Volledige versie bekijken : Virus
geizer 23 July 2008, 18:08 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:33, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\H2VEX4kp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hbvl.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\system32\Utility.exe \1008
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://charlthegreatest.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
--
End of file - 8433 bytes
Hoi Geizer,
Ik ga even naar je logje kijken. Ik ben nog wel in opleiding en moet mijn fix dus eerst laten controleren. Het kan dus iets langer duren.
- Niels
Hoi Geizer,
Je hebt inderdaad wat troep op je pc. Hier gaan we wat aan doen ;)
1 Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-MalwareKlik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderenHet log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma. Post dit logje in je volgende reactie.
2. Post het logje van MalwareBytes' Anti-Malware samen met een nieuw Hijackthis logje.
Welke virusmelding krijg/kreeg je trouwens?
- Niels
geizer 25 July 2008, 11:03 ik krijg vooral meldingen van trojan horses (new malware.bl downloader.gen.a)
Malwarebytes' Anti-Malware 1.23
Database versie: 990
Windows 5.1.2600 Service Pack 2
10:58:15 25/07/2008
mbam-log-7-25-2008 (10-58-14).txt
Scan type: Snelle Scan
Objecten gescand: 56133
Verstreken tijd: 36 minute(s), 45 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:57, on 25/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hbvl.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\system32\Utility.exe \1008
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://charlthegreatest.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
--
End of file - 8814 bytes
Hoi geizer,
Welk programma geeft deze meldingen? Geeft deze ook een locatie aan van de gevonden virussen? Waar?
Heb je nog problemen?
- Niels
geizer 25 July 2008, 19:23 mcafee virusscan geeft deze meldingen en altijd op c schijf bij system 32, heb ze daar ook al proberen te verwijderen, maar dat lukt niet en de scanner blijft deze ook ma steeds opnieuw vinde
groeten gijs
Kun je de precieze locatie eens zeggen, dus:
C:\WINDOWS\System32\dit zelf invullen
- Niels
geizer 25 July 2008, 20:49 C:\WINDOWS\system32\H2VEX4kp.exe.a_a
C:\WINDOWS\system32\0GUV7dw1.exe.a_a
Hoi Geizer,
1. Volg deze instructies (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) om ComboFix te downloaden.
Voer de instructies op die pagina uit, inclusief het installeren van de XP Recovery Console.
Indien je ComboFix al eerder hebt gebruikt, gelieve die versie te verwijderen en ComboFix opnieuw te downloaden via de bovenstaande link. ComboFix wordt namelijk bijna dagelijks geupdate.
Als je tijdens of na het downloaden van ComboFix of tijdens het gebruik van ComboFix een melding krijgt van je antivirus-of een andere scanner, schakel dan deze scanner uit en download ComboFix opnieuw. Sommige scanners zien bepaalde componenten die ComboFix gebruikt als verdacht en gaan deze blokkeren of verwijderen.
Dubbelklik op ComboFix.exe om ComboFix te openen.
Volg de instructies en aanvaard de disclaimer door op "Ja" te klikken.
Klik tijdens het draaien van ComboFix NIET in het venster, dit kan je systeem doet vastlopen.Wanneer ComboFix klaar is en eventueel na herstart zal er een log (ComboFix.txt) openen.
Post dit logje in je volgende reply.
- Niels
geizer 27 July 2008, 14:44 ComboFix 08-07-26.1 - Gijs 2008-07-27 14:25:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.371 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Gijs\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Gijs\real.txt
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))
.
2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\Malwarebytes' Anti-Malware
2008-07-25 10:19 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 11:11 . 2008-07-24 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-24 11:04 . 2008-07-24 11:04 <DIR> d-------- C:\Program Files\Bonjour
2008-07-24 10:56 . 2008-07-24 10:56 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-22 17:04 . 2008-07-22 17:04 <DIR> dr------- C:\Documents and Settings\NetworkService\Favorieten
2008-07-22 17:04 . 2008-07-22 17:04 <DIR> d-------- C:\Documents and Settings\NetworkService\Bureaublad
2008-07-22 17:04 . 2008-07-22 17:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-07-16 17:56 . 2008-07-16 17:56 <DIR> d-------- C:\Program Files\Windows Media Components
2008-07-15 17:10 . 2004-08-04 01:03 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-07-06 13:45 . 2008-07-06 13:46 <DIR> d-------- C:\Program Files\Sony Corporation
2008-07-06 13:45 . 2008-07-06 13:45 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-07-06 13:45 . 2003-12-03 17:44 13,566 --------- C:\WINDOWS\system32\drivers\cdrbsvsd.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-27 12:28 --------- d-----w C:\Documents and Settings\Gijs\Application Data\DNA
2008-07-27 12:09 --------- d-----w C:\Program Files\Dl_cats
2008-07-25 19:35 --------- d-----w C:\Documents and Settings\Gijs\Application Data\Azureus
2008-07-24 09:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-23 18:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 20:17 --------- d-----w C:\Program Files\Azureus
2008-07-06 11:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:43 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 13:06 --------- d-----w C:\Program Files\iTunes
2008-06-14 13:06 --------- d-----w C:\Program Files\iPod
2008-06-14 13:06 --------- d-----w C:\Documents and Settings\Gijs\Application Data\Apple Computer
2008-06-14 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-14 13:05 --------- d-----w C:\Program Files\QuickTime
2008-06-14 13:03 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-14 12:59 --------- d-----w C:\Program Files\Apple Software Update
2008-06-14 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-09 18:45 --------- d-----w C:\Program Files\Belgacom
2008-06-08 17:20 --------- d-----w C:\Program Files\McAfee
2008-05-15 12:03 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-15 12:03 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 08:45 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 18:48 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 18:50 86016]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 18:47 81920]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34 192512]
"dlcimon.exe"="C:\Program Files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 11:26 430080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"DLCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItim e.dll" [2006-02-24 23:30 73728]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-15 14:03 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 16:00 282624 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-07-06 13:46:12 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-07-06 13:46:09 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Charlotte\\LimeWire\\LimeWire.exe"=
"D:\\Gijs\\Programma's\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 dlci_device;dlci_device;C:\WINDOWS\system32\dlcico ms.exe [2006-05-11 23:22]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeA tmPc.sys []
S3 AtmElan;ATM geëmuleerde LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 12:00]
S3 AtmLane;ATM LAN-emulatie;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 12:00]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{32d47472-360d-11dc-8b9b-0019d10607b5}]
\Shell\AutoRun\command - M:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9e2faf1d-356c-11dc-8b95-0019d10607b5}]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fdf96ba4-6ba4-11dc-8c92-0019d10607b5}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Inhoud van de 'Gedeelde Taken' map
2008-06-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!6:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM06 []
2008-07-21 C:\WINDOWS\Tasks\At1.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0h+c1JbziT*|9db!YQ]W1u@oVff` []
2008-07-26 C:\WINDOWS\Tasks\At10.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.09Ybly_B []
2008-07-26 C:\WINDOWS\Tasks\At11.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0 []
2008-07-27 C:\WINDOWS\Tasks\At12.job - sv!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0SZ\>28^$S&l&V 7$"?uzf02 []
2008-07-23 C:\WINDOWS\Tasks\At13.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0yY:zZ!eV}yDd1{BVL,^h+BP;dvgP []
2008-07-25 C:\WINDOWS\Tasks\At14.job - sv!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.05NG3 3%KP;zzM;% BM_ZV%%@" []
2008-07-26 C:\WINDOWS\Tasks\At15.job - sv!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0R :pc>O{`(0st+7haBQ\AT*3A&}+ []
2008-07-21 C:\WINDOWS\Tasks\At16.job - sv!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0Bh:Es&MYUsk?"q <dS9B$J+gH=[ []
2008-07-26 C:\WINDOWS\Tasks\At17.job - sv!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0Ma.p,'xuN`>*Lz0NRoKFn&wx& []
2008-07-26 C:\WINDOWS\Tasks\At18.job - sv!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0UW'tl\B$k$z:!n{]tSomaS []
2008-07-23 C:\WINDOWS\Tasks\At19.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0}IxK"D;L^CqxW1$ jgdzhM`v []
2008-07-21 C:\WINDOWS\Tasks\At2.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0c6n,30BrAWsC*;Hi>u=WSLH8$_>r []
2008-07-23 C:\WINDOWS\Tasks\At20.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0cXQ &)n}l=\ []
2008-07-25 C:\WINDOWS\Tasks\At21.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0B+AJ{'HhP<jjU#qi0hn'4[ []
2008-07-25 C:\WINDOWS\Tasks\At22.job - sv!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.048|]Ew76T3pVJ@#VEn9]%% []
2008-07-21 C:\WINDOWS\Tasks\At23.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0GrFUNx 1?f<tMdc+Io^9D`9S^>e []
2008-07-23 C:\WINDOWS\Tasks\At24.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0yG\)S;B-4CoreP ty []
2008-07-22 C:\WINDOWS\Tasks\At25.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.02(v-[5XDI]u> b489/xW7,@ []
2008-07-22 C:\WINDOWS\Tasks\At26.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.00?9g Ky|$k!E6;\\16 []
2008-07-22 C:\WINDOWS\Tasks\At27.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0@[haFs?9_PKySApNG$,C_D&;09| []
2008-07-22 C:\WINDOWS\Tasks\At28.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.05mt[ik8g"*^8[Q:|$dV27C []
2008-07-22 C:\WINDOWS\Tasks\At29.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0z9W/rCjgppb3|rB4 l$2, []
2008-07-21 C:\WINDOWS\Tasks\At3.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0]7}%-/Y>GQo(!I/FRgA!:b'N;H []
2008-07-22 C:\WINDOWS\Tasks\At30.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0uEr^@i=Jtf1InRW []
2008-07-22 C:\WINDOWS\Tasks\At31.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0#Q_JEliRmRAHYOC zodr$c4!]j{Y []
2008-07-22 C:\WINDOWS\Tasks\At32.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0*]3y7|n []
2008-07-22 C:\WINDOWS\Tasks\At33.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0}d>N0[)7{N`}/YEt+,GQE@bLL1#MY5K []
2008-07-26 C:\WINDOWS\Tasks\At34.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0GC^rol5 []
2008-07-26 C:\WINDOWS\Tasks\At35.job - Q!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0 []
2008-07-27 C:\WINDOWS\Tasks\At36.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0}IM9h^q}sP"-[N7s;r+D []
2008-07-23 C:\WINDOWS\Tasks\At37.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0Rx"ns0t^Ds5gcWA",0_QnwAf=r[ []
2008-07-25 C:\WINDOWS\Tasks\At38.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0S.fBMh!ita|T>oL=,I@1uOKc[ []
2008-07-26 C:\WINDOWS\Tasks\At39.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0{Q"NC%;i []
2008-07-21 C:\WINDOWS\Tasks\At4.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0vhCb=/e)H\m []
2008-07-22 C:\WINDOWS\Tasks\At40.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0{p+H`Rr#AtzTtt}c=s+ []
2008-07-26 C:\WINDOWS\Tasks\At41.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0}<RA []
2008-07-26 C:\WINDOWS\Tasks\At42.job - s!Q!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0V|fTD[]cVZ []
2008-07-23 C:\WINDOWS\Tasks\At43.job - s!(!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0-tU|C[28'efYB_6Mg!W []
2008-07-23 C:\WINDOWS\Tasks\At44.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0'_2T5N`<B2V|>Jnrv22!PiL_ []
2008-07-25 C:\WINDOWS\Tasks\At45.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0[>s.<_*ZZHvlc.6C?"<Gt9w []
2008-07-25 C:\WINDOWS\Tasks\At46.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0 []
2008-07-22 C:\WINDOWS\Tasks\At47.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0zbJ^7I&xgrT []
2008-07-23 C:\WINDOWS\Tasks\At48.job - s!!C:\WINDOWS\system32\H2VEX4kp.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0NA&y-_UKl=$hL3ej0S?*KPg"b, []
2008-07-21 C:\WINDOWS\Tasks\At5.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0Kar@_('k#F-l@A5;tM?Q []
2008-07-21 C:\WINDOWS\Tasks\At6.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0'%IK609VEXK)i5 []
2008-07-21 C:\WINDOWS\Tasks\At7.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0\F []
2008-07-21 C:\WINDOWS\Tasks\At8.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0z;\Za #ovsk:@a8G'RMV?. []
2008-07-21 C:\WINDOWS\Tasks\At9.job - s!!C:\WINDOWS\system32\0GUV7dw1.exeSYSTEM!Gemaakt door NetScheduleJobAdd.0!N?JN.Id_ZFm:M!BB)18lThvtP []
2008-06-14 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA1\mcafee\mqc\QcConsol.exe []
2008-04-15 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA1\mcafee\mqc\QcConsol.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RemoveElanIcon - C:\WINDOWS\system32\ELAN.exe
HKLM-Run-CloseDNF - C:\WINDOWS\system32\Utility.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hbvl.be/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 14:29:49
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scannen van verborgen bestanden ...
************************************************** ************************
.
Voltooingstijd: 2008-07-27 14:33:06
ComboFix-quarantined-files.txt 2008-07-27 12:32:03
ComboFix2.txt 2008-03-20 16:58:12
Pre-Run: 169,057,652,736 bytes beschikbaar
Post-Run: 169,452,703,744 bytes beschikbaar
200 --- E O F --- 2008-07-10 14:23:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:21, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hbvl.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://charlthegreatest.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
--
End of file - 8672 bytes
Hoi geizer,
Bijna klaar :)
1. Open een leeg kladblok bestand en kopieer daarin het onderstaande dikgedrukte stukje tekst:
File::
C:\WINDOWS\system32\0GUV7dw1.exe
C:\WINDOWS\system32\H2VEX4kp.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
Sla dit bestand op als CFScript.txt
Sleep CFScript.txt naar Combofix toe zoals in het onderstaande voorbeeld.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
Combofix zal weer gaan starten. Zodra deze klaar is zal er weer een logje openen, sla deze even op op je bureaublad.
Post het logje van Combofix in je volgende reply.
Hoe is het nu met je problemen? Zijn de meldingen weg?
geizer 30 July 2008, 14:42 de meldingen zijn weg, bedankt
hieronder de logjes nog eens:
ComboFix 08-07-29.1 - Gijs 2008-07-30 14:30:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.301 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Gijs\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gijs\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
FILE ::
C:\WINDOWS\system32\0GUV7dw1.exe
C:\WINDOWS\system32\H2VEX4kp.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))
.
2008-07-28 15:39 . 2008-07-28 15:39 <DIR> d-------- C:\Program Files\Sun
2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\Malwarebytes' Anti-Malware
2008-07-25 10:19 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 11:11 . 2008-07-24 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-24 11:04 . 2008-07-24 11:04 <DIR> d-------- C:\Program Files\Bonjour
2008-07-24 10:56 . 2008-07-24 10:56 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-22 17:04 . 2008-07-22 17:04 <DIR> dr------- C:\Documents and Settings\NetworkService\Favorieten
2008-07-22 17:04 . 2008-07-22 17:04 <DIR> d-------- C:\Documents and Settings\NetworkService\Bureaublad
2008-07-22 17:04 . 2008-07-22 17:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-07-16 17:56 . 2008-07-16 17:56 <DIR> d-------- C:\Program Files\Windows Media Components
2008-07-15 17:10 . 2004-08-04 01:03 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-07-06 13:45 . 2008-07-06 13:46 <DIR> d-------- C:\Program Files\Sony Corporation
2008-07-06 13:45 . 2008-07-06 13:45 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-07-06 13:45 . 2003-12-03 17:44 13,566 --------- C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2008-06-23 17:48 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 15:06 . 2008-06-14 15:06 <DIR> d-------- C:\Program Files\iTunes
2008-06-14 15:06 . 2008-06-14 15:06 <DIR> d-------- C:\Program Files\iPod
2008-06-14 15:06 . 2008-06-14 15:06 <DIR> d-------- C:\Documents and Settings\Gijs\Application Data\Apple Computer
2008-06-14 15:05 . 2008-06-14 15:05 <DIR> d-------- C:\Program Files\QuickTime
2008-06-14 15:05 . 2008-06-14 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-14 15:03 . 2008-06-14 15:03 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-14 14:59 . 2008-06-14 14:59 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-14 14:59 . 2008-06-14 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-11 09:29 . 2008-06-14 20:00 272,640 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:29 . 2008-06-14 20:00 272,640 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-30 12:28 --------- d-----w C:\Documents and Settings\Gijs\Application Data\DNA
2008-07-30 08:26 --------- d-----w C:\Program Files\Dl_cats
2008-07-29 15:45 --------- d-----w C:\Documents and Settings\Gijs\Application Data\Azureus
2008-07-28 13:39 --------- d-----w C:\Program Files\Java
2008-07-24 09:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-19 20:17 --------- d-----w C:\Program Files\Azureus
2008-07-06 11:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:43 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-09 18:45 --------- d-----w C:\Program Files\Belgacom
2008-06-08 17:20 --------- d-----w C:\Program Files\McAfee
2008-05-15 12:03 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-15 12:03 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-27_14.31.30.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-27 09:03:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-07-30 08:32:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-07-27 09:03:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2008-07-30 08:32:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2008-07-27 09:03:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-30 08:32:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 08:45 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 18:48 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 18:50 86016]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 18:47 81920]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34 192512]
"dlcimon.exe"="C:\Program Files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 11:26 430080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"DLCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItim e.dll" [2006-02-24 23:30 73728]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-15 14:03 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 16:00 282624 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-07-06 13:46:12 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-07-06 13:46:09 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Charlotte\\LimeWire\\LimeWire.exe"=
"D:\\Gijs\\Programma's\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 dlci_device;dlci_device;C:\WINDOWS\system32\dlcico ms.exe [2006-05-11 23:22]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeA tmPc.sys []
S3 AtmElan;ATM geëmuleerde LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 12:00]
S3 AtmLane;ATM LAN-emulatie;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 12:00]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{32d47472-360d-11dc-8b9b-0019d10607b5}]
\Shell\AutoRun\command - M:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fdf96ba4-6ba4-11dc-8c92-0019d10607b5}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Inhoud van de 'Gedeelde Taken' map
2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-06-14 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-04-15 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 14:31:48
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-07-30 14:33:05
ComboFix-quarantined-files.txt 2008-07-30 12:32:42
ComboFix2.txt 2008-07-30 12:29:34
ComboFix3.txt 2008-07-27 12:33:08
ComboFix4.txt 2008-03-20 16:58:12
Pre-Run: 169,115,574,272 bytes beschikbaar
Post-Run: 169,106,198,528 bytes beschikbaar
265 --- E O F --- 2008-07-10 14:23:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:50, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 946\dlcimon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dlcicoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hbvl.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://charlthegreatest.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlci_device - - C:\WINDOWS\system32\dlcicoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
--
End of file - 8639 bytes
Hoi Geizer,
Je logje is weer schoon.
Lees nog even deze (http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html) tips om infecties te voorkomen.
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.
http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG
Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.
- Niels
|
|