Vraag & Antwoord

Beveiliging & privacy

HiJacklog - internet werkt niet

27 antwoorden
  • Wie kan helpen met het volgende 1) internet explorer werkt niet 2) lan verbinding werkt wel. Kan ping uitvoeren 3) In veilige mode werkt IE wel maar zeeeeer traag. 4) Het CWschredder gedaan in veilige mode. Kan die niet updaten. Verder niets gevonden. 5) Winsockfix werkt niet. Krijg foutmelding dat het geen win32 applicatie is. 6) hierbij een hijjack log. Dank, Maarten ++++++ [list:398f240cce] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:52:51, on 1-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\TEMP\D24F2013.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe C:\Program Files\eFax Messenger 4.0\J2GTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe F:\HiJackThis.exe C:\WINDOWS\system32\wscntfy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\D24F2013.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winhp32.exe O4 - HKCU\..\Policies\Explorer\Run: [{262916F0-05DA-1043-0909-04040908001f}] "C:\Program Files\Common Files\{262916F0-05DA-1043-0909-04040908001f}\Update.exe" mc-110-12-0001411 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7490 bytes [/list:u:398f240cce]
  • Hallo, Sluit alle open vensters. Start HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:bd3c1931c7]O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\D24F2013.exe O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winhp32.exe O4 - HKCU\..\Policies\Explorer\Run: [{262916F0-05DA-1043-0909-04040908001f}] "C:\Program Files\Common Files\{262916F0-05DA-1043-0909-04040908001f}\Update.exe" mc-110-12-0001411 O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)[/b:bd3c1931c7] Klik daarna op "Fix checked" en sluit HijackThis af. Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het. Als het tooltje klaar is, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Instructies uitgevoerd. Heb combofix 2x moeten draaien. Eerste keer verscheen er geen log. Heb weer toegang tot het Internet. Virusscanner geeft wel veel meldingen. HiJack log [list:0277ca9bbd] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:35:59, on 1-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe C:\Program Files\eFax Messenger 4.0\J2GTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Downloads\hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7274 bytes [/list:u:0277ca9bbd] Combo Log [list:0277ca9bbd] ComboFix 08-04-29.5 - Ruud 2008-05-01 19:25:28.5 - [color=red:0277ca9bbd][b:0277ca9bbd]FAT32[/b:0277ca9bbd][/color:0277ca9bbd]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.164 [GMT 2:00] Gestart vanuit: C:\Downloads\combofix.exe * Resident AV is active [color=red:0277ca9bbd][b:0277ca9bbd]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:0277ca9bbd][/color:0277ca9bbd] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Ruud\Application Data\DriveCleaner 2006 Free C:\Documents and Settings\Ruud\Application Data\DriveCleaner 2006 Free\Logs\update.log C:\Documents and Settings\Ruud\Application Data\WinAntiSpyware 2006 C:\Documents and Settings\Ruud\Application Data\WinAntiSpyware 2006\Logs\update.log C:\Documents and Settings\Ruud\Application Data\winantispyware2006freeinstall[1].exe C:\Documents and Settings\Ruud\err.log C:\Documents and Settings\Ruud\winstall.exe C:\Program Files\Common Files\{26291~1 C:\Program Files\winantispyware 2006 free C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#data C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\Downloaded Program Files\UDC6M_0001_D19M0709NetInstaller.exe C:\WINDOWS\msnhp32.dll C:\WINDOWS\system32\game0.exe.exe C:\WINDOWS\system32\lzx32.sys C:\WINDOWS\system32\unsvchosts.lzma D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_COM+_MESSAGES -------\Service_COM+ Messages (((((((((((((((((((( Bestanden Gemaakt van 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))) . 2008-05-01 18:26 . 2008-05-01 18:26 <DIR> d-------- C:\Program Files\Lavasoft 2008-05-01 18:26 . 2008-05-01 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-01 18:24 . 2008-05-01 18:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-01 17:51 . 2008-05-01 17:51 <DIR> d-------- C:\Program Files\Panda Security 2008-05-01 17:36 . 2008-05-01 17:36 <DIR> dr-h----- C:\Documents and Settings\Ruud\Onlangs geopend . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-01-15 16:03 131,072 ----a-w C:\Documents and Settings\Ruud\tset.exe 2006-12-18 21:06 2,805 ----a-w C:\Documents and Settings\Ruud\tel.exe 2006-11-30 20:49 77,824 ----a-w C:\Documents and Settings\Ruud\jsetup.exe 2006-11-28 19:52 77,824 ----a-w C:\Documents and Settings\Ruud\scd.exe 2006-11-27 21:28 77,824 ----a-w C:\Documents and Settings\Ruud\vset.exe 2006-11-27 11:09 1,886 ----a-w C:\Documents and Settings\Ruud\ssetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\WINDOWS\system32\config\systemprofile\mpsetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Tessa\mpsetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Ruud\mpsetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Default User\mpsetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Administrator\mpsetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2005-08-31 20:27 1658592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 19:57 98304] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 19:57 532480] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:32 208952] "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-08 12:00 59392] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-23 23:17 282624] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-07-05 18:52 315392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2004-12-06 21:19:36 73728] eFax DllCmd 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe [2005-11-23 18:41:19 107008] eFax Tray Menu 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GTray.exe [2005-11-23 18:41:19 500224] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 SMBHC;Stuurprogramma voor Microsoft SM Bus-hostcontroller;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57] R3 SMBBATT;Microsoft Smart Battery-stuurprogramma;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 07:07] S2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12] *Newly Created Service* - ENTDRV51 . Inhoud van de 'Gedeelde Taken' map "2008-05-01 15:47:30 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2008-05-01 17:00:02 C:\WINDOWS\Tasks\AC286216918014F2.job" - c:\docume~1\julya\applic~1\atomde~1\Delete copy bird.exe "2008-05-01 17:00:02 C:\WINDOWS\Tasks\AF1F6FC39188E73B.job" - c:\docume~1\ruud\applic~1\atomde~1\Delete copy bird.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 19:30:27 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\MCSHIELD.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\NAPRDMGR.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSTSKMGR.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2008-05-01 19:32:14 - machine was rebooted [Ruud] ComboFix-quarantined-files.txt 2008-05-01 17:32:08 Pre-Run: 3,856,138,240 bytes beschikbaar Post-Run: 3,915,431,936 bytes beschikbaar 133 --- E O F --- 2008-03-06 14:44:41 [/list:u:0277ca9bbd]
  • Kan de virusscanner alles verwijderen?
  • Tot nu toe wel Ik heb hem net opnieuw gestart. Meld me zo als de scan afgewerkt is.
  • Prima Maarten. Maak dan ook een nieuwe log met ComboFix zodat ik ka zien wat er nog overgebleven is aan malware.
  • Scanner heeft een aantal trojan horses gevonden en die kunnen verwijderen. Suggesties voor volgende stappen?
  • Zie vorige post Maarten.
  • Sorry, heb niet goed opgelet. Hierbij het nieuwe Combo log. Verder krijg ik nog een melding van de virusscanner over een file av-test.txt. Deze file wordt verplaatst. De toepassing is CF14121.exe. [list:9063cd0596] ComboFix 08-04-29.5 - Ruud 2008-05-01 20:30:01.6 - [color=red:9063cd0596][b:9063cd0596]FAT32[/b:9063cd0596][/color:9063cd0596]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.174 [GMT 2:00] Gestart vanuit: C:\Downloads\combofix.exe * Resident AV is active [color=red:9063cd0596][b:9063cd0596]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:9063cd0596][/color:9063cd0596] . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))) . 2008-05-01 18:26 . 2008-05-01 18:26 <DIR> d-------- C:\Program Files\Lavasoft 2008-05-01 18:26 . 2008-05-01 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-01 18:24 . 2008-05-01 18:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-01 17:51 . 2008-05-01 17:51 <DIR> d-------- C:\Program Files\Panda Security 2008-05-01 17:36 . 2008-05-01 17:36 <DIR> dr-h----- C:\Documents and Settings\Ruud\Onlangs geopend . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-01-15 16:03 131,072 ----a-w C:\Documents and Settings\Ruud\tset.exe 2006-11-28 19:52 77,824 ----a-w C:\Documents and Settings\Ruud\scd.exe 2006-11-27 11:09 1,886 ----a-w C:\Documents and Settings\Ruud\ssetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\WINDOWS\system32\config\systemprofile\mpsetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Tessa\mpsetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Ruud\mpsetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Default User\mpsetup.exe 2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Administrator\mpsetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2005-08-31 20:27 1658592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 19:57 98304] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 19:57 532480] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:32 208952] "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-08 12:00 59392] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-23 23:17 282624] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-07-05 18:52 315392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2004-12-06 21:19:36 73728] eFax DllCmd 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe [2005-11-23 18:41:19 107008] eFax Tray Menu 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GTray.exe [2005-11-23 18:41:19 500224] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 SMBHC;Stuurprogramma voor Microsoft SM Bus-hostcontroller;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57] R3 SMBBATT;Microsoft Smart Battery-stuurprogramma;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 07:07] S2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12] *Newly Created Service* - ENTDRV51 . Inhoud van de 'Gedeelde Taken' map "2008-05-01 15:47:30 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2008-05-01 18:00:02 C:\WINDOWS\Tasks\AC286216918014F2.job" - c:\docume~1\julya\applic~1\atomde~1\Delete copy bird.exe "2008-05-01 18:00:02 C:\WINDOWS\Tasks\AF1F6FC39188E73B.job" - c:\docume~1\ruud\applic~1\atomde~1\Delete copy bird.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 20:31:37 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-05-01 20:32:07 ComboFix-quarantined-files.txt 2008-05-01 18:32:04 ComboFix2.txt 2008-05-01 17:32:16 Pre-Run: 3,906,895,872 bytes beschikbaar Post-Run: 3,904,061,440 bytes beschikbaar 94 --- E O F --- 2008-03-06 14:44:41 [/list:u:9063cd0596]
  • Ga naar deze website: http://www.virustotal.com/en/indexf.html Laat volgend bestandje scannen: C:\Documents and Settings\Default User\mpsetup.exe Post het resultaat van de scan.
  • Hierbij het resultaat van de scan \ [list:fda614f437] Bestand mpsetup.exe ontvangen op 2008.05.02 12:29:40 (CET) Bestand mpsetup.exe ontvangen op 2008.05.02 12:29:40 (CET)Antivirus Versie Laatst geüpdatet Resultaat AhnLab-V3 2008.5.2.1 2008.05.02 - AntiVir 7.8.0.11 2008.05.02 - Authentium 4.93.8 2008.05.02 - Avast 4.8.1169.0 2008.05.02 - AVG 7.5.0.516 2008.05.02 - BitDefender 7.2 2008.05.02 - CAT-QuickHeal 9.50 2008.05.01 - ClamAV 0.92.1 2008.05.02 - DrWeb 4.44.0.09170 2008.04.30 - eSafe 7.0.15.0 2008.04.28 Suspicious Archive Structure eTrust-Vet 31.3.5752 2008.05.02 - Ewido 4.0 2008.05.01 - F-Prot 4.4.2.54 2008.05.01 - F-Secure 6.70.13260.0 2008.05.02 - Fortinet 3.14.0.0 2008.05.02 - Ikarus T3.1.1.26 2008.05.02 - Kaspersky 7.0.0.125 2008.05.02 - McAfee 5285 2008.04.30 - Microsoft 1.3408 2008.04.22 - NOD32v2 3070 2008.05.02 - Norman 5.80.02 2008.04.30 - Panda 9.0.0.4 2008.05.01 - Rising 20.42.22.00 2008.04.30 - Sophos 4.29.0 2008.05.02 - Sunbelt 3.0.1097.0 2008.05.01 - Symantec 10 2008.05.02 - TheHacker 6.2.92.298 2008.04.30 - VBA32 3.12.6.5 2008.05.01 - VirusBuster 4.3.26:9 2008.05.01 - Webwasher-Gateway 6.6.2 2008.05.02 - Extra informatie File size: 13089928 bytes MD5...: 0ee48025d6d3b65d8380fb2aa52715cf SHA1..: 2db542fd98d881b3bb65c9627d56c06ffe31aa90 SHA256: 550589b236f896807aece63bb478b66327edd33fe8c05ff99a4c320394cc5a13 SHA512: d43be33738310d1d98ab62976af4e40b02ba20ad36c652ed93be7258a2c5ce33<BR>28f88aaa1462b52a0a5abd40297020c142849438596d17e8d0ca2f74df5723f1 PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1005a5e<BR>timedatestamp.....: 0x3b7dc821 (Sat Aug 18 01:42:57 2001)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x861a 0x8800 6.55 43984be5cb414e4634db17caa4d1c30b<BR>.data 0xa000 0x1be4 0x400 4.18 730893b14fc930a187215e7fb53bc0a5<BR>.rsrc 0xc000 0xc72000 0xc71200 8.00 4672422d9f5dab72952cb4265b8d75dc<BR><BR>( 6 imports ) <BR>> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA<BR>> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GetProcAddress, GlobalUnlock, GlobalLock, GlobalAlloc, FreeResource, CloseHandle, LoadResource, SizeofResource, FindResourceA, ReadFile, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, LockResource, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalFree<BR>> GDI32.dll: GetDeviceCaps<BR>> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics<BR>> COMCTL32.dll: -<BR>> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA<BR><BR>( 0 exports ) <BR> packers: CAB, Unicode [/list:u:fda614f437]
  • Zijn er nog problemen Maarten?
  • Nee, het ziet er allemaal goed uit. Heb ook Spybot laten draaien en die geeft ook niets bijzonders. Voor de zekerheid een laatste log. [list:4b6eef871c] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:49:19, on 2-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Downloads\hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7438 bytes [/list:u:4b6eef871c]
  • Ga naar [url=http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html][b:428f3aa978][color=blue:428f3aa978]Kaspersky Online Scanner[/color:428f3aa978][/b:428f3aa978][/url] en klik onderaan op [b:428f3aa978]Accept[/b:428f3aa978]. Deze scanner werkt uitsluitend met [color=blue:428f3aa978]Internet Explorer 6 en hoger[/color:428f3aa978] !! Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. [b:428f3aa978]Sta dit toe[/b:428f3aa978].[list:428f3aa978][*:428f3aa978]Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op [b:428f3aa978]Next[/b:428f3aa978]. [*:428f3aa978]Klik vervolgens op de toets [b:428f3aa978]Scan Settings[/b:428f3aa978]. Onder de tekst [i:428f3aa978]Scan using the following antivirus database[/i:428f3aa978]: kies je de tweede mogelijkheid: [b:428f3aa978]extended - protect your[/b:428f3aa978] ..... Onder de tekst [i:428f3aa978]Scan options[/i:428f3aa978]: zet je de twee vinkjes: [b:428f3aa978]Scan Archives[/b:428f3aa978] .... en [b:428f3aa978]Scan Mail Bases[/b:428f3aa978] .... [*:428f3aa978]Klik dan op de toets [b:428f3aa978]OK[/b:428f3aa978]. [*:428f3aa978]Start nu het scannen door op de tekst [color=blue:428f3aa978][b:428f3aa978]My Computer[/b:428f3aa978][/color:428f3aa978] te klikken. [img:428f3aa978]http://www.jawwi.nl/english/tutorials/kaspersky/image/img6s.jpg[/img:428f3aa978] Hou er rekening mee dat deze scan een tijdje in beslag neemt. [*:428f3aa978]Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan. Klik op de toets [b:428f3aa978]Save Report As[/b:428f3aa978] te klikken. Sla het rapport op je Bureaublad op met als naam [b:428f3aa978]kavscan.txt[/b:428f3aa978][/list:u:428f3aa978] Post dit rapport in je volgende bericht.
  • scan bijna succesvol uitgevoerd. 5 virusen en 34 files gedetecteerd. Kan alleen het log niet vinden. Ga een nieuwe scan maken.
  • Scan succesvol uitevoerd. Zie log. Eigen scanner 'vangt' ook regelmatig virussen. Zie C:\quaratine. [list:66246adde3] ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, May 02, 2008 7:48:08 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/05/2008 Kaspersky Anti-Virus database records: 735468 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 93745 Number of viruses found: 5 Number of infected objects: 20 Number of suspicious objects: 0 Duration of the scan process: 01:01:13 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\qsetup.exe Infected: IM-Worm.Win32.Licat.l skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_RUUD.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_RUUD.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080502_Time-154121368_EnterceptRules.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080502_Time-154121368_EnterceptExceptions.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Ruud\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Ruud\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Geschiedenis\History.IE5\MSHist012008050220080503\index.dat Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Ruud\Bureaublad\Ilona\Bureaublad\digitech.exe Infected: IM-Worm.Win32.Licat.l skipped C:\Documents and Settings\Ruud\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Ruud\scd.exe Infected: IM-Worm.Win32.Licat.i skipped C:\QooBox\Quarantine\C\Documents and Settings\Ruud\Application Data\winantispyware2006freeinstall[1].exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped C:\QooBox\Quarantine\C\Documents and Settings\Ruud\winstall.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\212235320.dll.Vir Object is locked skipped C:\QUARANTINE\Av-test.txt.Vir Object is locked skipped C:\QUARANTINE\Av-test.txt.Vir.0 Object is locked skipped C:\QUARANTINE\winstall.exe.Vir Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\Av-test.txt.Vir.1 Object is locked skipped C:\QUARANTINE\Av-test.txt.Vir.2 Object is locked skipped C:\QUARANTINE\Av-test.txt.Vir.3 Object is locked skipped C:\QUARANTINE\game0.exe.exe.Vir Object is locked skipped C:\QUARANTINE\Av-test.txt.Vir.4 Object is locked skipped C:\QUARANTINE\winstall.exe.Vir.0 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.1 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.2 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.3 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.4 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.5 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.6 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.7 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.8 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.9 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\winstall.exe.Vir.10 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\QUARANTINE\taskdir.exe.Vir Object is locked skipped C:\QUARANTINE\taskdir.exe.Vir.0 Object is locked skipped C:\FOUND.031\FILE0005.CHK Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\FOUND.031\FILE0008.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\FOUND.032\FILE0001.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped Scan process completed. [/list:u:66246adde3]
  • Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:a2ec974961]@ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt FOR %%g in ( C:\WINDOWS\system32\qsetup.exe "C:\Documents and Settings\Ruud\Bureaublad\Ilona\Bureaublad\digitech.exe" "C:\Documents and Settings\Ruud\scd.exe") DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted successfully>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) >>log.txt ( ECHO. ECHO Deleting folders) FOR %%I in ( C:\QUARANTINE) DO ( IF EXIST %%I ( RD /S /Q %%I IF EXIST %%I ( ECHO %%I not deleted>>log.txt ) ELSE ( ECHO %%I deleted successfully>>log.txt) ) ELSE ( ECHO %%I not found>>log.txt)) START NOTEPAD.EXE log.txt [/b:a2ec974961] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op del.bat en post de inhoud van de logfile die opent.
  • Hier het gevraagde log. [list:42b34d093d] Deleting files C:\WINDOWS\system32\qsetup.exe deleted successfully "C:\Documents and Settings\Ruud\Bureaublad\Ilona\Bureaublad\digitech.exe" deleted successfully "C:\Documents and Settings\Ruud\scd.exe" deleted successfully Deleting folders C:\QUARANTINE deleted successfully [/list:u:42b34d093d]
  • M@rc, Na je het succesvol uitvoeren van je vorige post, opnieuw een online scan gedaan. Zie nog een paar indicaties voor een worm. Het vreemde is dat ik de files [list:f10b9ac4dd] C:\FOUND.031\FILE0005.CHK Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\FOUND.031\FILE0008.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\FOUND.032\FILE0001.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped [/list:u:f10b9ac4dd] helemaal niet kan vinden. Verder een nieuwe HJT log gemaakt. Scan log [list:f10b9ac4dd] ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, May 04, 2008 3:31:13 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 4/05/2008 Kaspersky Anti-Virus database records: 738770 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 92065 Number of viruses found: 5 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 01:06:22 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_RUUD.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_RUUD.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080504_Time-141230373_EnterceptRules.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080504_Time-141230373_EnterceptExceptions.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Ruud\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Ruud\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Ruud\Local Settings\Temp\fla3905.tmp Object is locked skipped C:\Documents and Settings\Ruud\Cookies\index.dat Object is locked skipped C:\System Volume Information\_restore{2A0828B9-A7FE-458D-9869-A8B8FD8BEF7B}\RP140\A0099476.exe Infected: IM-Worm.Win32.Licat.l skipped C:\System Volume Information\_restore{2A0828B9-A7FE-458D-9869-A8B8FD8BEF7B}\RP140\A0099477.exe Infected: IM-Worm.Win32.Licat.l skipped C:\System Volume Information\_restore{2A0828B9-A7FE-458D-9869-A8B8FD8BEF7B}\RP140\A0099478.exe Infected: IM-Worm.Win32.Licat.i skipped C:\System Volume Information\_restore{2A0828B9-A7FE-458D-9869-A8B8FD8BEF7B}\RP140\change.log Object is locked skipped C:\QooBox\Quarantine\C\Documents and Settings\Ruud\Application Data\winantispyware2006freeinstall[1].exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped C:\QooBox\Quarantine\C\Documents and Settings\Ruud\winstall.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\FOUND.031\FILE0005.CHK Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped C:\FOUND.031\FILE0008.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\FOUND.032\FILE0001.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped Scan process completed. [/list:u:f10b9ac4dd] HJT log [list:f10b9ac4dd] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:36:20, on 4-5-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe D:\Downloads\hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail/resources/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7571 bytes [/list:u:f10b9ac4dd][list:f10b9ac4dd][/list:u:f10b9ac4dd]
  • Hoi Maarten, Laat deze batfile even lopen: Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:e5539c5309]@ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt FOR %%g in ( C:\FOUND.031\FILE0005.CHK C:\FOUND.031\FILE0008.CHK C:\FOUND.032\FILE0001.CHK) DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted successfully>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) START NOTEPAD.EXE log.txt [/b:e5539c5309] Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.