Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HiJacklog - internet werkt niet

Anoniem
M@rc
27 antwoorden
  • Wie kan helpen met het volgende
    1) internet explorer werkt niet
    2) lan verbinding werkt wel. Kan ping uitvoeren
    3) In veilige mode werkt IE wel maar zeeeeer traag.
    4) Het CWschredder gedaan in veilige mode. Kan die niet updaten. Verder niets gevonden.
    5) Winsockfix werkt niet. Krijg foutmelding dat het geen win32 applicatie is.
    6) hierbij een hijjack log.
    Dank,
    Maarten

    ++++++
    [list:398f240cce]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:52:51, on 1-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\TEMP\D24F2013.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\Msmsgs.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
    C:\Program Files\eFax Messenger 4.0\J2GTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    F:\HiJackThis.exe
    C:\WINDOWS\system32\wscntfy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\D24F2013.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winhp32.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{262916F0-05DA-1043-0909-04040908001f}] "C:\Program Files\Common Files\{262916F0-05DA-1043-0909-04040908001f}\Update.exe" mc-110-12-0001411
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail
    esources/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
    O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 7490 bytes
    [/list:u:398f240cce]
  • Hallo,


    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:bd3c1931c7]O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\D24F2013.exe
    O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winhp32.exe
    O4 - HKCU\..\Policies\Explorer\Run: [{262916F0-05DA-1043-0909-04040908001f}] "C:\Program Files\Common Files\{262916F0-05DA-1043-0909-04040908001f}\Update.exe" mc-110-12-0001411
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
    O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
    O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)[/b:bd3c1931c7]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden
    Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Instructies uitgevoerd. Heb combofix 2x moeten draaien. Eerste keer verscheen er geen log.
    Heb weer toegang tot het Internet. Virusscanner geeft wel veel meldingen.

    HiJack log

    [list:0277ca9bbd]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:35:59, on 1-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\Msmsgs.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
    C:\Program Files\eFax Messenger 4.0\J2GTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Downloads\hijackthis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
    O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail
    esources/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 7274 bytes
    [/list:u:0277ca9bbd]

    Combo Log
    [list:0277ca9bbd]
    ComboFix 08-04-29.5 - Ruud 2008-05-01 19:25:28.5 -
  • Kan de virusscanner alles verwijderen?
  • Tot nu toe wel Ik heb hem net opnieuw gestart.
    Meld me zo als de scan afgewerkt is.
  • Prima Maarten.
    Maak dan ook een nieuwe log met ComboFix zodat ik ka zien wat er nog overgebleven is aan malware.
  • Scanner heeft een aantal trojan horses gevonden en die kunnen verwijderen.
    Suggesties voor volgende stappen?
  • Zie vorige post Maarten.
  • Sorry, heb niet goed opgelet.
    Hierbij het nieuwe Combo log.

    Verder krijg ik nog een melding van de virusscanner over een file av-test.txt. Deze file wordt verplaatst. De toepassing is CF14121.exe.

    [list:9063cd0596]
    ComboFix 08-04-29.5 - Ruud 2008-05-01 20:30:01.6 -
  • Ga naar deze website: http://www.virustotal.com/en/indexf.html
    Laat volgend bestandje scannen: C:\Documents and Settings\Default User\mpsetup.exe
    Post het resultaat van de scan.
  • Hierbij het resultaat van de scan
    \
    [list:fda614f437]
    Bestand mpsetup.exe ontvangen op 2008.05.02 12:29:40 (CET)
    Bestand mpsetup.exe ontvangen op 2008.05.02 12:29:40 (CET)Antivirus Versie Laatst geüpdatet Resultaat
    AhnLab-V3 2008.5.2.1 2008.05.02 -
    AntiVir 7.8.0.11 2008.05.02 -
    Authentium 4.93.8 2008.05.02 -
    Avast 4.8.1169.0 2008.05.02 -
    AVG 7.5.0.516 2008.05.02 -
    BitDefender 7.2 2008.05.02 -
    CAT-QuickHeal 9.50 2008.05.01 -
    ClamAV 0.92.1 2008.05.02 -
    DrWeb 4.44.0.09170 2008.04.30 -
    eSafe 7.0.15.0 2008.04.28 Suspicious Archive Structure
    eTrust-Vet 31.3.5752 2008.05.02 -
    Ewido 4.0 2008.05.01 -
    F-Prot 4.4.2.54 2008.05.01 -
    F-Secure 6.70.13260.0 2008.05.02 -
    Fortinet 3.14.0.0 2008.05.02 -
    Ikarus T3.1.1.26 2008.05.02 -
    Kaspersky 7.0.0.125 2008.05.02 -
    McAfee 5285 2008.04.30 -
    Microsoft 1.3408 2008.04.22 -
    NOD32v2 3070 2008.05.02 -
    Norman 5.80.02 2008.04.30 -
    Panda 9.0.0.4 2008.05.01 -
    Rising 20.42.22.00 2008.04.30 -
    Sophos 4.29.0 2008.05.02 -
    Sunbelt 3.0.1097.0 2008.05.01 -
    Symantec 10 2008.05.02 -
    TheHacker 6.2.92.298 2008.04.30 -
    VBA32 3.12.6.5 2008.05.01 -
    VirusBuster 4.3.26:9 2008.05.01 -
    Webwasher-Gateway 6.6.2 2008.05.02 -

    Extra informatie
    File size: 13089928 bytes
    MD5…: 0ee48025d6d3b65d8380fb2aa52715cf
    SHA1..: 2db542fd98d881b3bb65c9627d56c06ffe31aa90
    SHA256: 550589b236f896807aece63bb478b66327edd33fe8c05ff99a4c320394cc5a13
    SHA512: d43be33738310d1d98ab62976af4e40b02ba20ad36c652ed93be7258a2c5ce33<BR>28f88aaa1462b52a0a5abd40297020c142849438596d17e8d0ca2f74df5723f1
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1005a5e<BR>timedatestamp…..: 0x3b7dc821 (Sat Aug 18 01:42:57 2001)<BR>machinetype…….: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x861a 0x8800 6.55 43984be5cb414e4634db17caa4d1c30b<BR>.data 0xa000 0x1be4 0x400 4.18 730893b14fc930a187215e7fb53bc0a5<BR>.rsrc 0xc000 0xc72000 0xc71200 8.00 4672422d9f5dab72952cb4265b8d75dc<BR><BR>( 6 imports ) <BR>&gt; ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA<BR>&gt; KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GetProcAddress, GlobalUnlock, GlobalLock, GlobalAlloc, FreeResource, CloseHandle, LoadResource, SizeofResource, FindResourceA, ReadFile, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, LockResource, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalFree<BR>&gt; GDI32.dll: GetDeviceCaps<BR>&gt; USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics<BR>&gt; COMCTL32.dll: -<BR>&gt; VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA<BR><BR>( 0 exports ) <BR>
    packers: CAB, Unicode



    [/list:u:fda614f437]
  • Zijn er nog problemen Maarten?
  • Nee, het ziet er allemaal goed uit. Heb ook Spybot laten draaien en die geeft ook niets bijzonders.
    Voor de zekerheid een laatste log.

    [list:4b6eef871c]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:49:19, on 2-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\Msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Downloads\hijackthis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail
    esources/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 7438 bytes
    [/list:u:4b6eef871c]
  • Ga naar [b:428f3aa978] en klik onderaan op [b:428f3aa978]Accept[/b:428f3aa978].
    Deze scanner werkt uitsluitend met
  • scan bijna succesvol uitgevoerd. 5 virusen en 34 files gedetecteerd. Kan alleen het log niet vinden. Ga een nieuwe scan maken.
  • Scan succesvol uitevoerd. Zie log.
    Eigen scanner 'vangt' ook regelmatig virussen. Zie C:\quaratine.

    [list:66246adde3]
    ——————————————————————————-
    KASPERSKY ONLINE SCANNER REPORT
    Friday, May 02, 2008 7:48:08 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 2/05/2008
    Kaspersky Anti-Virus database records: 735468
    ——————————————————————————-

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 93745
    Number of viruses found: 5
    Number of infected objects: 20
    Number of suspicious objects: 0
    Duration of the scan process: 01:01:13

    Infected Object Name / Virus Name / Last Action
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\qsetup.exe Infected: IM-Worm.Win32.Licat.l skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_RUUD.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_RUUD.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080502_Time-154121368_EnterceptRules.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080502_Time-154121368_EnterceptExceptions.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService
    tuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService
    tuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Ruud\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Ruud
    tuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Geschiedenis\History.IE5\MSHist012008050220080503\index.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Bureaublad\Ilona\Bureaublad\digitech.exe Infected: IM-Worm.Win32.Licat.l skipped
    C:\Documents and Settings\Ruud\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Ruud\scd.exe Infected: IM-Worm.Win32.Licat.i skipped
    C:\QooBox\Quarantine\C\Documents and Settings\Ruud\Application Data\winantispyware2006freeinstall[1].exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
    C:\QooBox\Quarantine\C\Documents and Settings\Ruud\winstall.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\212235320.dll.Vir Object is locked skipped
    C:\QUARANTINE\Av-test.txt.Vir Object is locked skipped
    C:\QUARANTINE\Av-test.txt.Vir.0 Object is locked skipped
    C:\QUARANTINE\winstall.exe.Vir Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\Av-test.txt.Vir.1 Object is locked skipped
    C:\QUARANTINE\Av-test.txt.Vir.2 Object is locked skipped
    C:\QUARANTINE\Av-test.txt.Vir.3 Object is locked skipped
    C:\QUARANTINE\game0.exe.exe.Vir Object is locked skipped
    C:\QUARANTINE\Av-test.txt.Vir.4 Object is locked skipped
    C:\QUARANTINE\winstall.exe.Vir.0 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.1 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.2 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.3 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.4 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.5 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.6 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.7 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.8 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.9 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\winstall.exe.Vir.10 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\QUARANTINE\taskdir.exe.Vir Object is locked skipped
    C:\QUARANTINE\taskdir.exe.Vir.0 Object is locked skipped
    C:\FOUND.031\FILE0005.CHK Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\FOUND.031\FILE0008.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\FOUND.032\FILE0001.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    Scan process completed.
    [/list:u:66246adde3]


  • Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
    [b:a2ec974961]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\system32\qsetup.exe
    "C:\Documents and Settings\Ruud\Bureaublad\Ilona\Bureaublad\digitech.exe"
    "C:\Documents and Settings\Ruud\scd.exe";) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted successfully>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    >>log.txt (
    ECHO.
    ECHO Deleting folders)
    FOR %%I in (
    C:\QUARANTINE) DO (
    IF EXIST %%I (
    RD /S /Q %%I
    IF EXIST %%I (
    ECHO %%I not deleted>>log.txt
    ) ELSE (
    ECHO %%I deleted successfully>>log.txt)
    ) ELSE (
    ECHO %%I not found>>log.txt))
    START NOTEPAD.EXE log.txt
    [/b:a2ec974961]
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.
  • Hier het gevraagde log.
    [list:42b34d093d]
    Deleting files
    C:\WINDOWS\system32\qsetup.exe deleted successfully
    "C:\Documents and Settings\Ruud\Bureaublad\Ilona\Bureaublad\digitech.exe" deleted successfully
    "C:\Documents and Settings\Ruud\scd.exe" deleted successfully

    Deleting folders
    C:\QUARANTINE deleted successfully
    [/list:u:42b34d093d]
  • M@rc,
    Na je het succesvol uitvoeren van je vorige post, opnieuw een online scan gedaan. Zie nog een paar indicaties voor een worm.

    Het vreemde is dat ik de files
    [list:f10b9ac4dd]
    C:\FOUND.031\FILE0005.CHK Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\FOUND.031\FILE0008.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\FOUND.032\FILE0001.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    [/list:u:f10b9ac4dd]
    helemaal niet kan vinden.


    Verder een nieuwe HJT log gemaakt.

    Scan log
    [list:f10b9ac4dd]
    ——————————————————————————-
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, May 04, 2008 3:31:13 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 4/05/2008
    Kaspersky Anti-Virus database records: 738770
    ——————————————————————————-

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 92065
    Number of viruses found: 5
    Number of infected objects: 8
    Number of suspicious objects: 0
    Duration of the scan process: 01:06:22

    Infected Object Name / Virus Name / Last Action
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_RUUD.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_RUUD.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080504_Time-141230373_EnterceptRules.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080504_Time-141230373_EnterceptExceptions.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService
    tuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService
    tuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Ruud\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Ruud
    tuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Ruud\Local Settings\Temp\fla3905.tmp Object is locked skipped
    C:\Documents and Settings\Ruud\Cookies\index.dat Object is locked skipped
    C:\System Volume Information\_restore{2A0828B9-A7FE-458D-9869-A8B8FD8BEF7B}\RP140\A0099476.exe Infected: IM-Worm.Win32.Licat.l skipped
    C:\System Volume Information\_restore{2A0828B9-A7FE-458D-9869-A8B8FD8BEF7B}\RP140\A0099477.exe Infected: IM-Worm.Win32.Licat.l skipped
    C:\System Volume Information\_restore{2A0828B9-A7FE-458D-9869-A8B8FD8BEF7B}\RP140\A0099478.exe Infected: IM-Worm.Win32.Licat.i skipped
    C:\System Volume Information\_restore{2A0828B9-A7FE-458D-9869-A8B8FD8BEF7B}\RP140\change.log Object is locked skipped
    C:\QooBox\Quarantine\C\Documents and Settings\Ruud\Application Data\winantispyware2006freeinstall[1].exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
    C:\QooBox\Quarantine\C\Documents and Settings\Ruud\winstall.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\FOUND.031\FILE0005.CHK Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
    C:\FOUND.031\FILE0008.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\FOUND.032\FILE0001.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    Scan process completed.
    [/list:u:f10b9ac4dd]

    HJT log
    [list:f10b9ac4dd]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:36:20, on 4-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\Msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32
    otepad.exe
    D:\Downloads\hijackthis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail
    esources/MsnPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 7571 bytes
    [/list:u:f10b9ac4dd][list:f10b9ac4dd][/list:u:f10b9ac4dd]




  • Hoi Maarten,

    Laat deze batfile even lopen:

    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
    [b:e5539c5309]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\FOUND.031\FILE0005.CHK
    C:\FOUND.031\FILE0008.CHK
    C:\FOUND.032\FILE0001.CHK) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted successfully>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt
    [/b:e5539c5309]
    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.

    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.