Ga naar inhoud

marky marc

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    76

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door marky marc

  1. marky marc
    kweezie rabbit, mbam verslagje van eergisteren was clean, gedraaid vanop usb-stick. Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4343 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/08/2010 22:29:14 mbam-log-2010-08-01 (22-29-14).txt Scantype: Volledige scan (C:\|) Objecten gescand: 218619 Verstreken tijd: 1 uur/uren, 28 minuut/minuten, 2 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  2. marky marc
    Ik had nog een versie van Hijack op mijn pc staan. hopelijk is deze nog update, anders zal ik wel een nieuwe downloaden en via usbstick werken. Mvg Marc Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:02:14, on 4/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://scarlet.extrafilm.be/ImageUploader4.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10205 bytes
  3. marky marc
    na constante popup problemen met melding dat iemand de startpagina wilde veranderen, heb ik combofix gedraaid die heeft een paar dingen gevonden. ik zal morgen eens kijken hoe ik de modem kan resetten; zou het kunnen dat mijn netwerkkaart stuk is omdat mijn draadloos internet nog wel werkt op mijn andere pc.
  4. marky marc
    beste moderators, Ik kan geen internetverbindng meer maken. Als ik mijn lanverbinding nakijk is deze wel verbonden met mijn firewall. Probleem zit op mijn desktop, met mijn laptop(draadloos) kan ik dan weer wel op internet. Modem al eens uitgeschakeld en ethernetdraad gecontroleerd, echter zonder resultaat. Als ik mijn Ip-adres opvraag, krijg ik geen. ipconfig sluit af, geeft geen adres. Iemand raad? alvast bedankt.
  5. marky marc
    hier rootkitrevealer logje, kreeg de scan niet in een filetje opgeslagen.
  6. marky marc
    Ik denk dat de link niet naar behoren werkt.
  7. marky marc
    De toestand is nog niet helemaal opgeklaard. Na heropstart in quarantaine afdeling van Mcafee gaan kijken en generic wordt nog steeds onderschept.
  8. marky marc
    Ik heb het verslagje ingekort want dat van de boonty games was enkele pagina's lang. Als je het volledig verslag wil zien zal ik het wel eens raren. Groetjes. ComboFix 10-06-18.03 - Marc 19/06/2010 19:05:12.18.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.809 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\documents and settings\All Users\Application Data\6pq0BV.dat" "c:\windows\system32\drivers\ethhpxtw.sys" "c:\windows\system32\JhD00NrB.dll" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\7bfc1e3994985516f0a3765a c:\7bfc1e3994985516f0a3765a\amd64\filterpipelineprintproc.dll c:\7bfc1e3994985516f0a3765a\amd64\msxpsdrv.cat c:\7bfc1e3994985516f0a3765a\amd64\msxpsdrv.inf c:\7bfc1e3994985516f0a3765a\amd64\msxpsinc.gpd c:\7bfc1e3994985516f0a3765a\amd64\msxpsinc.ppd c:\7bfc1e3994985516f0a3765a\amd64\mxdwdrv.dll c:\7bfc1e3994985516f0a3765a\amd64\xpssvcs.dll c:\7bfc1e3994985516f0a3765a\i386\filterpipelineprintproc.dll c:\7bfc1e3994985516f0a3765a\i386\msxpsdrv.cat c:\7bfc1e3994985516f0a3765a\i386\msxpsdrv.inf c:\7bfc1e3994985516f0a3765a\i386\msxpsinc.gpd c:\7bfc1e3994985516f0a3765a\i386\msxpsinc.ppd c:\7bfc1e3994985516f0a3765a\i386\mxdwdrv.dll c:\7bfc1e3994985516f0a3765a\i386\xpssvcs.dll c:\documents and settings\All Users\Application Data\6pq0BV.dat c:\program files\BoontyGames c:\program files\BoontyGames\Components\bureau.url c:\program files\BoontyGames\Components\Joystick.ico c:\program files\BoontyGames\Components\start.url c:\program files\BoontyGames\pokersuperstars2{235914}.exe c:\program files\BoontyGames\Ultimate Mahjong\backgrounds\_default.jpg c:\progr c:\program files\BoontyGames\Ultimate Mahjong\tilesets\realistic.ts c:\program files\BoontyGames\Ultimate Mahjong\tilesets\TEMPLATE c:\program files\BoontyGames\Ultimate Mahjong\unins000.dat c:\program files\BoontyGames\Ultimate Mahjong\unins000.exe c:\program files\BoontyGames\Ultimate Mahjong\website.url c:\windows\system32\drivers\ethhpxtw.sys c:\windows\system32\JhD00NrB.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ethhpxtw (((((((((((((((((((( Bestanden Gemaakt van 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))) . 2010-06-18 15:09 . 2010-06-18 15:09 388096 ----a-r- c:\documents and settings\Marc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-16 12:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-16 12:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-14 14:45 . 2010-06-14 14:45 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\Citrix 2010-06-11 13:32 . 2010-06-11 15:26 -------- d-----w- c:\documents and settings\Marc\DoctorWeb 2010-06-04 17:53 . 2010-06-04 17:53 503808 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\msvcp71.dll 2010-06-04 17:53 . 2010-06-04 17:53 61440 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46c7c7c1-n\decora-sse.dll 2010-06-04 17:53 . 2010-06-04 17:53 499712 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\jmc.dll 2010-06-04 17:53 . 2010-06-04 17:53 348160 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\msvcr71.dll 2010-06-04 17:53 . 2010-06-04 17:53 12800 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46c7c7c1-n\decora-d3d.dll 2010-06-04 17:53 . 2010-06-04 17:52 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-03 18:20 . 2010-06-03 18:20 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\oespxrnvk 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\windows\system32\siscardplugins 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\windows\system32\beidpp 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\program files\Belgium Identity Card 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\program files\MSBuild 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\program files\Reference Assemblies 2010-05-21 12:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-21 12:14 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-21 12:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-21 12:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-21 12:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-21 12:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-21 12:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-21 12:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-21 12:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-19 15:31 . 2010-05-05 18:14 -------- d-----w- c:\program files\QuickTime 2010-06-18 14:33 . 2009-11-24 10:29 -------- d-----w- c:\program files\Everest Poker 2010-06-17 09:13 . 2008-04-21 13:32 -------- d-----w- c:\documents and settings\Marc\Application Data\OpenOffice.org2 2010-06-17 09:11 . 2008-04-21 13:35 1 ----a-w- c:\documents and settings\Marc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-06-16 12:13 . 2010-04-27 14:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-15 17:16 . 2007-03-21 14:42 -------- d-----w- c:\program files\McAfee 2010-06-13 11:09 . 2008-10-22 17:04 -------- d-----w- c:\program files\USD 2010-06-12 18:26 . 2006-12-15 13:58 -------- d-----w- c:\program files\Belgacom 2010-06-12 18:24 . 2006-12-19 12:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-06-12 18:24 . 2006-01-05 14:24 -------- d-----w- c:\program files\support.com 2010-06-12 18:18 . 2005-12-15 01:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-12 18:18 . 2006-12-25 13:19 -------- d-----w- c:\program files\Ubisoft 2010-06-12 08:43 . 2010-05-14 18:41 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll 2010-06-12 08:43 . 2009-03-30 16:31 300384 ----a-w- c:\documents and settings\Marc\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-06-08 09:30 . 2007-07-11 09:12 -------- d-----w- c:\program files\CCleaner 2010-06-04 17:53 . 2005-12-15 01:44 -------- d-----w- c:\program files\Common Files\Java 2010-06-04 17:52 . 2005-12-15 01:44 -------- d-----w- c:\program files\Java 2010-06-03 18:19 . 2004-09-14 08:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-06-02 10:06 . 2006-06-14 09:53 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys 2010-05-22 12:14 . 2004-09-14 08:38 91518 ----a-w- c:\windows\system32\perfc013.dat 2010-05-22 12:14 . 2004-09-14 08:38 510428 ----a-w- c:\windows\system32\perfh013.dat 2010-05-21 17:52 . 2006-01-05 16:03 42080 ----a-w- c:\documents and settings\Marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-20 11:30 . 2010-05-20 11:30 -------- d-----w- c:\program files\SunnyDesign 2010-05-17 19:53 . 2010-05-17 19:53 942960 ----a-w- c:\documents and settings\Marc\Local Settings\Application Data\MvtApp.exe 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\Marc\Application Data\Sunbelt 2010-05-12 13:21 . 2010-05-12 13:21 -------- d-----w- c:\program files\Sunbelt Software 2010-05-03 14:17 . 2010-01-08 09:45 -------- d-----w- c:\program files\iTunes 2010-05-01 10:52 . 2005-12-15 01:52 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-01 09:57 . 2005-12-15 01:52 -------- d-----w- c:\program files\Sonic 2010-04-30 09:48 . 2010-04-30 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-27 14:19 . 2010-04-27 14:19 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-08 12:15 . 2010-04-08 12:15 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2006-11-08 15:01 . 2006-11-08 15:01 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/12/2008 13:14 10384] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/12/2008 14:04 210216] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 17:26 135664] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 0:54 10664] . Inhoud van de 'Gedeelde Taken' map 2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2009-08-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe Trusted Zone: dexia.be\directnet Trusted Zone: internet Trusted Zone: mcafee.com . - - - - ORPHANS VERWIJDERD - - - - AddRemove-{8F1B8EDD-3331-4A96-9A76-D99337485813}_is1 - c:\program files\BoontyGames\Ultimate Mahjong\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-19 19:23 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86577EC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7695f28 \Driver\ACPI -> ACPI.sys @ 0xf7527cb8 \Driver\atapi -> atapi.sys @ 0xf74df852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,69,ba,e7,f8,7c,31,49,a3,08,b5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,69,ba,e7,f8,7c,31,49,a3,08,b5,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2776) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\System32\SCardSvr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\McAfee\MSK\MskSrver.exe c:\windows\system32\HPZipm12.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Voltooingstijd: 2010-06-19 19:32:24 - machine werd herstart ComboFix-quarantined-files.txt 2010-06-19 17:32 ComboFix2.txt 2010-06-19 15:40 ComboFix3.txt 2010-06-08 09:13 Pre-Run: 27.758.252.032 bytes beschikbaar Post-Run: 26.772.697.088 bytes beschikbaar - - End Of File - - E74C3A4F003F23BD0455BDE43217F2F9
  9. marky marc
    Nieuwe ontwikkelingen aan het front. Kreeg dezelfde problemen als bij vorige besmetting. Nieuwe combfix laten draaien. Niet simpel geweest. zie log. ComboFix 10-06-18.03 - Marc 19/06/2010 17:18:01.17.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.806 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Marc\Bureaublad\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\20654nm2.exe c:\documents and settings\Marc\GoToAssistDownloadHelper.exe c:\program files\McAfee.com\Agent\mcagent.exe c:\program files\QuickTime\qttask.exe c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At49.job c:\windows\Tasks\At5.job c:\windows\Tasks\At50.job c:\windows\Tasks\At51.job c:\windows\Tasks\At52.job c:\windows\Tasks\At53.job c:\windows\Tasks\At54.job c:\windows\Tasks\At55.job c:\windows\Tasks\At56.job c:\windows\Tasks\At57.job c:\windows\Tasks\At58.job c:\windows\Tasks\At59.job c:\windows\Tasks\At6.job c:\windows\Tasks\At60.job c:\windows\Tasks\At61.job c:\windows\Tasks\At62.job c:\windows\Tasks\At63.job c:\windows\Tasks\At64.job c:\windows\Tasks\At65.job c:\windows\Tasks\At66.job c:\windows\Tasks\At67.job c:\windows\Tasks\At68.job c:\windows\Tasks\At69.job c:\windows\Tasks\At7.job c:\windows\Tasks\At70.job c:\windows\Tasks\At71.job c:\windows\Tasks\At72.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job <pre> c:\program files\McAfee.com\Agent\mcagent .exe ---^> c:\program files\McAfee.com\Agent\mcagent.exe c:\program files\QuickTime\qttask .exe ---^> c:\program files\QuickTime\qttask.exe </pre> . Besmet exemplaar van c:\windows\system32\kernel32.dll werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ERDNT\cache\kernel32.dll . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))) . 2010-06-19 12:57 . 2010-06-19 12:57 45056 ----a-w- c:\windows\system32\JhD00NrB.dll 2010-06-18 15:09 . 2010-06-18 15:09 388096 ----a-r- c:\documents and settings\Marc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-06-16 12:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-16 12:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-14 14:45 . 2010-06-14 14:45 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\Citrix 2010-06-11 13:32 . 2010-06-11 15:26 -------- d-----w- c:\documents and settings\Marc\DoctorWeb 2010-06-07 12:29 . 2010-06-07 12:29 140288 ----a-w- c:\windows\system32\drivers\ethhpxtw.sys 2010-06-04 17:53 . 2010-06-04 17:53 503808 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\msvcp71.dll 2010-06-04 17:53 . 2010-06-04 17:53 61440 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46c7c7c1-n\decora-sse.dll 2010-06-04 17:53 . 2010-06-04 17:53 499712 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\jmc.dll 2010-06-04 17:53 . 2010-06-04 17:53 348160 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\msvcr71.dll 2010-06-04 17:53 . 2010-06-04 17:53 12800 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46c7c7c1-n\decora-d3d.dll 2010-06-04 17:53 . 2010-06-04 17:52 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-03 18:20 . 2010-06-03 18:20 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\oespxrnvk 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\windows\system32\siscardplugins 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\windows\system32\beidpp 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\program files\Belgium Identity Card 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\program files\MSBuild 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\program files\Reference Assemblies 2010-05-21 12:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-21 12:14 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-21 12:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-21 12:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-21 12:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-21 12:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-21 12:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-21 12:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-21 12:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-05-21 12:14 . 2010-05-21 12:14 -------- d-----w- C:\7bfc1e3994985516f0a3765a . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-19 15:31 . 2010-05-05 18:14 -------- d-----w- c:\program files\QuickTime 2010-06-19 13:03 . 2010-05-01 08:34 112 ----a-w- c:\documents and settings\All Users\Application Data\6pq0BV.dat 2010-06-18 14:33 . 2009-11-24 10:29 -------- d-----w- c:\program files\Everest Poker 2010-06-17 09:13 . 2008-04-21 13:32 -------- d-----w- c:\documents and settings\Marc\Application Data\OpenOffice.org2 2010-06-17 09:11 . 2008-04-21 13:35 1 ----a-w- c:\documents and settings\Marc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-06-16 12:13 . 2010-04-27 14:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-15 17:16 . 2007-03-21 14:42 -------- d-----w- c:\program files\McAfee 2010-06-13 11:09 . 2008-10-22 17:04 -------- d-----w- c:\program files\USD 2010-06-12 18:27 . 2006-01-07 10:28 -------- d-----w- c:\program files\BoontyGames 2010-06-12 18:26 . 2006-12-15 13:58 -------- d-----w- c:\program files\Belgacom 2010-06-12 18:24 . 2006-12-19 12:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-06-12 18:24 . 2006-01-05 14:24 -------- d-----w- c:\program files\support.com 2010-06-12 18:18 . 2005-12-15 01:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-12 18:18 . 2006-12-25 13:19 -------- d-----w- c:\program files\Ubisoft 2010-06-12 08:43 . 2010-05-14 18:41 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll 2010-06-12 08:43 . 2009-03-30 16:31 300384 ----a-w- c:\documents and settings\Marc\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-06-08 09:30 . 2007-07-11 09:12 -------- d-----w- c:\program files\CCleaner 2010-06-04 17:53 . 2005-12-15 01:44 -------- d-----w- c:\program files\Common Files\Java 2010-06-04 17:52 . 2005-12-15 01:44 -------- d-----w- c:\program files\Java 2010-06-03 18:19 . 2004-09-14 08:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-06-02 10:06 . 2006-06-14 09:53 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys 2010-05-22 12:14 . 2004-09-14 08:38 91518 ----a-w- c:\windows\system32\perfc013.dat 2010-05-22 12:14 . 2004-09-14 08:38 510428 ----a-w- c:\windows\system32\perfh013.dat 2010-05-21 17:52 . 2006-01-05 16:03 42080 ----a-w- c:\documents and settings\Marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-20 11:30 . 2010-05-20 11:30 -------- d-----w- c:\program files\SunnyDesign 2010-05-17 19:53 . 2010-05-17 19:53 942960 ----a-w- c:\documents and settings\Marc\Local Settings\Application Data\MvtApp.exe 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\Marc\Application Data\Sunbelt 2010-05-12 13:21 . 2010-05-12 13:21 -------- d-----w- c:\program files\Sunbelt Software 2010-05-03 14:17 . 2010-01-08 09:45 -------- d-----w- c:\program files\iTunes 2010-05-01 10:52 . 2005-12-15 01:52 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-01 09:57 . 2005-12-15 01:52 -------- d-----w- c:\program files\Sonic 2010-04-30 09:48 . 2010-04-30 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-27 14:19 . 2010-04-27 14:19 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-08 12:15 . 2010-04-08 12:15 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2006-11-08 15:01 . 2006-11-08 15:01 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A}] 2010-06-19 12:57 45056 ----a-w- c:\windows\system32\JhD00NrB.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/12/2008 13:14 10384] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/12/2008 14:04 210216] S1 ethhpxtw;ethhpxtw;c:\windows\system32\drivers\ethhpxtw.sys [7/06/2010 14:29 140288] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 17:26 135664] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 0:54 10664] . Inhoud van de 'Gedeelde Taken' map 2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2009-08-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe Trusted Zone: dexia.be\directnet Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-19 17:32 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x867CAEC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7656f28 \Driver\ACPI -> ACPI.sys @ 0xf74e8cb8 \Driver\atapi -> atapi.sys @ 0xf74a0852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 user & kernel MBR OK ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,69,ba,e7,f8,7c,31,49,a3,08,b5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,69,ba,e7,f8,7c,31,49,a3,08,b5,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(3544) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\McAfee\MSK\MskSrver.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2010-06-19 17:40:10 - machine werd herstart ComboFix-quarantined-files.txt 2010-06-19 15:40 ComboFix2.txt 2010-06-08 09:13 Pre-Run: 27.483.381.760 bytes beschikbaar Post-Run: 26.692.145.152 bytes beschikbaar - - End Of File - - E6C319A2A1455F70C66D4F7532919753
  10. marky marc
    Bij mcafeesecurity.com staat het genoteerd als trojan maar met gering risico . Ondekt op 13/06 en er bestaat een dat. file om het te verwijderen maar deze is nog niet beschikbaar voor de "kleine" betaler. Zal eerdaags misschien in een update zitten. Even wachten maar.
  11. marky marc
    Niks gevonden in Svchost.exe door de verschillende scanners. Even een verslagje van de chat met mcafee. Mannen zijn goed bezig daar. Is niet erg. Virus Profile: Generic Downloader.x!dzbGoToAssist (17:21:27): Uw Agent is aangekomen. Klant (17:21:44): goede middag, Klant (17:22:03): mijn internet verbinding was even onderbroken. Galya (17:22:47): Goededag! Bedankt dat u contact heeft opgenomen met de McAfee Ondersteuning. Uw Serviceverzoeknummer is: 517874230 Een ogenblik alstublieft, ik zal uw account controleren. Galya (17:24:33): We hebben net gesproken Klant (17:25:44): ja , mijn internet was even onderbroken, pc heropgestart en mijn eerste melding in de quarnataine afdeling is generic downloader.x!dzb . Klant (17:26:26): artemis meldingen uit de qaurantaine verwijderd. Galya (17:27:14): Als u geenmogelijkheid heeft dit programma zelf te verwijderen kunt u het gewoon daar laten blijven Galya (17:27:28): Het programma kan niet de pc infecteren Galya (17:27:41): en het is ook geen virus , maar ongewenste programma Klant (17:28:15): welke mogelijkheden bestaan er om het te verwijderen ? Galya (17:28:54): Welke ziet u als u de quarantaine opent en het programma markeert Klant (17:30:13): herstellen / verwijderen / verzenden. Kan deze verwijderen maar na 10 minuten staat hij er opnieuw ! Elke 10 minuten gestart vanop een andere temp. Galya (17:30:58): In dit geval kunt u het programma daar laten blijven Galya (17:31:04): Kan ik u nog ergens mee van dienst zijn? Klant (17:32:30): blijkbaar niet . Moet ik elke dag mijn quarantaine leegmaken + temp folder ? Galya (17:34:05): Nee, niet nodig Klant (17:34:18): OK. Prettige dag nog . Galya (17:34:43): Ik wil u nogmaals bedanken voor het contact met McAfee. Als u verder geen vragen meer heeft dan mag u deze chatsessie beeindigen. Ik wens u nog een prettige dag verder.
  12. marky marc
    Hallo , ik moet nog starten met scannen maar de naam van artemis is al veranderd door mcafee in generic downloader.x!dzb. Enkel ter info want het probleem is identiek. Mvg
  13. marky marc
    vipre kan het probleem ook niet oplossen. Heeft nog wel een paar cookies gevonden maar niet de artemis starter.
  14. marky marc
    Dr web nog eens laten scannen met de quarantaine leeggemaakt. Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1132;;BackDoor.Tdss.565;Uitgeroeid.; 7da6cb512bb0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da6cb512bb0.bup;Trojan.DownLoader1.11282;; 7da6cb512bb0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Container contains infected objects;Verplaatst.; selecteren kan ik niet aanduiden zie img .
  15. marky marc
    pc wilde in eerste instantie niet heropstarten. Problemen nog niet van de baan. Krijg nog altijd pop ups. zie logje ook. Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1060;;BackDoor.Tdss.565;Uitgeroeid.; crack.exe;C:\Documents and Settings\Marc\Mijn documenten\Mijn muziek\My Playlists\vlc-player\VLC media player-0.8.6c + 25 Skins;Trojan.PWS.Banker.26884;Verwijderd.;
  16. marky marc
    Dr Web heeft 2 dingen gevonden na snelle analyse. Wat moet ik doen nadat ik alles uitgevoerdheb na F9, nog eens een analyse of afsluiten ?? "Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware: Adware: Verplaats Dialers: Verplaats Jokes: Rapportage Riskware: Rapportage Hacktools: Verplaats Haal dan het vinkje weg bij 'Prompt bij actie'. [*]Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse. " En dan scannen ??
  17. marky marc
    Op jou vraag heb ik geprobeerd om de map c:\windows\temp leeg te maken. Dit ging niet volledig omdat sommige programma's in gebruik waren. Deze programma's heb ik in mijn vorige mail willen tonen. De file okjw.tmp was maar een voorbeeld van wat mcafee om de 10 minuten onderschept en wat overblijft is een lege map die in window\temp opgeslagen wordt (zie bijlage). De naam van de .tmp veranderd constant , het is niet dat telkens okjw.tmp wordt onderschept. Kaspersky vind geen bedreigingen op mijn pc.
  18. marky marc
    sommige temps zijn in gebruik en konden niet verwijderd worden.
  19. marky marc
    Kaspersky heeft een muis gebaard, ook niks gevonden bij een volledige scan. Even laten zien wat mcafee tegenhoudt, melding afgezet. Grtz.
  20. marky marc
    in critical areas en in folders niks gevonden. Totale duur van de scan 5 uur. Nu gestart met volledige scan maar ik twijfel dat kapersky iets gaat vinden. svchost.exe virus ??
  21. marky marc
    Wat ook niet normaal is dat er elke 10 minuten Mcafee waarschuwing geeft dat hij een virus heeft tegenhouden nl. Artemis!F2506AED1E67 in C:\windows\temp\.......\svchost.exe en proces C:\windows\system32\svchost.exe . Nog een vermelding is dat mcafee gewag maakt van een cash-cashdialer. Deze telkens laat verwijderen maar de volgende dag terug aanwezig is. Kan misschien van everest poker komen ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:26:51, on 9/06/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\PROGRA~1\McAfee\MSC\McLgView.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Cool Devices That Fit Your Lifestyle R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://scarlet.extrafilm.be/ImageUploader4.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 10656 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4177 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/06/2010 15:58:27 mbam-log-2010-06-08 (15-58-27).txt Scantype: Volledige scan (C:\|) Objecten gescand: 216371 Verstreken tijd: 2 uur/uren, 22 minuut/minuten, 48 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  22. marky marc
    alles uitgevoerd zoals gevraagd. Voordat ik systeemherstel had uitgevinkt , kreeg ik bij het surfen nog popups en een melding dat mijn pc bedreigd is. ?? Kan het ook aan de browser (IE8) liggen dat ik popups krijg ?
  23. marky marc
    toch raar dat combofix nu ook nog eens de antimaldoctor verwijderd. Ik dacht dat malwarebytes dit al gedaan had. Grtz.
  24. marky marc
    Hallo, combofix in veilige modus moeten draaien want ik krijg altijd een foutmelding dat er iets verkeerd was en windows werd afgesloten. ComboFix 10-06-05.03 - Marc 06/06/2010 17:13:27.15.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.718 [GMT 2:00] Gestart vanuit: c:\documents and settings\Marc\Bureaublad\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Marc\Application Data\25CA06116699EEC40ECD2745939A9922 c:\documents and settings\Marc\Application Data\25CA06116699EEC40ECD2745939A9922\enemies-names.txt c:\documents and settings\Marc\Application Data\25CA06116699EEC40ECD2745939A9922\local.ini c:\documents and settings\Marc\Menu Start\Programma's\Antimalware Doctor c:\documents and settings\Marc\Menu Start\Programma's\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Marc\Menu Start\Programma's\Antimalware Doctor\Uninstall.lnk . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))) . 2010-06-04 17:53 . 2010-06-04 17:53 503808 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\msvcp71.dll 2010-06-04 17:53 . 2010-06-04 17:53 61440 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46c7c7c1-n\decora-sse.dll 2010-06-04 17:53 . 2010-06-04 17:53 499712 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\jmc.dll 2010-06-04 17:53 . 2010-06-04 17:53 348160 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6e4ec1e2-n\msvcr71.dll 2010-06-04 17:53 . 2010-06-04 17:53 12800 ----a-w- c:\documents and settings\Marc\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-46c7c7c1-n\decora-d3d.dll 2010-06-04 17:53 . 2010-06-04 17:52 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-03 18:20 . 2010-06-03 18:20 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\oespxrnvk 2010-06-03 18:20 . 2010-06-03 18:20 -------- d-----w- c:\documents and settings\Marc\Application Data\Sky-Banners 2010-06-03 18:20 . 2010-06-03 18:20 -------- d-----w- c:\documents and settings\Marc\Application Data\Street-Ads 2010-06-03 18:19 . 2010-06-03 18:19 50981 ----a-w- c:\windows\system32\tqooijnjjnhcj.exe 2010-06-03 18:18 . 2010-06-03 18:18 -------- d-----w- c:\program files\$NtUninstallWTF1012$ 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\windows\system32\siscardplugins 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\windows\system32\beidpp 2010-06-02 10:07 . 2010-06-02 10:07 -------- d-----w- c:\program files\Belgium Identity Card 2010-05-24 16:31 . 2010-05-24 16:31 40633 ----a-w- c:\windows\system32\ucllhied.exe 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\program files\MSBuild 2010-05-21 12:15 . 2010-05-21 12:15 -------- d-----w- c:\program files\Reference Assemblies 2010-05-21 12:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-21 12:14 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-21 12:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-21 12:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-21 12:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-21 12:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-21 12:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-21 12:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-21 12:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-05-21 12:14 . 2010-05-21 12:14 -------- d-----w- C:\7bfc1e3994985516f0a3765a 2010-05-20 11:30 . 2010-05-20 11:30 -------- d-----w- c:\program files\SunnyDesign 2010-05-20 11:30 . 2010-05-20 11:30 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\SMA 2010-05-19 13:32 . 2008-04-14 17:03 33792 ----a-w- c:\windows\system32\rundll32.exe 2010-05-19 13:32 . 2008-04-14 17:03 33792 ----a-w- c:\windows\system32\dllcache\rundll32.exe 2010-05-14 18:41 . 2010-05-14 18:41 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll 2010-05-14 18:04 . 2010-05-14 18:04 -------- d-----w- c:\windows\system32\wbem\Repository 2010-05-14 17:38 . 2010-05-14 18:00 -------- d-----w- C:\ComboFix(2) 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2010-05-12 13:23 . 2010-05-12 13:23 -------- d-----w- c:\documents and settings\Marc\Application Data\Sunbelt 2010-05-12 13:21 . 2010-05-12 13:21 -------- d-----w- c:\program files\Sunbelt Software . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-05 13:36 . 2008-04-21 13:35 1 ----a-w- c:\documents and settings\Marc\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-06-05 13:35 . 2008-04-21 13:32 -------- d-----w- c:\documents and settings\Marc\Application Data\OpenOffice.org2 2010-06-04 17:53 . 2005-12-15 01:44 -------- d-----w- c:\program files\Common Files\Java 2010-06-04 17:52 . 2005-12-15 01:44 -------- d-----w- c:\program files\Java 2010-06-03 18:19 . 2004-09-14 08:38 182656 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-06-03 14:11 . 2009-11-24 10:29 -------- d-----w- c:\program files\Everest Poker 2010-06-03 14:07 . 2008-10-22 17:04 -------- d-----w- c:\program files\USD 2010-06-02 10:06 . 2006-06-14 09:53 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys 2010-05-22 12:14 . 2004-09-14 08:38 91518 ----a-w- c:\windows\system32\perfc013.dat 2010-05-22 12:14 . 2004-09-14 08:38 510428 ----a-w- c:\windows\system32\perfh013.dat 2010-05-21 17:52 . 2006-01-05 16:03 42080 ----a-w- c:\documents and settings\Marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-20 10:09 . 2006-12-19 12:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-14 18:41 . 2009-03-30 16:31 300384 ----a-w- c:\documents and settings\Marc\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-05-12 13:26 . 2010-05-01 08:34 112 ----a-w- c:\documents and settings\All Users\Application Data\6pq0BV.dat 2010-05-05 18:15 . 2010-05-05 18:14 -------- d-----w- c:\program files\QuickTime 2010-05-03 14:17 . 2010-01-08 09:45 -------- d-----w- c:\program files\iTunes 2010-05-01 10:52 . 2005-12-15 01:52 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-05-01 09:57 . 2005-12-15 01:52 -------- d-----w- c:\program files\Sonic 2010-05-01 09:01 . 2010-05-01 09:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2010-04-30 10:56 . 2010-04-27 14:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-30 09:48 . 2010-04-30 09:48 388096 ----a-r- c:\documents and settings\Marc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-30 09:48 . 2010-04-30 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-29 13:39 . 2010-04-27 14:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2010-04-27 14:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 18:13 . 2007-03-21 14:42 -------- d-----w- c:\program files\McAfee 2010-04-27 14:19 . 2010-04-27 14:19 -------- d-----w- c:\documents and settings\Marc\Application Data\Malwarebytes 2010-04-27 14:18 . 2010-04-27 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-11 15:47 . 2009-11-28 17:35 -------- d-----w- c:\program files\PokerStars 2010-04-09 14:44 . 2010-04-08 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-04-08 12:15 . 2010-04-08 12:15 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-03-10 06:17 . 2004-09-14 08:38 420352 ----a-w- c:\windows\system32\vbscript.dll 2006-11-08 15:01 . 2006-11-08 15:01 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\frd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2010 17:26 135664] S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/12/2008 13:14 10384] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13/12/2008 14:04 210216] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29/08/2006 0:54 10664] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - LBEEPKE . Inhoud van de 'Gedeelde Taken' map 2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:26] 2009-08-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-03-21 10:22] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe Trusted Zone: dexia.be\directnet Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-06 17:23 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(216) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Voltooingstijd: 2010-06-06 17:27:06 ComboFix-quarantined-files.txt 2010-06-06 15:27 ComboFix2.txt 2010-05-14 18:21 Pre-Run: 23.408.308.224 bytes beschikbaar Post-Run: 23.528.525.824 bytes beschikbaar - - End Of File - - 55FE0E174A1DE0D2FD135561728FD9A9
  25. marky marc
    Misschien wel kape, maar toch nog even een rapportje tonen van mijn malware na update. snelle scan ben nu nog eens volledig aan het scannen. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4170 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/06/2010 17:37:34 mbam-log-2010-06-05 (17-37-34).txt Scantype: Snelle scan Objecten gescand: 129130 Verstreken tijd: 13 minuut/minuten, 49 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 5 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 6 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Documents and Settings\Marc\Local Settings\temp\wgvyd.exe (Rogue.AntispywareSoft) -> Quarantined and deleted successfully. C:\Documents and Settings\Marc\Local Settings\temp\Ov0.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Marc\Local Settings\temp\Ov1.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Marc\Local Settings\temp\Ovz.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\WINDOWS\Opolaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.