Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

win32/cryptor virus

juisterr
7 antwoorden
  • Beste allemaal,

    Wie kan mij helpen ik heb een probleem met mijn laptop, ik heb avg als virusscanner. Die heeft een virus gevonden genaamd win32/cryptor, deze kan ik nier verwijderen met mijn AVG. Nu ben ik al wat aan het googlen geweest en heb Hijackthis gedownload en deze mijn computer laten scannen, kan iemand mij vertellen wat de volgende stap is??????

    Hierbij de uitkomst van Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:00:09, on 3-5-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers
    tndis.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32
    tos.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe


    End of file - 4347 bytes

    alvast bedankt

  • Download [b:805fc226d6] naar je Bureaublad.
    [list:805fc226d6]Dubbelklik om uit te pakken naar een eigen map met de naam
  • Beste,

    bedankt voor je snelle reactie.

    Hier het sdfix rapp.:

    [b:7e504c8393]SDFix: Version 1.240 [/b:7e504c8393]
    Run by Administrator on wo 06-05-2009 at 19:30

    Microsoft Windows XP [versie 5.1.2600]
    Running From: C:\SDFix

    [b:7e504c8393]Checking Services [/b:7e504c8393]:


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    [b:7e504c8393]Checking Files [/b:7e504c8393]:

    Trojan Files Found:

    C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
    C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted



    Folder C:\Documents and Settings\LocalService\Application Data\wsnpoem - Removed
    Folder C:\Documents and Settings\NetworkService\Application Data\wsnpoem - Removed


    Removing Temp Files

    [b:7e504c8393]ADS Check [/b:7e504c8393]:



    [b:7e504c8393]Final Check [/b:7e504c8393]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-06 19:37:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden services & system hive …

    disk error: C:\WINDOWS\system32\config\system, 1381
    scanning hidden registry entries …

    disk error: C:\WINDOWS\system32\config\software, 1381
    disk error: C:\Documents and Settings\XP
    tuser.dat, 1381
    scanning hidden files …

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    [b:7e504c8393]Remaining Services [/b:7e504c8393]:




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\DOCUME~1\\XP\\LOCALS~1\\Temp\\ie1629.tmp"="C:\\DOCUME~1\\XP\\LOCALS~1\\Temp\\ie1629.tmp:*:Enabled:Control"
    "C:\\WINDOWS\\system32\\drivers\
    tndis.exe"="C:\\WINDOWS\\system32\\drivers\
    tndis.exe:*:Enabled:Control"
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [b:7e504c8393]Remaining Files [/b:7e504c8393]:


    File Backups: - C:\SDFix\backups\backups.zip

    [b:7e504c8393]Files with Hidden Attributes [/b:7e504c8393]:


    [b:7e504c8393]Finished![/b:7e504c8393]

    hierbij het hjt logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:46:16, on 6-5-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\irftp.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32
    tos.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe


    End of file - 4214 bytes


    alvast bedankt

    Nico




  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:92f1f033ac]
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32
    tos.exe,

    [/b:92f1f033ac]
    Klik op 'Fix checked' om de items te verwijderen.


    Download [b:92f1f033ac] en sla het op je bureaublad op.
    Dubbelklik op [b:92f1f033ac]mbam-setup.exe[/b:92f1f033ac] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:92f1f033ac]
    [*:92f1f033ac]Update MalwareBytes' Anti-Malware
    [*:92f1f033ac]Start MalwareBytes' Anti-Malware
    [/list:u:92f1f033ac]Klik daarna op "[b:92f1f033ac]Voltooien[/b:92f1f033ac]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:92f1f033ac]
    [*:92f1f033ac]Zodra het programma gestart is, ga dan naar het tabblad "[b:92f1f033ac]Instellingen[/b:92f1f033ac]".
    [*:92f1f033ac]Vink hier aan: "[b:92f1f033ac]Sluit Internet Explorer tijdens verwijdering van malware[/b:92f1f033ac]".
    [*:92f1f033ac]Ga daarna naar het tabblad "[b:92f1f033ac]Scanner[/b:92f1f033ac]", kies hier voor "[b:92f1f033ac]Snelle Scan[/b:92f1f033ac]".
    [*:92f1f033ac]Druk vervolgens op "[b:92f1f033ac]Scannen[/b:92f1f033ac]" om de scan te starten.
    [*:92f1f033ac]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:92f1f033ac]Wanneer de scan voltooid is, klik op [b:92f1f033ac]OK[/b:92f1f033ac], daarna "[b:92f1f033ac]Bekijk Resultaten[/b:92f1f033ac]" om de resultaten te zien.
    [*:92f1f033ac]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:92f1f033ac]Verwijder geselecteerde[/b:92f1f033ac]".
    [*:92f1f033ac]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:92f1f033ac]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:92f1f033ac]Logs[/b:92f1f033ac]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis.
  • Beste,

    Ik heb boverstaande bestand verwijderd maar kan malwarebytes niet openen, deze wordt waarschijnlijk door de virus geblokeerd.

    wat hier aan te doen?

    groeten

    Nico
  • Download [b:483560225a] naar je Bureaublad en gebruik het volgens deze handleiding.

    [i:483560225a]
  • Beste,

    Hierbij het blogje van Combo fix:

    ComboFix 09-05-15.08 - XP 16-05-2009 17:30:56.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.255.39 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\XP\Bureaublad\ComboFix2.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\LocalService\Application Data\wsnpoem
    C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
    C:\WINDOWS\system32\drivers\UACsvstdwew.sys
    C:\WINDOWS\system32
    tos.exe
    C:\WINDOWS\system32\uacinit.dll
    C:\WINDOWS\system32\UACmusiengs.dat
    C:\WINDOWS\system32\UACqomemkhi.dll
    C:\WINDOWS\system32\UACtoojutoq.log
    C:\WINDOWS\system32\UACuivbwhdl.dll
    C:\WINDOWS\system32\UACwqfqxvfo.log
    C:\WINDOWS\system32\UACxfpfyxoe.dll
    C:\WINDOWS\system32\UACxrevxdci.dll
    C:\WINDOWS\system32\UACxvpwmtag.dll
    C:\WINDOWS\system32\UACxwbuqflu.log
    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\wsnpoem\audio.dll
    C:\WINDOWS\system32\wsnpoem\video.dll

    —– BITS: Mogelijk geïnfecteerde sites —–

    hxxp://apexsearchgroup.info
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_UACd.sys


    (((((((((((((((((((( Bestanden Gemaakt van 2009-04-16 to 2009-05-16 ))))))))))))))))))))))))))))))
    .

    2009-05-12 13:57:20 . 2009-05-16 15:03:03 0 d–h–r C:\Documents and Settings\XP\Onlangs geopend
    2009-05-07 16:34:08 . 2009-04-06 13:32:46 15504 —-a-w C:\WINDOWS\system32\drivers\mbam.sys
    2009-05-07 16:34:05 . 2009-04-06 13:32:54 38496 —-a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2009-05-07 16:34:03 . 2009-05-07 16:34:03 0 d—–w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-05-07 16:34:03 . 2009-05-07 16:34:11 0 d—–w C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-06 17:26:32 . 2009-05-06 17:26:39 0 d—–w C:\WINDOWS\ERUNT
    2009-05-06 17:22:43 . 2009-05-06 17:37:55 0 d—–w C:\SDFix
    2009-05-03 12:57:18 . 2009-05-03 12:57:18 0 d—–w C:\Program Files\Trend Micro
    2009-05-03 09:38:14 . 2009-05-03 09:38:17 0 d—–w C:\Program Files\CCleaner
    2009-05-03 09:01:20 . 2009-05-03 09:01:20 0 d—–w C:\WINDOWS\Downloaded Installations
    2009-05-02 19:40:04 . 2009-05-16 10:08:41 0 d–h–w C:\$AVG8.VAULT$
    2009-05-02 19:36:32 . 2009-05-02 19:36:32 11952 —-a-w C:\WINDOWS\system32\avgrsstx.dll
    2009-05-02 19:36:31 . 2009-05-02 19:36:31 108552 —-a-w C:\WINDOWS\system32\drivers\avgtdix.sys
    2009-05-02 19:36:22 . 2009-05-02 19:36:23 325896 —-a-w C:\WINDOWS\system32\drivers\avgldx86.sys
    2009-05-02 19:36:08 . 2009-05-16 08:49:55 0 d—–w C:\WINDOWS\system32\drivers\Avg
    2009-05-02 19:36:07 . 2009-05-02 19:41:22 0 d—–w C:\Documents and Settings\XP\Application Data\AVGTOOLBAR
    2009-05-02 19:02:34 . 2009-05-02 19:02:35 0 d—–w C:\Documents and Settings\All Users\Application Data\SITEguard
    2009-05-02 19:01:08 . 2009-05-02 19:01:08 0 d—–w C:\Program Files\Common Files\iS3
    2009-05-02 19:01:08 . 2009-05-02 19:13:25 0 d—–w C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2009-05-02 14:56:50 . 2009-05-02 14:56:50 61440 —-a-w C:\WINDOWS\system32\drivers\swhItwfy.sys
    2009-05-02 14:38:14 . 2009-05-02 14:38:14 61440 —-a-w C:\WINDOWS\system32\drivers\olIvplhb.sys
    2009-05-01 23:19:14 . 2009-05-01 23:19:14 0 d—–w C:\Program Files\AVG
    2009-05-01 23:19:14 . 2009-05-16 15:17:30 0 d—–w C:\Documents and Settings\All Users\Application Data\avg8
    2009-05-01 22:46:01 . 2009-05-01 22:46:01 0 d—–w C:\Documents and Settings\All Users\Application Data\ESET
    2009-05-01 22:21:39 . 2009-05-01 22:57:09 0 d—–w C:\Program Files\ESET

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-02 19:10:16 . 2009-05-02 19:10:16 344 —-a-w C:\WINDOWS\system32\drivers\kgpcpy.cfg
    2009-05-02 19:07:27 . 2006-03-02 12:00:00 24576 —-a-w C:\WINDOWS\system32\userinit.exe
    2009-03-29 12:07:07 . 2006-03-02 12:00:00 53850 —-a-w C:\WINDOWS\system32\perfc013.dat
    2009-03-29 12:07:07 . 2006-03-02 12:00:00 364882 —-a-w C:\WINDOWS\system32\perfh013.dat
    .

    ——- Sigcheck ——-

    [-] 2008-10-07 14:06:45 504832 7BBA4CA9E82794985AFFF1D487A42B40 C:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:15:40 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 00:38:00 34672]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 08:50:42 155648]
    "Conceptronic Conceptronic 54Mbps Wireless Utility"="C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe" [2007-01-19 11:06:32 950272]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 09:49:04 49152]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-05-02 19:35:52 1947928]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 12:00:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-05-02 19:36:32 11952 —-a-w C:\WINDOWS\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [2-5-2009 21:36:22 325896]
    R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [2-5-2009 21:36:31 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2-5-2009 21:35:52 908568]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2-5-2009 21:35:51 298776]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-SITEguard - (no file)


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://www.cooxer.com/
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.