Vraag & Antwoord

Beveiliging & privacy

HiJacklog - internet werkt niet

Anoniem
M@rc
27 antwoorden
 • Wie kan helpen met het volgende
  1) internet explorer werkt niet
  2) lan verbinding werkt wel. Kan ping uitvoeren
  3) In veilige mode werkt IE wel maar zeeeeer traag.
  4) Het CWschredder gedaan in veilige mode. Kan die niet updaten. Verder niets gevonden.
  5) Winsockfix werkt niet. Krijg foutmelding dat het geen win32 applicatie is.
  6) hierbij een hijjack log.
  Dank,
  Maarten

  ++++++
  [list:398f240cce]
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 16:52:51, on 1-5-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Launch Manager\QtZgAcer.EXE
  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
  C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\WINDOWS\TEMP\D24F2013.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\Msmsgs.exe
  C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
  C:\Program Files\Network Associates\VirusScan\Mcshield.exe
  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
  C:\Program Files\eFax Messenger 4.0\J2GTray.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  F:\HiJackThis.exe
  C:\WINDOWS\system32\wscntfy.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
  O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\D24F2013.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
  O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winhp32.exe
  O4 - HKCU\..\Policies\Explorer\Run: [{262916F0-05DA-1043-0909-04040908001f}] "C:\Program Files\Common Files\{262916F0-05DA-1043-0909-04040908001f}\Update.exe" mc-110-12-0001411
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Image Transfer.lnk = ?
  O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
  O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
  O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
  O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
  O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


  End of file - 7490 bytes
  [/list:u:398f240cce]
 • Die geïnfecteerde bestanden zitten in systeemherstelpunten Maarten.
  Door de deïnstallatie van ComboFix (combofix /U), worden de bestaande systeemherstelpunten ook gewist.
  In principe zou je deze dus ook kwijt moeten zijn.
 • Marc, bedankt zover.
  Ik ga voor de zekerheid nog 1x een scan uitvoeren.
  Groet, Maarten
 • Graag gedaan Maarten. :D
  Mochten er nog problemen zijn, dan meld je het maar.
 • Hallo,


  Sluit alle open vensters.
  Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

  [b:bd3c1931c7]O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\D24F2013.exe
  O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\winhp32.exe
  O4 - HKCU\..\Policies\Explorer\Run: [{262916F0-05DA-1043-0909-04040908001f}] "C:\Program Files\Common Files\{262916F0-05DA-1043-0909-04040908001f}\Update.exe" mc-110-12-0001411
  O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
  O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
  O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing)[/b:bd3c1931c7]

  Klik daarna op "Fix checked" en sluit HijackThis af.

  Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden
  Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
  Als het tooltje klaar is, opent er een logfile (combofix.txt).
  Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
 • Instructies uitgevoerd. Heb combofix 2x moeten draaien. Eerste keer verscheen er geen log.
  Heb weer toegang tot het Internet. Virusscanner geeft wel veel meldingen.

  HiJack log

  [list:0277ca9bbd]
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:35:59, on 1-5-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16608)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
  C:\Program Files\Network Associates\VirusScan\Mcshield.exe
  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
  C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Launch Manager\QtZgAcer.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\Msmsgs.exe
  C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
  C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
  C:\Program Files\eFax Messenger 4.0\J2GTray.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\internet explorer\iexplore.exe
  C:\Downloads\hijackthis\HiJackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
  O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Image Transfer.lnk = ?
  O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
  O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
  O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
  O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


  End of file - 7274 bytes
  [/list:u:0277ca9bbd]

  Combo Log
  [list:0277ca9bbd]
  ComboFix 08-04-29.5 - Ruud 2008-05-01 19:25:28.5 -
 • Kan de virusscanner alles verwijderen?
 • Tot nu toe wel Ik heb hem net opnieuw gestart.
  Meld me zo als de scan afgewerkt is.
 • Prima Maarten.
  Maak dan ook een nieuwe log met ComboFix zodat ik ka zien wat er nog overgebleven is aan malware.
 • Scanner heeft een aantal trojan horses gevonden en die kunnen verwijderen.
  Suggesties voor volgende stappen?
 • Zie vorige post Maarten.
 • Sorry, heb niet goed opgelet.
  Hierbij het nieuwe Combo log.

  Verder krijg ik nog een melding van de virusscanner over een file av-test.txt. Deze file wordt verplaatst. De toepassing is CF14121.exe.

  [list:9063cd0596]
  ComboFix 08-04-29.5 - Ruud 2008-05-01 20:30:01.6 -
 • Ga naar deze website: http://www.virustotal.com/en/indexf.html
  Laat volgend bestandje scannen: C:\Documents and Settings\Default User\mpsetup.exe
  Post het resultaat van de scan.
 • Hierbij het resultaat van de scan
  \
  [list:fda614f437]
  Bestand mpsetup.exe ontvangen op 2008.05.02 12:29:40 (CET)
  Bestand mpsetup.exe ontvangen op 2008.05.02 12:29:40 (CET)Antivirus Versie Laatst geüpdatet Resultaat
  AhnLab-V3 2008.5.2.1 2008.05.02 -
  AntiVir 7.8.0.11 2008.05.02 -
  Authentium 4.93.8 2008.05.02 -
  Avast 4.8.1169.0 2008.05.02 -
  AVG 7.5.0.516 2008.05.02 -
  BitDefender 7.2 2008.05.02 -
  CAT-QuickHeal 9.50 2008.05.01 -
  ClamAV 0.92.1 2008.05.02 -
  DrWeb 4.44.0.09170 2008.04.30 -
  eSafe 7.0.15.0 2008.04.28 Suspicious Archive Structure
  eTrust-Vet 31.3.5752 2008.05.02 -
  Ewido 4.0 2008.05.01 -
  F-Prot 4.4.2.54 2008.05.01 -
  F-Secure 6.70.13260.0 2008.05.02 -
  Fortinet 3.14.0.0 2008.05.02 -
  Ikarus T3.1.1.26 2008.05.02 -
  Kaspersky 7.0.0.125 2008.05.02 -
  McAfee 5285 2008.04.30 -
  Microsoft 1.3408 2008.04.22 -
  NOD32v2 3070 2008.05.02 -
  Norman 5.80.02 2008.04.30 -
  Panda 9.0.0.4 2008.05.01 -
  Rising 20.42.22.00 2008.04.30 -
  Sophos 4.29.0 2008.05.02 -
  Sunbelt 3.0.1097.0 2008.05.01 -
  Symantec 10 2008.05.02 -
  TheHacker 6.2.92.298 2008.04.30 -
  VBA32 3.12.6.5 2008.05.01 -
  VirusBuster 4.3.26:9 2008.05.01 -
  Webwasher-Gateway 6.6.2 2008.05.02 -

  Extra informatie
  File size: 13089928 bytes
  MD5…: 0ee48025d6d3b65d8380fb2aa52715cf
  SHA1..: 2db542fd98d881b3bb65c9627d56c06ffe31aa90
  SHA256: 550589b236f896807aece63bb478b66327edd33fe8c05ff99a4c320394cc5a13
  SHA512: d43be33738310d1d98ab62976af4e40b02ba20ad36c652ed93be7258a2c5ce33<BR>28f88aaa1462b52a0a5abd40297020c142849438596d17e8d0ca2f74df5723f1
  PEiD..: -
  PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1005a5e<BR>timedatestamp…..: 0x3b7dc821 (Sat Aug 18 01:42:57 2001)<BR>machinetype…….: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x861a 0x8800 6.55 43984be5cb414e4634db17caa4d1c30b<BR>.data 0xa000 0x1be4 0x400 4.18 730893b14fc930a187215e7fb53bc0a5<BR>.rsrc 0xc000 0xc72000 0xc71200 8.00 4672422d9f5dab72952cb4265b8d75dc<BR><BR>( 6 imports ) <BR>&gt; ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA<BR>&gt; KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GetProcAddress, GlobalUnlock, GlobalLock, GlobalAlloc, FreeResource, CloseHandle, LoadResource, SizeofResource, FindResourceA, ReadFile, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, LockResource, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalFree<BR>&gt; GDI32.dll: GetDeviceCaps<BR>&gt; USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics<BR>&gt; COMCTL32.dll: -<BR>&gt; VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA<BR><BR>( 0 exports ) <BR>
  packers: CAB, Unicode  [/list:u:fda614f437]
 • Zijn er nog problemen Maarten?
 • Nee, het ziet er allemaal goed uit. Heb ook Spybot laten draaien en die geeft ook niets bijzonders.
  Voor de zekerheid een laatste log.

  [list:4b6eef871c]
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 15:49:19, on 2-5-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
  C:\Program Files\Network Associates\VirusScan\Mcshield.exe
  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
  C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\Launch Manager\QtZgAcer.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Messenger\Msmsgs.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Downloads\hijackthis\HiJackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [LaunchApp] Alaunch
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
  O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: Image Transfer.lnk = ?
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121w.bay121.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102115013593
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
  O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
  O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


  End of file - 7438 bytes
  [/list:u:4b6eef871c]
 • Alles is schoon. :P
  Dank voor je hulp. Maarten
 • Ga naar [b:428f3aa978] en klik onderaan op [b:428f3aa978]Accept[/b:428f3aa978].
  Deze scanner werkt uitsluitend met
 • scan bijna succesvol uitgevoerd. 5 virusen en 34 files gedetecteerd. Kan alleen het log niet vinden. Ga een nieuwe scan maken.
 • Scan succesvol uitevoerd. Zie log.
  Eigen scanner 'vangt' ook regelmatig virussen. Zie C:\quaratine.

  [list:66246adde3]
  ——————————————————————————-
  KASPERSKY ONLINE SCANNER REPORT
  Friday, May 02, 2008 7:48:08 PM
  Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
  Kaspersky Online Scanner version: 5.0.98.0
  Kaspersky Anti-Virus database last update: 2/05/2008
  Kaspersky Anti-Virus database records: 735468
  ——————————————————————————-

  Scan Settings:
  Scan using the following antivirus database: extended
  Scan Archives: true
  Scan Mail Bases: true

  Scan Target - My Computer:
  C:\
  D:\
  E:\

  Scan Statistics:
  Total number of scanned objects: 93745
  Number of viruses found: 5
  Number of infected objects: 20
  Number of suspicious objects: 0
  Duration of the scan process: 01:01:13

  Infected Object Name / Virus Name / Last Action
  C:\WINDOWS\system32\config\system.LOG Object is locked skipped
  C:\WINDOWS\system32\config\software.LOG Object is locked skipped
  C:\WINDOWS\system32\config\default.LOG Object is locked skipped
  C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
  C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
  C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
  C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
  C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
  C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
  C:\WINDOWS\system32\config\SECURITY Object is locked skipped
  C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
  C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
  C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
  C:\WINDOWS\system32\config\SAM Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
  C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
  C:\WINDOWS\system32\qsetup.exe Infected: IM-Worm.Win32.Licat.l skipped
  C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
  C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
  C:\WINDOWS\system32\h323log.txt Object is locked skipped
  C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
  C:\WINDOWS\WindowsUpdate.log Object is locked skipped
  C:\WINDOWS\SchedLgU.Txt Object is locked skipped
  C:\WINDOWS\wiaservc.log Object is locked skipped
  C:\WINDOWS\Sti_Trace.log Object is locked skipped
  C:\WINDOWS\wiadebug.log Object is locked skipped
  C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_RUUD.log Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_RUUD.log Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080502_Time-154121368_EnterceptRules.dat Object is locked skipped
  C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080502_Time-154121368_EnterceptExceptions.dat Object is locked skipped
  C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
  C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
  C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
  C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
  C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
  C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
  C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
  C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
  C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
  C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
  C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
  C:\Documents and Settings\Ruud\NTUSER.DAT Object is locked skipped
  C:\Documents and Settings\Ruud\ntuser.dat.LOG Object is locked skipped
  C:\Documents and Settings\Ruud\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
  C:\Documents and Settings\Ruud\Local Settings\Geschiedenis\History.IE5\MSHist012008050220080503\index.dat Object is locked skipped
  C:\Documents and Settings\Ruud\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
  C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
  C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
  C:\Documents and Settings\Ruud\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
  C:\Documents and Settings\Ruud\Bureaublad\Ilona\Bureaublad\digitech.exe Infected: IM-Worm.Win32.Licat.l skipped
  C:\Documents and Settings\Ruud\Cookies\index.dat Object is locked skipped
  C:\Documents and Settings\Ruud\scd.exe Infected: IM-Worm.Win32.Licat.i skipped
  C:\QooBox\Quarantine\C\Documents and Settings\Ruud\Application Data\winantispyware2006freeinstall[1].exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
  C:\QooBox\Quarantine\C\Documents and Settings\Ruud\winstall.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\212235320.dll.Vir Object is locked skipped
  C:\QUARANTINE\Av-test.txt.Vir Object is locked skipped
  C:\QUARANTINE\Av-test.txt.Vir.0 Object is locked skipped
  C:\QUARANTINE\winstall.exe.Vir Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\Av-test.txt.Vir.1 Object is locked skipped
  C:\QUARANTINE\Av-test.txt.Vir.2 Object is locked skipped
  C:\QUARANTINE\Av-test.txt.Vir.3 Object is locked skipped
  C:\QUARANTINE\game0.exe.exe.Vir Object is locked skipped
  C:\QUARANTINE\Av-test.txt.Vir.4 Object is locked skipped
  C:\QUARANTINE\winstall.exe.Vir.0 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.1 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.2 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.3 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.4 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.5 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.6 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.7 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.8 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.9 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\winstall.exe.Vir.10 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\QUARANTINE\taskdir.exe.Vir Object is locked skipped
  C:\QUARANTINE\taskdir.exe.Vir.0 Object is locked skipped
  C:\FOUND.031\FILE0005.CHK Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
  C:\FOUND.031\FILE0008.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
  C:\FOUND.032\FILE0001.CHK Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

  Scan process completed.
  [/list:u:66246adde3]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.