Vraag & Antwoord
win32/cryptor virus
7 antwoorden
- Beste allemaal,
Wie kan mij helpen ik heb een probleem met mijn laptop, ik heb avg als virusscanner. Die heeft een virus gevonden genaamd win32/cryptor, deze kan ik nier verwijderen met mijn AVG. Nu ben ik al wat aan het googlen geweest en heb Hijackthis gedownload en deze mijn computer laten scannen, kan iemand mij vertellen wat de volgende stap is??????
Hierbij de uitkomst van Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:09, on 3-5-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
–
End of file - 4347 bytes
alvast bedankt - Download [b:805fc226d6] naar je Bureaublad.
[list:805fc226d6]Dubbelklik om uit te pakken naar een eigen map met de naam - Beste,
bedankt voor je snelle reactie.
Hier het sdfix rapp.:
[b:7e504c8393]SDFix: Version 1.240 [/b:7e504c8393]
Run by Administrator on wo 06-05-2009 at 19:30
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
[b:7e504c8393]Checking Services [/b:7e504c8393]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b:7e504c8393]Checking Files [/b:7e504c8393]:
Trojan Files Found:
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll - Deleted
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll - Deleted
Folder C:\Documents and Settings\LocalService\Application Data\wsnpoem - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\wsnpoem - Removed
Removing Temp Files
[b:7e504c8393]ADS Check [/b:7e504c8393]:
[b:7e504c8393]Final Check [/b:7e504c8393]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 19:37:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden services & system hive …
disk error: C:\WINDOWS\system32\config\system, 1381
scanning hidden registry entries …
disk error: C:\WINDOWS\system32\config\software, 1381
disk error: C:\Documents and Settings\XP\ntuser.dat, 1381
scanning hidden files …
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
[b:7e504c8393]Remaining Services [/b:7e504c8393]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\DOCUME~1\\XP\\LOCALS~1\\Temp\\ie1629.tmp"="C:\\DOCUME~1\\XP\\LOCALS~1\\Temp\\ie1629.tmp:*:Enabled:Control"
"C:\\WINDOWS\\system32\\drivers\\ntndis.exe"="C:\\WINDOWS\\system32\\drivers\\ntndis.exe:*:Enabled:Control"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b:7e504c8393]Remaining Files [/b:7e504c8393]:
File Backups: - C:\SDFix\backups\backups.zip
[b:7e504c8393]Files with Hidden Attributes [/b:7e504c8393]:
[b:7e504c8393]Finished![/b:7e504c8393]
hierbij het hjt logje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:16, on 6-5-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\irftp.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
–
End of file - 4214 bytes
alvast bedankt
Nico - Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:92f1f033ac]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
[/b:92f1f033ac]
Klik op 'Fix checked' om de items te verwijderen.
Download [b:92f1f033ac] en sla het op je bureaublad op.
Dubbelklik op [b:92f1f033ac]mbam-setup.exe[/b:92f1f033ac] om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:[list:92f1f033ac]
[*:92f1f033ac]Update MalwareBytes' Anti-Malware
[*:92f1f033ac]Start MalwareBytes' Anti-Malware
[/list:u:92f1f033ac]Klik daarna op "[b:92f1f033ac]Voltooien[/b:92f1f033ac]".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:92f1f033ac]
[*:92f1f033ac]Zodra het programma gestart is, ga dan naar het tabblad "[b:92f1f033ac]Instellingen[/b:92f1f033ac]".
[*:92f1f033ac]Vink hier aan: "[b:92f1f033ac]Sluit Internet Explorer tijdens verwijdering van malware[/b:92f1f033ac]".
[*:92f1f033ac]Ga daarna naar het tabblad "[b:92f1f033ac]Scanner[/b:92f1f033ac]", kies hier voor "[b:92f1f033ac]Snelle Scan[/b:92f1f033ac]".
[*:92f1f033ac]Druk vervolgens op "[b:92f1f033ac]Scannen[/b:92f1f033ac]" om de scan te starten.
[*:92f1f033ac]Het scannen kan een tijdje duren, dus wees geduldig.
[*:92f1f033ac]Wanneer de scan voltooid is, klik op [b:92f1f033ac]OK[/b:92f1f033ac], daarna "[b:92f1f033ac]Bekijk Resultaten[/b:92f1f033ac]" om de resultaten te zien.
[*:92f1f033ac]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:92f1f033ac]Verwijder geselecteerde[/b:92f1f033ac]".
[*:92f1f033ac]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[/list:u:92f1f033ac]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:92f1f033ac]Logs[/b:92f1f033ac]" tab te klikken in het programma.
Plaats dit logje samen met een nieuw logje van HijackThis. - Beste,
Ik heb boverstaande bestand verwijderd maar kan malwarebytes niet openen, deze wordt waarschijnlijk door de virus geblokeerd.
wat hier aan te doen?
groeten
Nico -
- Beste,
Hierbij het blogje van Combo fix:
ComboFix 09-05-15.08 - XP 16-05-2009 17:30:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.255.39 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\XP\Bureaublad\ComboFix2.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\WINDOWS\system32\drivers\UACsvstdwew.sys
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UACmusiengs.dat
C:\WINDOWS\system32\UACqomemkhi.dll
C:\WINDOWS\system32\UACtoojutoq.log
C:\WINDOWS\system32\UACuivbwhdl.dll
C:\WINDOWS\system32\UACwqfqxvfo.log
C:\WINDOWS\system32\UACxfpfyxoe.dll
C:\WINDOWS\system32\UACxrevxdci.dll
C:\WINDOWS\system32\UACxvpwmtag.dll
C:\WINDOWS\system32\UACxwbuqflu.log
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
—– BITS: Mogelijk geïnfecteerde sites —–
hxxp://apexsearchgroup.info
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Service_UACd.sys
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-16 to 2009-05-16 ))))))))))))))))))))))))))))))
.
2009-05-12 13:57:20 . 2009-05-16 15:03:03 0 d–h–r C:\Documents and Settings\XP\Onlangs geopend
2009-05-07 16:34:08 . 2009-04-06 13:32:46 15504 —-a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-05-07 16:34:05 . 2009-04-06 13:32:54 38496 —-a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-07 16:34:03 . 2009-05-07 16:34:03 0 d—–w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-07 16:34:03 . 2009-05-07 16:34:11 0 d—–w C:\Program Files\Malwarebytes' Anti-Malware
2009-05-06 17:26:32 . 2009-05-06 17:26:39 0 d—–w C:\WINDOWS\ERUNT
2009-05-06 17:22:43 . 2009-05-06 17:37:55 0 d—–w C:\SDFix
2009-05-03 12:57:18 . 2009-05-03 12:57:18 0 d—–w C:\Program Files\Trend Micro
2009-05-03 09:38:14 . 2009-05-03 09:38:17 0 d—–w C:\Program Files\CCleaner
2009-05-03 09:01:20 . 2009-05-03 09:01:20 0 d—–w C:\WINDOWS\Downloaded Installations
2009-05-02 19:40:04 . 2009-05-16 10:08:41 0 d–h–w C:\$AVG8.VAULT$
2009-05-02 19:36:32 . 2009-05-02 19:36:32 11952 —-a-w C:\WINDOWS\system32\avgrsstx.dll
2009-05-02 19:36:31 . 2009-05-02 19:36:31 108552 —-a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2009-05-02 19:36:22 . 2009-05-02 19:36:23 325896 —-a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2009-05-02 19:36:08 . 2009-05-16 08:49:55 0 d—–w C:\WINDOWS\system32\drivers\Avg
2009-05-02 19:36:07 . 2009-05-02 19:41:22 0 d—–w C:\Documents and Settings\XP\Application Data\AVGTOOLBAR
2009-05-02 19:02:34 . 2009-05-02 19:02:35 0 d—–w C:\Documents and Settings\All Users\Application Data\SITEguard
2009-05-02 19:01:08 . 2009-05-02 19:01:08 0 d—–w C:\Program Files\Common Files\iS3
2009-05-02 19:01:08 . 2009-05-02 19:13:25 0 d—–w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-05-02 14:56:50 . 2009-05-02 14:56:50 61440 —-a-w C:\WINDOWS\system32\drivers\swhItwfy.sys
2009-05-02 14:38:14 . 2009-05-02 14:38:14 61440 —-a-w C:\WINDOWS\system32\drivers\olIvplhb.sys
2009-05-01 23:19:14 . 2009-05-01 23:19:14 0 d—–w C:\Program Files\AVG
2009-05-01 23:19:14 . 2009-05-16 15:17:30 0 d—–w C:\Documents and Settings\All Users\Application Data\avg8
2009-05-01 22:46:01 . 2009-05-01 22:46:01 0 d—–w C:\Documents and Settings\All Users\Application Data\ESET
2009-05-01 22:21:39 . 2009-05-01 22:57:09 0 d—–w C:\Program Files\ESET
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 19:10:16 . 2009-05-02 19:10:16 344 —-a-w C:\WINDOWS\system32\drivers\kgpcpy.cfg
2009-05-02 19:07:27 . 2006-03-02 12:00:00 24576 —-a-w C:\WINDOWS\system32\userinit.exe
2009-03-29 12:07:07 . 2006-03-02 12:00:00 53850 —-a-w C:\WINDOWS\system32\perfc013.dat
2009-03-29 12:07:07 . 2006-03-02 12:00:00 364882 —-a-w C:\WINDOWS\system32\perfh013.dat
.
——- Sigcheck ——-
[-] 2008-10-07 14:06:45 504832 7BBA4CA9E82794985AFFF1D487A42B40 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:15:40 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 00:38:00 34672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 08:50:42 155648]
"Conceptronic Conceptronic 54Mbps Wireless Utility"="C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe" [2007-01-19 11:06:32 950272]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 09:49:04 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-05-02 19:35:52 1947928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 12:00:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 19:36:32 11952 —-a-w C:\WINDOWS\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [2-5-2009 21:36:22 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [2-5-2009 21:36:31 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2-5-2009 21:35:52 908568]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2-5-2009 21:35:51 298776]
.
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-SITEguard - (no file)
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://www.cooxer.com/
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.