9a4}]
    \shell\AutoRun\command - G:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2a120e-4529-11dd-a14f-001d0941f9a4}]
    \shell\AutoRun\command - G:\setupSNK.exe
    .
    .
    ——- Bijkomende Scan ——-
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\users\Marloes\AppData\Roaming\Mozilla\Firefox\Profiles\vo3ctwe2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com
    esults.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com
    esults.aspx?FORM=IEFM1&q=
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\program files\Google\Picasa3
    pPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pzylomgamesplayer.dll
    FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer
    pzylomgamesplayer.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-22 11:26:32
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden:

    **************************************************************************
    .
    Voltooingstijd: 2009-03-22 11:30:23
    ComboFix-quarantined-files.txt 2009-03-22 10:30:19

    Pre-Run: 54,276,186,112 bytes beschikbaar
    Post-Run: 55,092,240,384 bytes beschikbaar

    224 — E O F — 2009-03-17 09:02:34
  • Open een kladblokbestand.

    Kopieer en plak daarin de onderstaande vetgedrukte tekst.

    [b:0c33207532]Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c01422-eeb5-11dc-a414-001d0941f9a4}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2a120e-4529-11dd-a14f-001d0941f9a4}][/b:0c33207532]

    Sla dit bestand op je bureaublad op als CFScript.txt.

    Sleep CFScript.txt in ComboFix.exe
    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

    Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

    En laat dan AVG weer eens scannen om te zien of die nog iets te vertellen heeft ?
  • ComboFix 09-03-19.02 - Marloes 2009-03-22 12:49:20.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.1013.286 [GMT 1:00]
    Gestart vanuit: c:\users\Marloes\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Marloes\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\gaopdxbxrrqmoqvrwdtndtyqhijmtpqrwbftxf.sys
    c:\windows\system32\drivers\gaopdxnvjrlxdmssenpvrenqoxstnhivuwxqth.sys
    c:\windows\system32\gaopdxcounter
    c:\windows\system32\gaopdxibhvngcncowrqxcmyqmqponwgwpqybki.dll
    c:\windows\system32\gaopdxpexplvptyipmephihoxctyreecykjppq.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_gaopdxserv.sys


    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-22 to 2009-03-22 ))))))))))))))))))))))))))))))
    .

    2009-03-21 00:52 . 2009-03-21 00:52 <DIR> d——– c:\users\All Users\Malwarebytes
    2009-03-21 00:52 . 2009-03-21 00:52 <DIR> d——– c:\programdata\Malwarebytes
    2009-03-21 00:52 . 2009-02-11 10:19 38,496 –a—— c:\windows\System32\drivers\mbamswissarmy.sys
    2009-03-21 00:52 . 2009-02-11 10:19 15,504 –a—— c:\windows\System32\drivers\mbam.sys
    2009-03-21 00:51 . 2009-03-22 00:53 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-03-20 12:43 . 2009-03-20 12:43 <DIR> d——– c:\users\Gast
    2009-03-20 12:43 . 2009-03-20 12:43 <DIR> d——– c:\program files\Trend Micro
    2009-03-17 16:54 . 2009-03-17 16:54 <DIR> d——– c:\windows\Downloaded Installations
    2009-03-16 20:56 . 2009-03-18 14:00 <DIR> d——– c:\users\Marloes\AppData\Roaming\uTorrent
    2009-03-16 20:56 . 2009-03-16 20:56 <DIR> d——– c:\program files\uTorrent
    2009-03-16 20:37 . 2009-03-16 20:37 <DIR> d——– c:\program files\SPSSInc
    2009-03-11 00:03 . 2009-02-09 04:10 2,033,152 –a—— c:\windows\System32\win32k.sys
    2009-03-11 00:02 . 2008-12-16 04:29 8,147,456 –a—— c:\windows\System32\wmploc.DLL
    2009-03-11 00:02 . 2008-11-27 05:43 268,288 –a—— c:\windows\System32\schannel.dll
    2009-03-11 00:02 . 2008-12-16 06:31 7,680 –a—— c:\windows\System32\spwmp.dll
    2009-03-11 00:02 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\msdxm.ocx
    2009-03-11 00:02 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\dxmasf.dll
    2009-03-09 14:44 . 2009-03-22 11:38 <DIR> d——– c:\users\Marloes\Tracing
    2009-03-09 14:25 . 2009-03-09 14:25 <DIR> d——– c:\program files\Windows Live SkyDrive
    2009-03-09 14:25 . 2009-03-09 14:25 <DIR> d——– c:\program files\Microsoft
    2009-03-09 14:20 . 2009-03-09 14:20 <DIR> d——– c:\program files\Common Files\Windows Live

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-19 23:07 ——— d—–w c:\users\Marloes\AppData\Roaming\Skype
    2009-03-19 23:01 ——— d—–w c:\users\Marloes\AppData\Roaming\skypePM
    2009-03-17 16:42 ——— d—–w c:\program files\Common Files\SPSS
    2009-03-14 15:48 ——— d—–w c:\program files\Windows Mail
    2009-03-14 01:05 ——— d—–w c:\programdata\Microsoft Help
    2009-03-09 13:24 ——— d—–w c:\program files\Windows Live
    2009-02-26 11:01 ——— d—–w c:\program files\Microsoft Silverlight
    2009-02-20 11:50 ——— d—–w c:\program files\Safari
    2009-02-13 12:56 410,984 —-a-w c:\windows\System32\deploytk.dll
    2009-02-13 12:56 ——— d—–w c:\program files\Java
    2009-02-06 17:52 49,504 —-a-w c:\windows\System32\sirenacm.dll
    2009-02-04 18:47 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-02-04 18:47 ——— d—–w c:\program files\Avanquest update
    2009-02-04 12:43 ——— d—–w c:\programdata\avg8
    2009-02-04 12:42 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-02-04 12:42 10,520 —-a-w c:\windows\System32\avgrsstx.dll
    2009-01-24 16:08 56 —ha-w c:\users\All Users\ezsidmv.dat
    2009-01-24 16:08 56 —ha-w c:\programdata\ezsidmv.dat
    2009-01-24 15:19 ——— d—–w c:\programdata\Skype
    2009-01-24 15:19 ——— d—–w c:\program files\Skype
    2009-01-24 15:19 ——— d—–w c:\program files\Common Files\Skype
    2009-01-24 10:37 ——— d—–w c:\users\Marloes\AppData\Roaming\Van Dale
    2009-01-24 10:35 ——— d—–w c:\program files\Van Dale
    2009-01-22 15:07 9 —-a-w c:\users\Marloes\AppData\Roaming\mdb.bin
    2009-01-15 06:11 827,392 —-a-w c:\windows\System32\wininet.dll
    2009-01-05 22:33 3,751,995 —-a-w c:\windows\System32\GPhotos.scr
    2008-10-28 14:26 174 –sha-w c:\program files\desktop.ini
    2008-03-26 16:53 310 —-a-w c:\users\Marloes\AppData\Roaming\wklnhst.dat
    2008-03-10 14:16 59,163,944 —-a-w c:\users\Marloes\iTunesSetup.exe
    2008-12-15 19:38 122,880 —-a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2008-07-14 20:42 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-07-14 20:42 32,768 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-07-14 20:42 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-22_11.28.09.38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-03-22 10:16:34 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-03-22 11:46:01 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-03-22 10:16:34 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-03-22 11:46:01 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-03-22 10:26:15 262,144 –sha-w c:\windows\ServiceProfiles\LocalService
    tuser.dat
    + 2009-03-22 11:47:46 262,144 –sha-w c:\windows\ServiceProfiles\LocalService
    tuser.dat
    + 2009-03-22 11:47:46 262,144 —ha-w c:\windows\ServiceProfiles\LocalService
    tuser.dat.LOG1
    - 2009-03-22 10:26:09 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService
    tuser.dat
    + 2009-03-22 11:47:46 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService
    tuser.dat
    + 2009-03-22 11:47:46 262,144 —ha-w c:\windows\ServiceProfiles\NetworkService
    tuser.dat.LOG1
    - 2009-03-22 10:16:52 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-22 11:46:11 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-03-22 10:16:52 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-22 11:46:11 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-03-22 10:16:52 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-22 11:46:11 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-03-22 10:20:05 9,920 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-97250841-1750991534-2131463468-1000_UserData.bin
    + 2009-03-22 11:48:57 10,110 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-97250841-1750991534-2131463468-1000_UserData.bin
    - 2009-03-22 10:20:03 75,000 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-22 11:48:57 75,032 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-08 393216]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-13 148888]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 29744]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2008-01-19 217088]

    c:\users\Marloes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)
    "DefaultOutboundAction"= 0 (0x0)
    "DefaultInboundAction"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1124E437-7522-43D4-B470-A525A51BE4AD}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
    "{E654DDF3-5A8C-4BD1-BD84-F59B42278E57}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
    "{04C70ABC-FDB5-4E21-9BE6-FAF9F9C70CF5}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
    "{6E2E838A-880C-4DF0-A4E2-0EB028A279A6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
    "{48387A30-4BD5-4DD0-8559-4A4373FB5CC3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{09821BB7-EE90-4714-9C28-10E6B2AC27C8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{7F986E89-225D-4EA6-AA6E-12ECA0993252}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{49E1204C-A833-430E-AE9E-08F7F849C737}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{396D8A8C-58DB-4837-9D5C-2D567AE218DF}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{BFF52246-91CC-4400-AF0F-73629C35E27D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{CD282B5F-51C8-46B3-8E5E-9509D7E7C92F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{6279B854-FB66-4173-A1AD-E24BDF6223AD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{EDF243F3-8F32-4C64-ACC4-0BA83D67F742}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{B35FAB0C-FFAA-4C35-91E3-DFAA98E74399}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{CE2E0055-CA27-4786-9742-967CF7070746}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{EA37FB20-4258-455B-A2EB-E6FEAA9BBCAD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{D643713D-43EE-4EA9-9A9F-9EDCA020888D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{A003EB5A-E6EE-427D-9D61-BD8E84ABC7A4}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{EB63B3B9-428F-4ED8-8958-7CBFD8054D68}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
    "{6C27AF12-E3B6-4724-BCA2-354FF9A56B00}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
    "{2CD95910-277B-4CB4-AD4C-4E463BCF5853}"= Disabled:UDP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
    "{602B1990-0285-41DD-A5D4-2719C1D1FEF2}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.com:Statistics17:com
    "{A285A661-B130-4F0C-879F-AE95C2C52969}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\statistics.exe:Statistics17:exe
    "{89B10C46-A658-4A7D-A0A5-4AD49BCB7B29}"= Disabled:TCP:c:\program files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:SPSS Basic Script Editor
    "{26577260-7B7E-492D-A2E6-2D35CD57AA52}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{B7631719-45BC-428C-A772-E23DDBB33249}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{3C0424A5-D0B4-4C74-8F8F-D9FA95EB5378}c:\\users\\marloes\\desktop\\utorrent.exe"= UDP:c:\users\marloes\desktop\utorrent.exe:utorrent.exe
    "UDP Query User{3C2C9308-731A-4DC6-A12A-351155B46699}c:\\users\\marloes\\desktop\\utorrent.exe"= TCP:c:\users\marloes\desktop\utorrent.exe:utorrent.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-06-28 325128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-03-03 73728]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-28 298264]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-03-04 111104]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-03 29744]
    S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\System32\drivers\vmcam323av.sys [2009-01-19 232960]
    S3 vvftav323;vvftav323;c:\windows\System32\drivers\vvftav323.sys [2009-01-19 475136]

    — Andere Services/Drivers In Geheugen —

    *Deregistered* - sptd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce73b87-728a-11dd-9bf9-001d0941f9a4}]
    \shell\AutoRun\command - G:\InstallTomTomHOME.exe
    .
    .
    ——- Bijkomende Scan ——-
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\users\Marloes\AppData\Roaming\Mozilla\Firefox\Profiles\vo3ctwe2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com
    esults.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com
    esults.aspx?FORM=IEFM1&q=
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\program files\Google\Picasa3
    pPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pzylomgamesplayer.dll
    FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer
    pzylomgamesplayer.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-22 12:54:29
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-03-22 13:00:04
    ComboFix-quarantined-files.txt 2009-03-22 12:00:00
    ComboFix2.txt 2009-03-22 10:30:26

    Pre-Run: 57,741,574,144 bytes beschikbaar
    Post-Run: 57,414,803,456 bytes beschikbaar

    237 — E O F — 2009-03-17 09:02:34


    Ik ben net een scan met AVG begonnen, maar dat gaat nog wel even duren :) Ik krijg iig geen meldingen meer als in Firefox opstart, dus dat is een goed teken!

    Echt enorm bedankt! Had dit nooit alleen gekund, en aangezien ik voor mn studie een halfjaar in het buitenland zit, is het ook niet zo makkelijk om hulp in te roepen. Maar gelukkig is er internet en een forum als dit! Dankjewel!
  • Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

    Verwijder Combofix: Start -> Uitvoeren en typ: [b:cb70dfe87c]combofix /u[/b:cb70dfe87c]
    Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

    Download [b:cb70dfe87c]CCleaner.[/b:cb70dfe87c]

    Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

    Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

    That's it !

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.