Volledige versie bekijken : Coreflood!mem
dogegg 5 July 2010, 22:52 Hallo,
Sinds een aantal weken heb ik last van geheugen problemen; met name Nero Burning rom en Nero vision lopen regelmatig vast met meldingen dat er een geheugen fout is opgetreden. Testen wijzen uit dat de geheugen modules goed functioneren.
Bij een uitgebreide virusscan (McAfee) krijg ik een melding dat Coreflood!mem in mijn geheugen zit (in proces c:\windows\explorer.exe). De virusscanner geeft vervolgens aan dat Coreflood!mem beëindigd is, maar iedere keer als ik opnieuw laat scannen vindt hij hem weer. Ik heb het idee dat Coreflood!mem na verwijdering uit het geheugen, net zo snel weer terug gezet wordt in het geheugen.
Iemand een idee hoe ik dit ding definitief kwijt raak?
Met vriendelijke groet,
Dogegg
Onderstaand een recente logfile van HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:22, on 5-7-2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
F:\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
F:\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
F:\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\uTorrent\µtorrent 1.7.5 Leecher Pack\utorrent 1.7.5_fake2x_leecher.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Totalcmd\TOTALCMD.EXE
F:\Mozilla Firefox\firefox.exe
F:\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "F:\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - F:\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Executive Software\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - F:\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6941 bytes
compuchrisje 5 July 2010, 22:57 Je bericht is verplaatst naar het juiste forumonderdeeltje. Zo zullen onze spyware-slayers het ook sneller opmerken.
EvelineGirl 7 July 2010, 11:42 Hoi, ;)
Wat is de reden waarom XP niet geupdate is? Illegale versie soms?
Werken met Windows XP zonder SP2, SP3 en IE8 is vragen om problemen.
1.
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) en sla deze op je Bureaublad op.
Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten. Hoe lang het programma nodig heeft, kan verschillen. Dit kan kan slechts een paar seconden zijn, maar ook 5 minuten. Laat het programma gewoon ongestoord zijn werk doen totdat het klaar is.
Als het programma klaar is, dan zal het je computer opnieuw opstarten. Als dit niet gebeurt, start dan je computer handmatig opnieuw op.
2.
Download MalwareBytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op Voltooien
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad Instellingen
Vink hier aan: Sluit Internet Explorer tijdens verwijdering van malware
Ga daarna naar het tabblad Scanner , kies hier voor Snelle Scan
Druk vervolgens op Scannen om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna Bekijk Resultaten om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde
Na het verwijderen zal een log openen, indien er gevraagd wordt om je computer te herstarten moet je dit toestaan.
Dit is namelijk noodzakelijk om sommige infecties te kunnen verwijderen.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de Logs tab te klikken in het programma.
Post dit logje in je volgende reactie.
3.
Verwijder de huidige versie van HijackThis. Deze is verouderd en kan BUGS bevatten.
Downloaden en installeren van Hijackthis 2.0.4.
Download HijackThis Install (http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.msi) naar je bureaublad.
Dubbelklik op de installer om HijackThis opnieuw te installeren. Ga akkoord met de standaard locatie.
Klik op Main Menu.
Vink, onderaan, Do not show this window when I start Hijackthis uit.
Klik in het keuzevenster op "Do a scan and save a logfile".
Bewaar de logfile op je harde schijf en post dit logje in je volgende antwoord.
Succes,
Eveline. :)
dogegg 8 July 2010, 00:14 Hallo Eveline,
Geen illegale versie, maar ik gebruik programmatuur voor mijn werk welke problemen geeft bij SP2 of SP3. Ik gebruik geen IE maar Firefox.
Hierbij de log van MalwareBytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4290
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106
7-7-2010 23:55:48
mbam-log-2010-07-07 (23-55-48).txt
Scantype: Snelle scan
Objecten gescand: 124106
Verstreken tijd: 8 minuut/minuten, 47 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
En de log van HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:06:36, on 8-7-2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
F:\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
F:\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Totalcmd\TOTALCMD.EXE
C:\Program Files\Windows NT\Bureau-accessoires\WORDPAD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
F:\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "F:\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - F:\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Executive Software\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - F:\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7324 bytes
Met vriendelijke groet,
Dogegg
EvelineGirl 8 July 2010, 12:35 Hoi, ;)
We zullen iets dieper moeten kijken.
1.
Bezoek de volgende pagina met de instructies voor het downloaden en gebruiken van Combofix (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
Plaats Combofix op je bureaublad.
Schakel je Antivirus scanner uit alvorens Combofix op te starten.
Sommige scanners detecteren Combofix als malware en kunnen componenten verwijderen.
Indien dit gebeurt, download Combofix opnieuw.
Kijk hier (http://www.bleepingcomputer.com/forums/topic114351.html) indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van Combofix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer Combofix voltooid is en na herstart, zal de log Combofix.txt openen.
NOTE: Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.
Post het combofix.txt log samen met een nieuw HijackThis logje in je volgende antwoord.
Succes,
Eveline. :)
dogegg 8 July 2010, 22:50 Hallo Eveline,
Hierbij de combofix.txt log:
ComboFix 10-07-07.02 - JG 08-07-2010 22:27:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.31.1043.18.1023.594 [GMT 2:00]
Gestart vanuit: c:\documents and settings\JG\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\JG\Application Data\inst.exe
c:\windows\system32\ntUsrrIP_1_0.dll
c:\windows\system32\win.ini
c:\windows\system32\qmgr.dll . . . is geïnfecteerd!!
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-08 to 2010-07-08 ))))))))))))))))))))))))))))))
.
2010-07-07 22:05 . 2010-07-07 22:05 388096 ----a-r- c:\documents and settings\JG\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-07 22:05 . 2010-07-07 22:05 -------- d-----w- c:\program files\Trend Micro
2010-07-02 15:20 . 2010-07-03 11:08 -------- d-----w- c:\documents and settings\JG\Local Settings\Application Data\Ahead
2010-07-02 15:18 . 2010-07-03 11:09 -------- d-----w- c:\documents and settings\JG\Application Data\Ahead
2010-07-02 15:11 . 2010-07-02 15:11 -------- d-----w- c:\program files\Nero
2010-07-02 15:11 . 2010-07-02 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-02 14:58 . 2010-07-08 18:56 -------- d--h--r- c:\documents and settings\JG\Onlangs geopend
2010-06-29 09:16 . 2010-06-29 09:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-06-29 09:16 . 2009-08-06 17:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2010-06-29 09:16 . 2009-08-06 17:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2010-06-29 09:16 . 2009-08-06 17:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-06-29 09:16 . 2009-08-06 17:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-06-29 09:16 . 2004-08-03 12:04 169240 ----a-w- c:\windows\system32\wuauclt1.exe
2010-06-29 09:16 . 2004-08-03 12:00 187160 ----a-w- c:\windows\system32\wuaueng1.dll
2010-06-29 08:28 . 2010-06-29 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-06-29 08:26 . 2009-11-04 14:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-06-29 08:26 . 2009-11-04 14:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-29 08:26 . 2009-11-04 14:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-29 08:26 . 2009-07-16 10:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-29 08:25 . 2010-06-29 08:26 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-29 08:25 . 2010-06-29 08:25 -------- d-----w- c:\program files\McAfee.com
2010-06-29 08:25 . 2010-06-29 10:09 -------- d-----w- c:\program files\McAfee
2010-06-29 08:23 . 2009-11-04 14:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-06-22 21:17 . 2010-07-08 20:32 14751 ----a-w- c:\windows\system32\hpzlnt1x.dat
2010-06-22 21:17 . 2010-07-08 20:32 1464 ----a-w- c:\windows\system32\DANIRS.dat
2010-06-22 21:17 . 2010-07-08 20:31 0 ----a-w- c:\windows\system32\wmvadod.dat
2010-06-22 20:49 . 2010-07-08 20:35 582 ----a-w- c:\windows\system32\mstext40.dat
2010-06-22 20:49 . 2010-07-08 20:35 2482 ----a-w- c:\windows\system32\rastahix.dat
2010-06-22 20:49 . 2010-07-08 20:35 0 ----a-w- c:\windows\system32\unrah.dat
2010-06-22 20:49 . 2010-07-08 19:02 314 ----a-w- c:\windows\system32\pifmgr.dat
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-08 20:35 . 2002-09-11 12:00 442004 ----a-w- c:\windows\system32\perfh013.dat
2010-07-08 20:35 . 2002-09-11 12:00 69380 ----a-w- c:\windows\system32\perfc013.dat
2010-07-08 20:27 . 2007-08-03 13:38 -------- d-----w- c:\documents and settings\JG\Application Data\uTorrent
2010-07-03 11:09 . 2005-07-14 16:20 -------- d-----w- c:\documents and settings\JG\Application Data\Media Player Classic
2010-07-02 15:11 . 2005-01-05 18:54 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-29 14:57 . 2004-12-21 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2010-06-29 14:57 . 2004-12-21 22:53 -------- d-----w- c:\program files\Network Associates
2010-06-29 11:26 . 2007-12-14 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-29 08:14 . 2005-05-05 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-29 08:04 . 2006-05-14 20:45 -------- d-----w- c:\program files\Common Files\Agnitum Shared
2010-06-23 07:46 . 2004-12-26 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-31 15:35 . 2010-05-13 21:06 -------- d-----w- c:\program files\Common Files\AVM
2010-05-28 18:41 . 2009-05-10 11:50 -------- d-----w- c:\documents and settings\JG\Application Data\Vso
2010-05-13 21:13 . 2010-05-13 21:12 -------- d-----w- c:\documents and settings\JG\Application Data\FRITZ!
2010-04-29 13:39 . 2009-06-16 21:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2008-07-02 20:05 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 14:00 . 2010-04-25 13:00 102 ----a-w- c:\documents and settings\All Users\Application Data\xlink.sys
2010-04-28 14:00 . 2010-04-25 13:00 102 ----a-w- c:\documents and settings\All Users\Application Data\xlink.sys
2006-05-03 10:06 . 2010-02-02 15:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-02 15:54 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-02 15:54 216064 --sh--r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[-] 2004-07-09 03:27 . A969E427AB2B64B00DFEE9E435D42F96 . 1689600 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll
c:\windows\System32\wscntfy.exe ... is niet aanwezig !!
c:\windows\System32\xmlprov.dll ... is niet aanwezig !!
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\pi fmgr]
@="{E437A482-7727-2F6B-8905-FFA92CD6A362}"
[HKEY_CLASSES_ROOT\CLSID\{E437A482-7727-2F6B-8905-FFA92CD6A362}]
2002-09-11 12:00 135168 ----a-w- c:\windows\system32\pifmgr.ocx
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"FreeRAM XP"="f:\freeram xp pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-11 13312]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
APC UPS Status.lnk - f:\apc\APC PowerChute Personal Edition\Display.exe [2007-6-8 221247]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^desktop.ini]
backup=c:\windows\pss\desktop.iniCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PlexTools Professional.lnk]
backup=c:\windows\pss\PlexTools Professional.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^JG^Menu Start^Programma's^Opstarten^Adobe Media Player.lnk]
path=c:\documents and settings\JG\Menu Start\Programma's\Opstarten\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^JG^Menu Start^Programma's^Opstarten^desktop.ini]
backup=c:\windows\pss\desktop.iniStartup
[HKLM\~\startupfolder\C:^Documents and Settings^JG^Menu Start^Programma's^Opstarten^PrevxCSI.lnk]
backup=c:\windows\pss\PrevxCSI.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-11 20:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-22 23:13 1591808 ----a-w- f:\freeram xp pro\FreeRAM XP Pro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 14:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 12:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- f:\malwarebytes' anti-malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2003-02-26 11:00 139347 ----a-w- c:\program files\Network Associates\Common Framework\UpdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2002-08-20 14:08 1511453 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2006-05-12 13:48 1122304 ----a-w- f:\norton ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-17 19:50 155648 ----a-w- f:\quicktime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-05-12 13:49 32768 ----a-w- f:\powerdvd\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"de_serv"=3 (0x3)
"AVM IGD CTRL Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
R0 iteraid;ITERAID_Service_Install;c:\windows\system3 2\drivers\iteraid.sys [19-10-2006 15:59 25067]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29-7-2004 4:33 138780]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [17-5-2006 23:02 10240]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIM ount.sys [29-7-2004 5:13 46779]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [29-6-2010 10:27 203280]
S3 cmudax;C-Media Azalia Audio Interface;c:\windows\system32\drivers\cmudax.sys [20-12-2004 23:36 1385664]
.
Inhoud van de 'Gedeelde Taken' map
2010-06-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-29 10:22]
2010-06-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-29 10:22]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
mSearch Bar =
uSearchAssistant =
uCustomizeSearch =
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\JG\Application Data\Mozilla\Firefox\Profiles\nw82v2st.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS - Nederlands
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: f:\acrobat 6.0\Reader\browser\nppdf32.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin7.dll
FF - plugin: f:\realplayer\Netscape6\nppl3260.dll
FF - plugin: f:\realplayer\Netscape6\nprjplug.dll
FF - plugin: f:\realplayer\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
f:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
f:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS VERWIJDERD - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-Spyware Doctor - (no file)
MSConfigStartUp-CloneCDTray - f:\slysoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-Outpost Firewall - f:\agnitum\Outpost Firewall\outpost.exe
MSConfigStartUp-OutpostFeedBack - f:\agnitum\Outpost Firewall\feedback.exe
MSConfigStartUp-ShStatEXE - c:\program files\Network Associates\VirusScan\SHSTAT.EXE
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 22:35
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{207A142 2-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{210BD7C 7-47ED-BBE9-95D0F9FAA3BD0E97}\{C5D4C247-F1D1-D183-A63FC2DFAAC29AA3}\{B55B3474-A2E6-F6F7-4AD088E6434601A2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{238B46B 1-DB3F-FF9F-817885D113BABB65}\{C7A1A506-D491-606A-8FAD8C1E4DD81C50}\{5DBD0FCF-797E-7771-3B3D82FCE9F240F9}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3749AA9 5-0B95-97D6-573EA782D1087389}\{140D5DD1-4454-9D01-1A62C863EE2D72CA}\{AFBD57C5-0E25-C0E9-BB318052A3DC6730}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C08228 6-DD56-6B96-110FABAC317C22E3}\{17077DA0-F2D9-EF48-DBC13F521337D931}\{A783887F-564D-BBBA-662193019693FEBC}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6394A16 B-F803-48C7-678A5F5C0D5AF33B}\{084FA269-25E9-EAF9-79282C5961DBAAF7}\{1F365BB6-4338-38B7-EE9F8ECE49C04569}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{729CD5E E-CFD4-2598-E99D0DF7791A50E3}\{F8FFDD05-44DF-5042-E601749BEB85FEB7}\{D29FFC2E-79FD-DC28-524A63CA31F9404E}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{90C9B22 7-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{959CDFD 9-242F-9381-450EBA075CF8D1EA}\{E4126DDE-B1CF-F46E-6FBC1229E79DA1E8}\{36374683-3A91-E5DA-C1D5F9EB3706FEB8}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF 7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF78690 2-5081-2756-12E9AFF5FE8C5591}\{5B784720-FD2D-0193-B8CD4993A91EC92D}\{3AAAA277-B786-78CA-52C7468A0DB889F6}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B223617 5-3D9F-05C6-8B4893E47EF3B357}\{715026F0-32B2-9A38-0A89C09A617BF317}\{121623C5-7E2D-B1BB-98FD332A06B7F4F2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B3455F6 4-548B-0908-FFB42C4F669AFFD9}\{E04CBF2B-DDF8-6F36-F86E7B68B327A5A0}\{8F880586-6EB1-6C7E-395499CAC607AA84}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B3A3A58 F-967E-A40A-C7DDFB524B0CDFB3}\{B28E8422-363F-1C4B-CC056478281B7FCE}\{569EFB20-10B3-C9F5-895B6A19B8852344}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B949B43 D-1810-C590-5BA3D3FB47E71A33}\{C4C70B00-DFFA-18F9-0AB85D5A53F53FFC}\{5A6DA99E-454A-644B-5884B00FD9434DA2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C53C8AF E-780B-A095-1875A9D39C824CF2}\{151E6624-94D7-6041-A2A26FFA6BDDEF0C}\{8D08884B-CD31-5FF0-CA8CAC497363EFC4}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CD33F05 B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DCB42C0 2-2C7E-50EC-E2B5A792F7765BFB}\{38286259-1A12-EDE0-84E2CD6A1D76E8F7}\{2C2658AF-F73E-73C6-89D45D0D6FCCCFF2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E20DD46 F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1764)
c:\windows\System32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll
- - - - - - - > 'lsass.exe'(1824)
c:\windows\system32\MSVCRT40.dll
c:\windows\system32\MSVCIRT.dll
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(7372)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\System32\msi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
f:\apc\APC PowerChute Personal Edition\mainserv.exe
f:\executive software\Diskeeper\DkService.exe
c:\windows\System32\GEARSec.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\McShield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
f:\norton ghost\Agent\PQV2iSvc.exe
c:\windows\System32\wdfmgr.exe
f:\webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
f:\apc\APC PowerChute Personal Edition\apcsystray.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-07-08 22:39:30 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-08 20:39
Pre-Run: 2.880.868.352 bytes beschikbaar
Post-Run: 2.754.015.232 bytes beschikbaar
winxpsp1_nl_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Prof-2"
- - End Of File - - FB4656BF84A90EE4319EA576C87A99F9
En de nieuwe HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:43:50, on 8-7-2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\APC\APC PowerChute Personal Edition\mainserv.exe
F:\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
F:\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\explorer.exe
F:\Totalcmd\TOTALCMD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [FreeRAM XP] "F:\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - F:\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - F:\Executive Software\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - F:\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7146 bytes
Met vriendelijke groet,
Dogegg
EvelineGirl 9 July 2010, 15:32 Hoi,
Er ontbreken legitieme Windows bestanden. Deze zijn corrupt geraakt. Ook is een systeem bestand nog geinfecteerd. Mede door een niet geupdate versie van Windows wat je eigen keuze is geweest. We gaan het proberen te herstellen maar ik kan niks verzekeren.
Heb je de installatie cd van Win XP?
1.
Download SystemLook.exe (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe) en plaats het bestand op het Bureaublad.
Dubbelklik SystemLook.exe om het programma te starten.
In het venster dat opent kopieer je onderstaande code:
:filefind
wscntfy.exe
xmlprov.dll
Klik op de knop "Look" om de scan te activeren.
Als de scan klaar is opent een tekstbestand (SystemLook.txt).
Post de inhoud van in dit bestand.
2.
Doe een nieuwe scan met Combofix en post het logje met je volgende antwoord nadat de pc is herstart.
Succes,
Eveline. ;)
dogegg 10 July 2010, 00:30 Hallo Eveline,
Ik moet morgen voor mijn werk naar het buitenland en ben waarschijnlijk twee weken weg. Er komt van mijn kant dus ongeveer twee weken geen reactie; ik heb wel internet, maar kan niet bij de pc thuis waar ik de problemen mee heb. Zodra ik terug ben, neem ik weer contact op.
Dat Windows niet ge-updated is, is inderdaad mijn keuze. Ik ben aan het proberen om mijn programmatuur draaiende te krijgen in een Linux omgeving; als dat lukt, kan de programmatuur van de Windows pc af en kan ik Windows gaan bijwerken op die pc.
Ik heb de installatie CD van Windows XP.
Hierbij het resultaat van Systemlook:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:54 on 09/07/2010 by JG (Administrator - Elevation successful)
========== filefind ==========
Searching for "wscntfy.exe"
No files found.
Searching for "xmlprov.dll"
No files found.
-=End Of File=-
En de nieuwe log van Combofix:
ComboFix 10-07-08.02 - JG 09-07-2010 18:00:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.31.1043.18.1023.287 [GMT 2:00]
Gestart vanuit: c:\documents and settings\JG\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
Besmet exemplaar van c:\windows\system32\qmgr.dll werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ERDNT\cache\qmgr.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-09 to 2010-07-09 ))))))))))))))))))))))))))))))
.
2010-07-08 20:43 . 2010-07-08 20:43 388096 ----a-r- c:\documents and settings\JG\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-07 22:05 . 2010-07-07 22:05 -------- d-----w- c:\program files\Trend Micro
2010-07-02 15:20 . 2010-07-03 11:08 -------- d-----w- c:\documents and settings\JG\Local Settings\Application Data\Ahead
2010-07-02 15:18 . 2010-07-03 11:09 -------- d-----w- c:\documents and settings\JG\Application Data\Ahead
2010-07-02 15:11 . 2010-07-02 15:11 -------- d-----w- c:\program files\Nero
2010-07-02 15:11 . 2010-07-02 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-02 14:58 . 2010-07-09 15:57 -------- d--h--r- c:\documents and settings\JG\Onlangs geopend
2010-06-29 09:16 . 2010-06-29 09:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-06-29 09:16 . 2009-08-06 17:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2010-06-29 09:16 . 2009-08-06 17:24 209632 ----a-w- c:\windows\system32\wuweb.dll
2010-06-29 09:16 . 2009-08-06 17:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-06-29 09:16 . 2009-08-06 17:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-06-29 09:16 . 2004-08-03 12:04 169240 ----a-w- c:\windows\system32\wuauclt1.exe
2010-06-29 09:16 . 2004-08-03 12:00 187160 ----a-w- c:\windows\system32\wuaueng1.dll
2010-06-29 08:28 . 2010-06-29 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-06-29 08:26 . 2009-11-04 14:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-06-29 08:26 . 2009-11-04 14:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-29 08:26 . 2009-11-04 14:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-29 08:26 . 2009-07-16 10:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-29 08:25 . 2010-06-29 08:26 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-29 08:25 . 2010-06-29 08:25 -------- d-----w- c:\program files\McAfee.com
2010-06-29 08:25 . 2010-06-29 10:09 -------- d-----w- c:\program files\McAfee
2010-06-29 08:23 . 2009-11-04 14:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-06-22 21:17 . 2010-07-09 15:57 14937 ----a-w- c:\windows\system32\hpzlnt1x.dat
2010-06-22 21:17 . 2010-07-09 15:56 0 ----a-w- c:\windows\system32\wmvadod.dat
2010-06-22 21:17 . 2010-07-08 20:32 1464 ----a-w- c:\windows\system32\DANIRS.dat
2010-06-22 20:49 . 2010-07-09 16:07 6823 ----a-w- c:\windows\system32\mstext40.dat
2010-06-22 20:49 . 2010-07-09 16:07 3000 ----a-w- c:\windows\system32\rastahix.dat
2010-06-22 20:49 . 2010-07-09 16:06 0 ----a-w- c:\windows\system32\unrah.dat
2010-06-22 20:49 . 2010-07-09 15:54 314 ----a-w- c:\windows\system32\pifmgr.dat
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-09 15:59 . 2007-08-03 13:38 -------- d-----w- c:\documents and settings\JG\Application Data\uTorrent
2010-07-08 20:35 . 2002-09-11 12:00 442004 ----a-w- c:\windows\system32\perfh013.dat
2010-07-08 20:35 . 2002-09-11 12:00 69380 ----a-w- c:\windows\system32\perfc013.dat
2010-07-03 11:09 . 2005-07-14 16:20 -------- d-----w- c:\documents and settings\JG\Application Data\Media Player Classic
2010-07-02 15:11 . 2005-01-05 18:54 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-29 14:57 . 2004-12-21 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2010-06-29 14:57 . 2004-12-21 22:53 -------- d-----w- c:\program files\Network Associates
2010-06-29 11:26 . 2007-12-14 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-29 08:14 . 2005-05-05 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-29 08:04 . 2006-05-14 20:45 -------- d-----w- c:\program files\Common Files\Agnitum Shared
2010-06-23 07:46 . 2004-12-26 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-31 15:35 . 2010-05-13 21:06 -------- d-----w- c:\program files\Common Files\AVM
2010-05-28 18:41 . 2009-05-10 11:50 -------- d-----w- c:\documents and settings\JG\Application Data\Vso
2010-05-13 21:13 . 2010-05-13 21:12 -------- d-----w- c:\documents and settings\JG\Application Data\FRITZ!
2010-04-29 13:39 . 2009-06-16 21:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2008-07-02 20:05 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 14:00 . 2010-04-25 13:00 102 ----a-w- c:\documents and settings\All Users\Application Data\xlink.sys
2010-04-28 14:00 . 2010-04-25 13:00 102 ----a-w- c:\documents and settings\All Users\Application Data\xlink.sys
2006-05-03 10:06 . 2010-02-02 15:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-02 15:54 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-02 15:54 216064 --sh--r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[-] 2004-07-09 03:27 . A969E427AB2B64B00DFEE9E435D42F96 . 1689600 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll
c:\windows\System32\wscntfy.exe ... is niet aanwezig !!
c:\windows\System32\xmlprov.dll ... is niet aanwezig !!
.
((((((((((((((((((((((((((((( SnapShot@2010-07-08_20.35.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-09 16:06 . 2010-07-09 16:06 16384 c:\windows\Temp\Perflib_Perfdata_974.dat
+ 2004-12-20 21:10 . 2010-07-09 15:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
- 2004-12-20 21:10 . 2010-07-08 16:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2010-07-08 21:09 . 2010-07-09 15:02 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2010-07-08 20:43 . 2010-07-08 20:43 1094656 c:\windows\Installer\86ba8.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\pi fmgr]
@="{E437A482-7727-2F6B-8905-FFA92CD6A362}"
[HKEY_CLASSES_ROOT\CLSID\{E437A482-7727-2F6B-8905-FFA92CD6A362}]
2002-09-11 12:00 135168 ----a-w- c:\windows\system32\pifmgr.ocx
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"FreeRAM XP"="f:\freeram xp pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-11 13312]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
APC UPS Status.lnk - f:\apc\APC PowerChute Personal Edition\Display.exe [2007-6-8 221247]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^desktop.ini]
backup=c:\windows\pss\desktop.iniCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PlexTools Professional.lnk]
backup=c:\windows\pss\PlexTools Professional.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^JG^Menu Start^Programma's^Opstarten^Adobe Media Player.lnk]
path=c:\documents and settings\JG\Menu Start\Programma's\Opstarten\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^JG^Menu Start^Programma's^Opstarten^desktop.ini]
backup=c:\windows\pss\desktop.iniStartup
[HKLM\~\startupfolder\C:^Documents and Settings^JG^Menu Start^Programma's^Opstarten^PrevxCSI.lnk]
backup=c:\windows\pss\PrevxCSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-11 20:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-22 23:13 1591808 ----a-w- f:\freeram xp pro\FreeRAM XP Pro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 14:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 12:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- f:\malwarebytes' anti-malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2003-02-26 11:00 139347 ----a-w- c:\program files\Network Associates\Common Framework\UpdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2002-08-20 14:08 1511453 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2006-05-12 13:48 1122304 ----a-w- f:\norton ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-17 19:50 155648 ----a-w- f:\quicktime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-05-12 13:49 32768 ----a-w- f:\powerdvd\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"de_serv"=3 (0x3)
"AVM IGD CTRL Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
R0 iteraid;ITERAID_Service_Install;c:\windows\system3 2\drivers\iteraid.sys [19-10-2006 15:59 25067]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29-7-2004 4:33 138780]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [17-5-2006 23:02 10240]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIM ount.sys [29-7-2004 5:13 46779]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [29-6-2010 10:27 203280]
S3 cmudax;C-Media Azalia Audio Interface;c:\windows\system32\drivers\cmudax.sys [20-12-2004 23:36 1385664]
.
Inhoud van de 'Gedeelde Taken' map
2010-06-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-29 10:22]
2010-06-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-29 10:22]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
mSearch Bar =
uSearchAssistant =
uCustomizeSearch =
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\JG\Application Data\Mozilla\Firefox\Profiles\nw82v2st.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS - Nederlands
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: f:\acrobat 6.0\Reader\browser\nppdf32.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: f:\quicktime\Plugins\npqtplugin7.dll
FF - plugin: f:\realplayer\Netscape6\nppl3260.dll
FF - plugin: f:\realplayer\Netscape6\nprjplug.dll
FF - plugin: f:\realplayer\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
f:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
f:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
f:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
f:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 18:08
Windows 5.1.2600 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{207A142 2-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{210BD7C 7-47ED-BBE9-95D0F9FAA3BD0E97}\{C5D4C247-F1D1-D183-A63FC2DFAAC29AA3}\{B55B3474-A2E6-F6F7-4AD088E6434601A2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{238B46B 1-DB3F-FF9F-817885D113BABB65}\{C7A1A506-D491-606A-8FAD8C1E4DD81C50}\{5DBD0FCF-797E-7771-3B3D82FCE9F240F9}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3749AA9 5-0B95-97D6-573EA782D1087389}\{140D5DD1-4454-9D01-1A62C863EE2D72CA}\{AFBD57C5-0E25-C0E9-BB318052A3DC6730}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5C08228 6-DD56-6B96-110FABAC317C22E3}\{17077DA0-F2D9-EF48-DBC13F521337D931}\{A783887F-564D-BBBA-662193019693FEBC}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6394A16 B-F803-48C7-678A5F5C0D5AF33B}\{084FA269-25E9-EAF9-79282C5961DBAAF7}\{1F365BB6-4338-38B7-EE9F8ECE49C04569}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{729CD5E E-CFD4-2598-E99D0DF7791A50E3}\{F8FFDD05-44DF-5042-E601749BEB85FEB7}\{D29FFC2E-79FD-DC28-524A63CA31F9404E}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{90C9B22 7-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{959CDFD 9-242F-9381-450EBA075CF8D1EA}\{E4126DDE-B1CF-F46E-6FBC1229E79DA1E8}\{36374683-3A91-E5DA-C1D5F9EB3706FEB8}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A8A45CF 7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AF78690 2-5081-2756-12E9AFF5FE8C5591}\{5B784720-FD2D-0193-B8CD4993A91EC92D}\{3AAAA277-B786-78CA-52C7468A0DB889F6}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B223617 5-3D9F-05C6-8B4893E47EF3B357}\{715026F0-32B2-9A38-0A89C09A617BF317}\{121623C5-7E2D-B1BB-98FD332A06B7F4F2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B3455F6 4-548B-0908-FFB42C4F669AFFD9}\{E04CBF2B-DDF8-6F36-F86E7B68B327A5A0}\{8F880586-6EB1-6C7E-395499CAC607AA84}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B3A3A58 F-967E-A40A-C7DDFB524B0CDFB3}\{B28E8422-363F-1C4B-CC056478281B7FCE}\{569EFB20-10B3-C9F5-895B6A19B8852344}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B949B43 D-1810-C590-5BA3D3FB47E71A33}\{C4C70B00-DFFA-18F9-0AB85D5A53F53FFC}\{5A6DA99E-454A-644B-5884B00FD9434DA2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C53C8AF E-780B-A095-1875A9D39C824CF2}\{151E6624-94D7-6041-A2A26FFA6BDDEF0C}\{8D08884B-CD31-5FF0-CA8CAC497363EFC4}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CD33F05 B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DCB42C0 2-2C7E-50EC-E2B5A792F7765BFB}\{38286259-1A12-EDE0-84E2CD6A1D76E8F7}\{2C2658AF-F73E-73C6-89D45D0D6FCCCFF2}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E20DD46 F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,62,a1,75,
b1,11,49,c4,db,10,52,c7,6b,14,5f,91,74,d3,b1,d0,de ,31,d8,15,22,06,c0,cc,29,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(1764)
c:\windows\System32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll
- - - - - - - > 'lsass.exe'(1824)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(860)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\System32\msi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
f:\apc\APC PowerChute Personal Edition\mainserv.exe
f:\executive software\Diskeeper\DkService.exe
c:\windows\System32\GEARSec.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\McShield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
f:\norton ghost\Agent\PQV2iSvc.exe
c:\windows\System32\wdfmgr.exe
f:\webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
f:\apc\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-07-09 18:12:03 - machine werd herstart
ComboFix-quarantined-files.txt 2010-07-09 16:12
ComboFix2.txt 2010-07-08 20:39
Pre-Run: 2.680.934.400 bytes beschikbaar
Post-Run: 2.664.411.136 bytes beschikbaar
- - End Of File - - FA5278CBEA4B7E467E4C6628F05584D5
Met vriendelijke groet,
Dogegg
EvelineGirl 12 July 2010, 12:18 Hoi, :)
Prima ik zie je wel weer als je terug komt. Je mag dan alvast het volgende proberen.
1.
Pak je Wndows CDrom bij de hand, en stop deze in de Cdromspeler. Start nu je computer opnieuw op. Als het goed is zal hij nu vanaf de CDrom booten (zo niet; stel dan in je BIOS in dat bij de Boot Sequence, je cdromdrive op First Boot staat). Laat hem even uitratelen en druk op R. Je zult nu in een DOS achtige omgeving komen; toets daar het volgende in, gevolgd door een ENTER
CHKDSK /r
Dit kan veel tijd vergen maar het is belangrijk deze handeling niet te onderbreken!
Wanneer deze voltooid is mag je de cdrom eruit halen en opnieuw opstarten.
Laat me even weten hoe dit gegaan is voordat ik verdere instructies geef.
Succes,
Eveline. ;)
|
|