sunbreeze
Lid-
Items
12 -
Registratiedatum
-
Laatst bezocht
sunbreeze's prestaties
-
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
uitgevoerd en alles draait weer als een zonnetje bij deze kan het topic als opgelost worden gemarkeerd. nogmaals super bedankt voor de snelle en professionele hulp!!!! met vriendelijk groet, ~sun~ -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
na dit uitgevoerd te hebben en de pc te hebben gereboot werkt alles nu weer normaal!!! ik zie nergens meer de doctor langs komen super bedankt voor de fantastische hulp!! zijn er nog acties die ik nu moet uitvoeren om dit in de toekomst te voorkomen? mvg, sun -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
ik heb een rescan gedaan echter was de sleutel die u opgaf niet meer te vinden hierbij een nieuw HJT en MBAM logje Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4599 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 14-9-2010 16:48:59 mbam-log-2010-09-14 (16-48-59).txt Scan type: Quick scan Objects scanned: 149770 Time elapsed: 2 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:52:35, on 14-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Documents and Settings\astrid\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 6361 bytes mvg, sun -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
ik heb eerst MBAM gedraaid onder het probleem account hieronder de log: Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4599 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 14-9-2010 16:42:37 mbam-log-2010-09-14 (16-42-37).txt Scan type: Quick scan Objects scanned: 149917 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 6 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 17 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hglvtvhw (Rogue.SecuritySuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\62845110 (Rogue.SecurityTool) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\12601581 (Rogue.SecurityTool) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\admdennis\Application Data\A66260502908F60D3D72125B10F83401\mediafix70700en02.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Application Data\bgurggpkl\lalqtqcuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Application Data\62845110.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Application Data\12601581.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Application Data\ohydy.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Temp\1CF.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Temp\1D1.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Temp\1D3.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Temp\tpcuqc.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Temp\waecnsorxm.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Bureaublad\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Menu Start\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Menu Start\Programma's\Opstarten\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\admdennis\Local Settings\Temp\Rw2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. en tevens een HJT onder dit account gedraaid: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:50:03, on 14-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\astrid\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 6603 bytes lijkt er dus op dat de problemen onder meerdere user accounts voorkomt. mvg, sun -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
Beste Kape, Ik heb de acties uitgevoerd die je beschreef. bij msconfig tab opstarten staat niets meer wat verwijst naar antimalware doctor bij het zoeken in het register op antimalware of doctor komt er ook niets terug alleen bij het zoeken naar 70700 krijg ik onderstaande hits: HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Battery\Presets\dandelionaid\PostShiftInfo\0\dbl5 met waarde 0.7027070033364 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\lastkey met waarde Deze computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppPatches\SETUP\ff060102564ee6000407b0670700 de problemen zijn echter als ik onder mijn normale account inlog nog steeds aanwezig (dit account heeft ook administrator rechten) moet ik de zelfde acties van HJT en MBAM nog een keer onder dat account uitvoeren of wordt alles schoongepoetst onder welk account je het dan ook uitvoert? alvast super bedankt voor de hulp! mvg, sun -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
zodra ik de pc normaal windows laat starten en inlog op mijn normale account krijg ik direct weer de doctor te voorschijn en kan ik weer geen enkele applicatie openen. in veilige modus heb ik echter totaal geen sporen van de doctor gevonden. mvgr, sun -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
uitgevoerd en hierbij weer een nieuwe log: ComboFix 10-09-12.04 - Administrator 13-09-2010 22:58:46.2.4 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.3320.3018 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FILE :: "c:\windows\Rpufia.exe" "c:\windows\Rpufib.exe" "c:\windows\system32\drivers\rbxocw.sys" "c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000002-80651102}.dat" "c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000002-80651102}.dat" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Rpufia.exe c:\windows\Rpufib.exe c:\windows\system32\drivers\rbxocw.sys c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000002-80651102}.dat c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000002-80651102}.dat c:\windows\system32\winlogon.exe . . . is geïnfecteerd!! c:\windows\explorer.exe . . . is geïnfecteerd!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RBXOCW -------\Service_rbxocw (((((((((((((((((((( Bestanden Gemaakt van 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))) . 2010-09-13 18:58 . 2010-09-13 18:58 -------- d-s---w- c:\documents and settings\Administrator\UserData 2010-09-13 16:36 . 2010-09-13 16:36 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-09-12 09:28 . 2010-09-12 09:28 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-12 08:15 . 2010-09-12 08:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\ChessBase 2010-09-12 08:15 . 2010-09-12 08:15 55024 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-12 08:15 . 2010-09-12 08:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ChessBase 2010-09-12 07:14 . 2010-09-12 07:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-09-12 07:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-12 07:13 . 2010-09-12 07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-12 07:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-11 12:02 . 2009-07-18 21:55 -------- d--h--w- c:\documents and settings\Administrator\Netwerkprinteromgeving 2010-09-11 12:02 . 2009-07-18 21:55 -------- d-----r- c:\documents and settings\Administrator\Menu Start 2010-09-11 12:02 . 2009-07-18 20:00 -------- d--h--w- c:\documents and settings\Administrator\Sjablonen 2010-09-11 12:02 . 2010-09-13 18:58 -------- d-----w- c:\documents and settings\Administrator 2010-09-11 11:59 . 2010-09-11 11:59 388096 ----a-r- c:\documents and settings\astrid\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-11 11:59 . 2010-09-11 11:59 -------- d-----w- c:\documents and settings\astrid\Trend Micro 2010-09-11 11:52 . 2010-09-11 11:52 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-09-11 10:46 . 2010-09-11 10:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2010-09-11 10:46 . 2010-09-11 10:46 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-09-09 20:31 . 2010-09-10 12:24 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-08-22 07:40 . 2010-08-22 07:40 -------- d-----w- c:\program files\AppieSoft 2010-08-17 21:14 . 2010-08-17 21:14 -------- d-----w- c:\windows\Performance 2010-08-17 21:13 . 2010-08-17 21:14 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2010-08-17 18:45 . 2008-01-22 16:50 126528 ----a-w- C:\oscdimg.exe 2010-08-17 18:32 . 2008-01-22 16:50 126528 ----a-w- c:\program files\oscdimg.exe 2010-08-16 19:18 . 2010-08-16 19:18 -------- d-----w- c:\windows\XSxS 2010-08-16 19:18 . 2010-08-16 19:18 -------- d-----w- c:\program files\Xenocode 2010-08-16 18:26 . 2010-08-16 18:26 -------- d-----w- C:\BM2005 2010-08-16 18:17 . 2008-01-21 15:43 39472 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2010-08-16 18:17 . 2008-01-21 15:43 4244744 ----a-w- c:\windows\system32\qtp-mt334.dll 2010-08-16 18:17 . 2008-01-21 15:43 13576 ----a-w- c:\windows\system32\wnaspi32.dll 2010-08-16 18:17 . 2008-01-21 15:43 247560 ----a-w- c:\windows\system32\prgiso.dll 2010-08-16 18:16 . 2010-08-16 18:16 -------- d-----w- c:\program files\Paragon Software 2010-08-16 17:32 . 2010-08-16 17:32 -------- d-----r- c:\windows\AsDmiHtm . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-13 20:58 . 2010-09-11 12:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-09-13 20:38 . 2001-09-07 12:00 87232 ----a-w- c:\windows\system32\perfc013.dat 2010-09-13 20:38 . 2001-09-07 12:00 501596 ----a-w- c:\windows\system32\perfh013.dat 2010-09-13 20:34 . 2009-10-15 20:57 -------- d-----w- c:\program files\QuickTime 2010-09-13 18:55 . 2010-09-13 16:34 112 ----a-w- c:\documents and settings\All Users\Application Data\Vt36FoK88.dat 2010-09-13 16:27 . 2009-08-02 13:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2010-09-13 16:27 . 2009-08-02 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2010-09-11 12:18 . 2010-03-04 06:41 -------- d-----w- c:\documents and settings\astrid\Application Data\HPAppData 2010-09-09 20:32 . 2009-07-22 04:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-09-09 20:31 . 2009-07-22 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-08-16 18:16 . 2009-07-18 21:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-26 05:59 . 2009-11-24 07:25 42076 ----a-w- c:\documents and settings\astrid\Application Data\mdbu.bin 2010-07-24 18:26 . 2010-07-18 07:01 -------- d-----w- c:\program files\McAfee 2010-07-22 05:13 . 2009-08-05 14:58 55024 ----a-w- c:\documents and settings\astrid\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-18 10:02 . 2010-07-18 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-07-18 07:01 . 2010-07-18 07:01 -------- d-----w- c:\program files\Common Files\McAfee 2010-07-18 07:01 . 2010-07-18 07:01 -------- d-----w- c:\program files\McAfee.com 2010-07-16 17:32 . 2010-07-16 17:32 -------- d-----w- c:\program files\Webteh 2010-07-15 13:18 . 2010-07-18 07:01 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ------- Sigcheck ------- [-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\winlogon.exe [-] 2004-08-03 . 993BAA1CC42035D8915D762C504B8022 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe [-] 2004-08-03 . F322E4E400DEB976ED1263B6C155FA56 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2010-09-13_20.34.06 ))))))))))))))))))))))))))))))))))))))))) . - 2001-09-07 12:00 . 2010-09-13 18:58 68522 c:\windows\system32\perfc009.dat + 2001-09-07 12:00 . 2010-09-13 20:38 68522 c:\windows\system32\perfc009.dat + 2009-08-30 21:04 . 2002-07-02 15:56 24576 c:\windows\system32\CTHELPER.exe + 2001-09-07 12:00 . 2010-09-13 20:38 435040 c:\windows\system32\perfh009.dat - 2001-09-07 12:00 . 2010-09-13 18:58 435040 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-20 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440] "Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2009-06-30 1811728] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "h:\\WOW\\World of Warcraft\\BackgroundDownloader.exe"= "e:\\pincacle studio 12\\Programs\\RM.exe"= "e:\\pincacle studio 12\\Programs\\Studio.exe"= "e:\\pincacle studio 12\\Programs\\umi.exe"= "h:\\WOW\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"= "h:\\WOW\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"= "h:\\WOW\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "h:\\WOW\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"= "h:\\WOW\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"= "c:\\Program Files\\KCeasy\\KCeasy.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "9100:TCP"= 9100:TCP:printer R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1-1-1980 2:00 184848] R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [16-8-2010 20:17 39472] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-7-2009 6:44 691696] S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [14-4-2010 16:20 53520] S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [14-4-2010 16:20 334992] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2010-07-18 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-18 10:22] 2010-07-31 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-18 10:22] . . ------- Bijkomende Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=13802917 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ibyvihb6.default\ FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-vmware-tray - e:\vmware 6.2 workstation\vmware-tray.exe HKLM-Run-VMware hqtray - e:\vmware 6.2 workstation\hqtray.exe MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-13 23:02 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\mcafee.com\agent\mcagent.exe . ************************************************************************** . Voltooingstijd: 2010-09-13 23:03:08 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-13 21:03 ComboFix2.txt 2010-09-13 20:35 Pre-Run: 22.735.040.512 bytes beschikbaar Post-Run: 22.718.021.632 bytes beschikbaar - - End Of File - - 9F8568415D80302226A0C7A1B757E2FF -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
ik heb geprobeerd HJT te draaien echter blijft O2 - BHO: (no name) - {AC968A2E-31FE-4E95-B9D0-03532E7A42A6} - c:\windows\system32\dlob.dll (file missing) bestaan na het gebruik van combofix en een reboot was deze echter toch verdwenen. hier onder de log van combofix: ComboFix 10-09-12.04 - Administrator 13-09-2010 22:29:51.1.4 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.3320.3060 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\70887ySh.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe c:\program files\Creative\SBLive\Program\ADGJDet.exe c:\program files\Java\jre6\bin\jusched.exe c:\program files\Logitech\G35\G35.exe c:\program files\McAfee.com\Agent\mcagent.exe c:\program files\QuickTime\qttask.exe c:\windows\system32\dloB.dll c:\windows\system32\dloB.tmp c:\windows\system32\drivers\cvzunpvn.sys c:\windows\system32\drivers\svaqbzuz.sys c:\windows\system32\vlpu.dll c:\windows\UpdReg.EXE e:\vmware 6.2 workstation\hqtray.exe e:\vmware 6.2 workstation\vmware-tray.exe <pre> c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe ---^> c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe c:\program files\Creative\SBLive\Program\ADGJDet .exe ---^> c:\program files\Creative\SBLive\Program\ADGJDet.exe c:\program files\Java\jre6\bin\jusched .exe ---^> c:\program files\Java\jre6\bin\jusched.exe c:\program files\Logitech\G35\G35 .exe ---^> c:\program files\Logitech\G35\G35.exe c:\program files\McAfee.com\Agent\mcagent .exe ---^> c:\program files\McAfee.com\Agent\mcagent.exe c:\program files\QuickTime\qttask .exe ---^> c:\program files\QuickTime\qttask.exe c:\windows\UpdReg .exe ---^> c:\windows\UpdReg.exe </pre> . Besmet exemplaar van c:\windows\system32\drivers\pciide.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack c:\windows\system32\winlogon.exe . . . is geïnfecteerd!! c:\windows\explorer.exe . . . is geïnfecteerd!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KZZIGOIM -------\Legacy_SSHNAS -------\Legacy_SVAQBZUZ -------\Service_kzzigoim -------\Service_svaqbzuz (((((((((((((((((((( Bestanden Gemaakt van 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))) . 2010-09-13 18:58 . 2010-09-13 18:58 -------- d-s---w- c:\documents and settings\Administrator\UserData 2010-09-13 16:36 . 2010-09-13 16:36 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2010-09-12 09:28 . 2010-09-12 09:28 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-12 08:15 . 2010-09-12 08:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\ChessBase 2010-09-12 08:15 . 2010-09-12 08:15 55024 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-12 08:15 . 2010-09-12 08:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ChessBase 2010-09-12 07:14 . 2010-09-12 07:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-09-12 07:13 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-12 07:13 . 2010-09-12 07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-12 07:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-11 12:02 . 2009-07-18 21:55 -------- d--h--w- c:\documents and settings\Administrator\Netwerkprinteromgeving 2010-09-11 12:02 . 2009-07-18 21:55 -------- d-----r- c:\documents and settings\Administrator\Menu Start 2010-09-11 12:02 . 2009-07-18 20:00 -------- d--h--w- c:\documents and settings\Administrator\Sjablonen 2010-09-11 12:02 . 2010-09-13 18:58 -------- d-----w- c:\documents and settings\Administrator 2010-09-11 11:59 . 2010-09-11 11:59 388096 ----a-r- c:\documents and settings\astrid\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-11 11:59 . 2010-09-11 11:59 -------- d-----w- c:\documents and settings\astrid\Trend Micro 2010-09-11 11:52 . 2010-09-11 11:52 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-09-11 10:46 . 2010-09-11 10:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData 2010-09-11 10:46 . 2010-09-11 10:46 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-09-11 10:46 . 2010-09-11 10:46 213504 ----a-w- c:\windows\Rpufib.exe 2010-09-11 10:46 . 2010-09-11 10:46 213504 ----a-w- c:\windows\Rpufia.exe 2010-09-11 10:46 . 2010-09-13 20:34 843776 ----a-w- c:\windows\system32\drivers\rbxocw.sys 2010-09-09 20:31 . 2010-09-10 12:24 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-08-22 07:40 . 2010-08-22 07:40 -------- d-----w- c:\program files\AppieSoft 2010-08-17 21:14 . 2010-08-17 21:14 -------- d-----w- c:\windows\Performance 2010-08-17 21:13 . 2010-08-17 21:14 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2010-08-17 18:45 . 2008-01-22 16:50 126528 ----a-w- C:\oscdimg.exe 2010-08-17 18:32 . 2008-01-22 16:50 126528 ----a-w- c:\program files\oscdimg.exe 2010-08-16 19:18 . 2010-08-16 19:18 -------- d-----w- c:\windows\XSxS 2010-08-16 19:18 . 2010-08-16 19:18 -------- d-----w- c:\program files\Xenocode 2010-08-16 18:26 . 2010-08-16 18:26 -------- d-----w- C:\BM2005 2010-08-16 18:17 . 2008-01-21 15:43 39472 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2010-08-16 18:17 . 2008-01-21 15:43 4244744 ----a-w- c:\windows\system32\qtp-mt334.dll 2010-08-16 18:17 . 2008-01-21 15:43 13576 ----a-w- c:\windows\system32\wnaspi32.dll 2010-08-16 18:17 . 2008-01-21 15:43 247560 ----a-w- c:\windows\system32\prgiso.dll 2010-08-16 18:16 . 2010-08-16 18:16 -------- d-----w- c:\program files\Paragon Software 2010-08-16 17:32 . 2010-08-16 17:32 -------- d-----r- c:\windows\AsDmiHtm . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-13 20:34 . 2009-10-15 20:57 -------- d-----w- c:\program files\QuickTime 2010-09-13 20:23 . 2010-09-11 12:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-09-13 18:58 . 2001-09-07 12:00 87232 ----a-w- c:\windows\system32\perfc013.dat 2010-09-13 18:58 . 2001-09-07 12:00 501596 ----a-w- c:\windows\system32\perfh013.dat 2010-09-13 18:55 . 2010-09-13 16:34 112 ----a-w- c:\documents and settings\All Users\Application Data\Vt36FoK88.dat 2010-09-13 16:33 . 2009-08-30 21:04 35332 ----a-w- c:\windows\system32\CTHELPER.EXE 2010-09-13 16:27 . 2009-08-02 13:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2010-09-13 16:27 . 2009-08-02 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2010-09-11 12:20 . 2009-08-30 21:32 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000002-80651102}.dat 2010-09-11 12:20 . 2009-08-30 21:32 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000002-80651102}.dat 2010-09-11 12:18 . 2010-03-04 06:41 -------- d-----w- c:\documents and settings\astrid\Application Data\HPAppData 2010-09-09 20:32 . 2009-07-22 04:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-09-09 20:31 . 2009-07-22 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-08-16 18:16 . 2009-07-18 21:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-26 05:59 . 2009-11-24 07:25 42076 ----a-w- c:\documents and settings\astrid\Application Data\mdbu.bin 2010-07-24 18:26 . 2010-07-18 07:01 -------- d-----w- c:\program files\McAfee 2010-07-22 05:13 . 2009-08-05 14:58 55024 ----a-w- c:\documents and settings\astrid\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-18 10:02 . 2010-07-18 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-07-18 07:01 . 2010-07-18 07:01 -------- d-----w- c:\program files\Common Files\McAfee 2010-07-18 07:01 . 2010-07-18 07:01 -------- d-----w- c:\program files\McAfee.com 2010-07-16 17:32 . 2010-07-16 17:32 -------- d-----w- c:\program files\Webteh 2010-07-15 13:18 . 2010-07-18 07:01 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . <pre> c:\windows\system32\CTHELPER .exe </pre> ------- Sigcheck ------- [-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\winlogon.exe [-] 2004-08-03 . 993BAA1CC42035D8915D762C504B8022 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe [-] 2004-08-03 . F322E4E400DEB976ED1263B6C155FA56 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-20 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "vmware-tray"="e:\vmware 6.2 workstation\vmware-tray.exe" [N/A] "VMware hqtray"="e:\vmware 6.2 workstation\hqtray.exe" [N/A] "WINDVDPatch"="CTHELPER.EXE" [2010-09-13 35332] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440] "Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2009-06-30 1811728] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] c:\program files\DAEMON Tools Lite\daemon.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "h:\\WOW\\World of Warcraft\\BackgroundDownloader.exe"= "e:\\pincacle studio 12\\Programs\\RM.exe"= "e:\\pincacle studio 12\\Programs\\Studio.exe"= "e:\\pincacle studio 12\\Programs\\umi.exe"= "h:\\WOW\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"= "h:\\WOW\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"= "h:\\WOW\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "h:\\WOW\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"= "h:\\WOW\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"= "c:\\Program Files\\KCeasy\\KCeasy.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "9100:TCP"= 9100:TCP:printer R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1-1-1980 2:00 184848] R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [16-8-2010 20:17 39472] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-7-2009 6:44 691696] S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [14-4-2010 16:20 53520] S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [14-4-2010 16:20 334992] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] --- Andere Services/Drivers In Geheugen --- *Deregistered* - rbxocw [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2010-07-18 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-18 10:22] 2010-07-31 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-18 10:22] . . ------- Bijkomende Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=13802917 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ibyvihb6.default\ FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-13 22:34 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rbxocw] . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\Ati2evxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\mcafee.com\agent\mcagent.exe . ************************************************************************** . Voltooingstijd: 2010-09-13 22:35:30 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-13 20:35 Pre-Run: 20.456.148.992 bytes beschikbaar Post-Run: 22.681.845.760 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 835D05BC7B681A688FA667ABFDA609BD super bedankt mvg, sun -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
beste kape, Ik heb alle acties uitgevoerd in veilige modus onder het "build in" administrator account. dit was de enige manier waarop ik de acties kon uitvoeren en op internet kon. als ik nu echter inlog op mijn normale account dan krijg ik direct weer onze doctor op visite. ik heb wederom MBAM gedraaid en krijg onderstaande log: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4599 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 13-9-2010 18:35:55 mbam-log-2010-09-13 (18-35-55).txt Scantype: Snelle scan Objecten gescand: 144589 Verstreken tijd: 4 minuut/minuten, 22 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 2 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\WINDOWS\Fonts\ssxNyTofN.com (Malware.Generic) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. en een HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:37:39, on 13-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jusched .exe C:\Documents and Settings\All Users\Application Data\70887ySh.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\astrid\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AnalyzeThis O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AC968A2E-31FE-4E95-B9D0-03532E7A42A6} - c:\windows\system32\dlob.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [vmware-tray] E:\vmware 6.2 workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "E:\vmware 6.2 workstation\hqtray.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 6903 bytes welke acties moet ik uitvoeren om dit op te lossen? alvast bedankt voor alle snelle reacties. mvg, sun -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
ik heb de acties uitgevoerd en hierbij een nieuw HJT logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:53:51, on 13-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\astrid\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AnalyzeThis O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AC968A2E-31FE-4E95-B9D0-03532E7A42A6} - c:\windows\system32\dlob.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [vmware-tray] E:\vmware 6.2 workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "E:\vmware 6.2 workstation\hqtray.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 6924 bytes mvg, sun -
antimaleware doctor
sunbreeze reageerde op sunbreeze's topic in Archief Bestrijding malware & virussen
Beste Kape, Ik heb de acties uitgevoerd die je hierboven beschrijft. bij het uitvoeren van HostsXpert krijg ik de foutmelding "ERROR:cannot create file C:\windows\system32\DRIVERS\ETC\hosts hier onder de 2 logs zoals verzocht: HiJackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:30:07, on 12-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\astrid\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AnalyzeThis R3 - Default URLSearchHook is missing O1 - Hosts: 212.117.178.25 Google O1 - Hosts: 212.117.163.43 search.yahoo.com O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [vmware-tray] E:\vmware 6.2 workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "E:\vmware 6.2 workstation\hqtray.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 6559 bytes MBAM: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4599 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 12-9-2010 9:23:22 mbam-log-2010-09-12 (09-23-22).txt Scantype: Snelle scan Objecten gescand: 144907 Verstreken tijd: 2 minuut/minuten, 47 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 2 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 7 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\WINDOWS\system32\wupdate.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\spool\prtprocs\w32x86\9iQ79c1s9.dll (Trojan.Alureon) -> Quarantined and deleted successfully. C:\WINDOWS\system32\spool\prtprocs\w32x86\kUO17m3.dll (Trojan.Alureon) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\c1sK31gM.sys (Trojan.Alureon) -> Quarantined and deleted successfully. C:\WINDOWS\cfdrive32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. super bedankt voor de snelle reactie. mvg, sun -
Beste help forumers sinds vandaag ben ik besmet met dit k*t virus de enige manier op dit moment om nog een internet browser te openen is via veiligemodus! Zou iemand mij aub kunnen helpen met het schoon krijgen van mijn pc want opnieuw installeren is geen optie met de hoeveelheid data verlies die dan zou optreden. alvast super bedankt ~sun~ hier onder mijn hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:24:27, on 11-9-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\astrid\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AnalyzeThis R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: 212.117.178.25 Google O1 - Hosts: 212.117.163.43 search.yahoo.com O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [vmware-tray] E:\vmware 6.2 workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "E:\vmware 6.2 workstation\hqtray.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [romncewaxs.tmp] "C:\DOCUME~1\ADMDEN~1\LOCALS~1\Temp\romncewaxs.tmp" O4 - HKLM\..\Run: [wupdate] %SystemRoot%\system32\wupdate.exe O4 - HKLM\..\Run: [lsdefrag] C:\DOCUME~1\ADMDEN~1\LOCALS~1\Temp\mrcwaenxos.tmp O4 - HKLM\..\Run: [hglvtvhw] C:\Documents and Settings\admdennis\Local Settings\Application Data\bgurggpkl\lalqtqcuqiw.exe O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\DOCUME~1\ADMDEN~1\LOCALS~1\Temp\202fbh.exe O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7DD48AC1-06A2-4CF2-812D-968279984783}: NameServer = 93.188.162.127,93.188.161.217 O17 - HKLM\System\CCS\Services\Tcpip\..\{EA648C2D-AAF1-4650-92D3-8FEBFD5A5FD8}: NameServer = 93.188.162.127,93.188.161.217 O17 - HKLM\System\CCS\Services\Tcpip\..\{FA8C73CC-140F-4A14-8555-AF1A067082E6}: NameServer = 93.188.162.127,93.188.161.217 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.127,93.188.161.217 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.127,93.188.161.217 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.127,93.188.161.217 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\vmware 6.2 workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 7915 bytes
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!