Volledige versie bekijken : pc vol virussen / adware
Spike 23 August 2008, 20:24 hey,
ik heb hier een pc van ne kameraad staan die ik met veel moeite opgestart heb gekregen. Er zitten een hoop adware en virussen op vermoed ik.
zelf heb ik nog geen stappen ondernomen, omdat ik in het verleden hier ook al goed geholpen ben.
Kan er iemand eens kijken naar de log... Alvast bedankt.
Tim
ps: MWB eb schijfopruiming is aan het scannen, de MWB log komt er ook aan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:01, on 23/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\F-Secure\FSGUI\fsavgui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaSt udioAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [BM437d4760] Rundll32.exe "C:\WINDOWS\system32\ixvuxbkt.dll",s
O4 - HKLM\..\Run: [404e74fc] rundll32.exe "C:\WINDOWS\system32\ckkodfom.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10898 bytes
Juisterr 23 August 2008, 21:20 Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: Rundll32.exe "C:\WINDOWS\system32\ixvuxbkt.dll",s
O4 - HKLM\..\Run: [404e74fc] rundll32.exe "C:\WINDOWS\system32\ckkodfom.dll",a
Klik op 'Fix checked' om de items te verwijderen.
Download MalwareBytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "[b]Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
Plaats dit logje samen met een nieuw logje van HijackThis.
Spike 24 August 2008, 02:12 hoi,
ik had al een volledige scan laten doen voordat ik jouw reractie had gelezen. Daardoor stonden de twee laatste regels van hijackthis er niet meer tussen.
De eerste log van MWB is de volledige scan, dan de nieuwe hijachthis, en dan de nieuwe snelle scan van MWB.
ik heb de indruk dat hij al heel wat beter bolt na die MWB scan, maar de F-secure virusscan geeft toch regelmatig een foutmelding van malware.
grtz, tim
MWB
Malwarebytes' Anti-Malware 1.25
Database versie: 1078
Windows 5.1.2600 Service Pack 2
1:46:12 24/08/2008
mbam-log-08-24-2008 (01-46-12).txt
Scan type: Volledige Scan (C:\|D:\|E:\|)
Objecten gescand: 182217
Verstreken tijd: 2 hour(s), 20 minute(s), 17 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 4
Registersleutels geïnfecteerd: 21
Registerwaarden geïnfecteerd: 3
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 15
Bestanden geïnfecteerd: 86
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\ckkodfom.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvVPhiF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\najubghq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pnlrvm.dll (Trojan.Vundo.H) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{23ce294b-5191-4a53-996d-3fba8a870f15} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{23ce294b-5191-4a53-996d-3fba8a870f15} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6f95e9ec-86ec-42c6-8b53-94ef96e3dab8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6f95e9ec-86ec-42c6-8b53-94ef96e3dab8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnkictl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvid er (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\404e74fc (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\bm437d4760 (Trojan.Agent) -> Delete on reboot.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvvphif -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvphif -> Delete on reboot.
Mappen geïnfecteerd:
C:\Program Files\WinSecureAv (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Config (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\AWBase (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\AWBase\database (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\PGBase (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\plugins (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\LA (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.4 (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temp\NI.UGA6P_0001_N122M2802 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Application Data\WinSecureAv (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Application Data\WinSecureAv\Logs (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\WINDOWS\system32\pnlrvm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvVPhiF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FihPVvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FihPVvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkICTL.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckkodfom.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mofdokkc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temp\zfe1.0xe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temp\NI.UGES_0001_N122M2603\setup.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temporary Internet Files\Content.IE5\392BDDS4\kb767887[1] (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temporary Internet Files\Content.IE5\6U7NK0AV\setup_304_509_[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temporary Internet Files\Content.IE5\OA34O5BX\kb456456[1] (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temporary Internet Files\Content.IE5\OA34O5BX\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2818768502-4275019733-3952682231-1006\Dc1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP478\A0184586.DLL (Rogue.WinFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP478\A0184604.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP522\A0216725.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP524\A0216856.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP526\A0217008.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP526\A0217049.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP528\A0218146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP530\A0219456.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP531\A0220502.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP531\A0220506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP531\A0220507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP531\A0220561.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP531\A0220570.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9D95432E-2081-476D-BE74-228FB838901E}\RP531\A0220571.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nqliaewo.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcjavkxb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\najubghq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uwhhowmx.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comxgkco.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ehqfhdfu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fujuqueh.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngpylu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tefctmmh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khyvpdue.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\al.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\FWSettings.bin (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\history.db (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\main.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\ResErrors.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\sr.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\unins000.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Config\pgs.xml (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\Activate.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\BkSites.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\bnlink.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\cd.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\incmp.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\index.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Dat\pv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\AWBase\vbpv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\AWBase\database\enemies. dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\PGBase\vbpv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Engines\plugins\vbpv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\cross.gif (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\ga6p.gif (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\kb.url (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\Online.url (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\rm.url (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Graphics\Support.url (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\LA\lapv.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\LA\License.rtf (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\ASupdater.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\diagnosis.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\PGupdater.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\UBupdater.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\up.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\WinSecureAv\Up\updater.dat (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.4\ignored.lst (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temp\NI.UGA6P_0001_N122M2802\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temp\NI.UGA6P_0001_N122M2802\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temp\NI.UGA6P_0001_N122M2802\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Application Data\WinSecureAv\Logs\threats.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Application Data\WinSecureAv\Logs\update.log (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nplkiocu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM437d4760.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM437d4760.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Favorieten\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:49, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaSt udioAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10734 bytes
nieuw MWB log
Malwarebytes' Anti-Malware 1.25
Database versie: 1078
Windows 5.1.2600 Service Pack 2
2:15:06 24/08/2008
mbam-log-08-24-2008 (02-15-06).txt
Scan type: Snelle Scan
Objecten gescand: 54014
Verstreken tijd: 14 minute(s), 11 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{392466b8-b490-4a4b-bf79-f42c2e0a18ad} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{392466b8-b490-4a4b-bf79-f42c2e0a18ad} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\WINDOWS\system32\ngpylu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hendrik Rynkens\Local Settings\Temporary Internet Files\Content.IE5\3X1GI6BJ\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
Juisterr 24 August 2008, 13:34 Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
Download Java Runtime Environment (JRE) 6u7 (http://www.filehippo.com/download_java_runtime/download/c28613d7a64f810d2f74797833d9a0f1/) en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u7-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Ik hoef niet te vertellen wat voor infectie U had hoop ik?
Spike 24 August 2008, 22:40 hey,
eigenlijk mag je wel vertellen wat soort infectie het was... is namelijk niet mijn pc, dus ik weet niet wat ermee uitgespookt is...
vraagje: moet die java normaal zijn eigen niet regelmatig updaten, of moet je regelmatig oude versies verwijderen en de nieuwe installen?
F-secure geeft nog melding van trojan virus en aware, maar na minutenlang proberen om het bestand te isoleren, lukt dat niet.
hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:39, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaSt udioAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://breedband.telenet.be
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130364442791
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServe r.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10464 bytes
MWB
Malwarebytes' Anti-Malware 1.25
Database versie: 1078
Windows 5.1.2600 Service Pack 2
22:44:57 24/08/2008
mbam-log-08-24-2008 (22-44-57).txt
Scan type: Snelle Scan
Objecten gescand: 53790
Verstreken tijd: 14 minute(s), 48 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Juisterr 25 August 2008, 19:30 Eigenlijk hoef ik helemaal niks dus..
als je zelf even gekeken had in het Mbam logje :wall: had je kunnen zien wat het was.
Trojan.Vundo.H
Spike 26 August 2008, 18:49 hey,
nu bolt ie weer mooi zonder foutmeldingen.
Merci voor de hulp !!
grtz, tim
|
|