UB40

Lid

Bekijk profiel Bekijk hun activiteit

Items
25
Registratiedatum
11 juni 2010
Laatst bezocht
4 januari 2011

UB40's prestaties

Leerling (3/14)

Recente badges

Reputatie

Krijg .net frame niet geupdate

UB40 reageerde op UB40's topic in Archief Windows Algemeen

Windows xp home edition
- 4 januari 2011
- 3 antwoorden
Krijg .net frame niet geupdate

UB40 plaatste een topic in Archief Windows Algemeen

Hallo, Ik probeer mijn .net frame van 2.0 naar 3.5 te update maar blijf steeds foutmelding krijgen. In de log file staat: [01/04/11,01:48:36] Windows Communication Foundation: [2] Error: Installation failed for component Windows Communication Foundation. MSI returned error code 1603 [01/04/11,01:48:47] WapUI: [2] DepCheck indicates Windows Communication Foundation is not installed. [01/04/11,01:48:47] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.0 was not attempted to be installed. [01/04/11,01:51:28] Windows Communication Foundation: [2] Error: Installation failed for component Windows Communication Foundation. MSI returned error code 1603 [01/04/11,01:51:48] WapUI: [2] DepCheck indicates Windows Communication Foundation is not installed. [01/04/11,01:51:48] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.0 was not attempted to be installed. [01/04/11,02:06:19] Windows Communication Foundation: [2] Error: Installation failed for component Windows Communication Foundation. MSI returned error code 1618 [01/04/11,02:06:42] WapUI: [2] DepCheck indicates Windows Communication Foundation is not installed. [01/04/11,02:06:43] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.0 was not attempted to be installed. Kan iemand mij helpen? Bij voorbaat dank,
- 4 januari 2011
- 3 antwoorden
antiviri

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

Kent u toevallig ook nog een gratis virus scanner? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:53:46, on 15-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe c:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Pidgin\pidgin.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe E:\HijackThis (1).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Sophos AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- End of file - 4484 bytes
- 15 juli 2010
- 9 antwoorden
antiviri

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

Ik heb Sophos als anti virus programma geïnstalleerd. Hieronder het combo logje: ComboFix 10-07-14.04 - Chris 15-07-2010 19:16:23.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.203 [GMT 2:00] Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Chris\Bureaublad\CFScript.txt..txt AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} FILE :: "c:\windows\popcinfot.dat" "c:\windows\System32\DRIVERS\ManyCamq.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Norton c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\isolate.ini c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Module9000.txt c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\Connections\connections.dat c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{65190544-26C3-43a4-A78A-694964901607}.dat c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{6E3396BD-C6A6-4f0f-9254-267F9058FEC4}.dat c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat c:\documents and settings\All Users\Application Data\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Norton\itbLUReg\{D4F4CC32-7A41-4684-AE57-41E59E9B4503}.dat c:\documents and settings\All Users\Application Data\Norton\symdata.xml c:\documents and settings\All Users\Application Data\NortonInstaller c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\07-03-2010-16h30m11s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\07-03-2010-16h30m11s\NortonInstall-07-03-2010-16h30m11s.log c:\documents and settings\All Users\Application Data\Symantec c:\documents and settings\All Users\Application Data\Symantec\symdata.xml c:\program files\Common Files\Symantec Shared c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\catalog.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\cceraser.dll c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ecmsvr32.dll c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\eeCtrl.sys c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ERASER.grd c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ERASER.sig c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ERASER.spm c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ERASER.sys c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ESRDEF.BIN c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\HH c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\naveng.sys c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\naveng32.dll c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\navex15.sys c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\navex32a.dll c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\ncsacert.txt c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\scrauth.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\symaveng.cat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\symaveng.inf c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\SymErase.cat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\SymErase.inf c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TCDEFS.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TCSCAN7.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TCSCAN8.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TCSCAN9.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\technote.txt c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TINF.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\tinfidx.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TINFL.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\TSCAN1.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\tscan1hd.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\V.GRD c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\V.SIG c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN.INF c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN1.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN2.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN3.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN4.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN5.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN6.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN7.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN8.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\VIRSCAN9.DAT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\virscant.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\WHATSNEW.TXT c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20100712.003\zdone.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\catalog.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.grd c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sig c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.spm c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\esrdef.bin c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\hh c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng.sys c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\navex15.sys c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\symaveng.cat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\symaveng.inf c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SymErase.cat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SymErase.inf c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcdefs.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan7.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan8.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan9.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\technote.txt c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinf.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfl.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tscan1.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tscan1hd.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\v.grd c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\v.sig c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan.inf c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan1.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan2.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan3.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan4.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan5.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan6.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan7.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan8.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan9.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\whatsnew.txt c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\zdone.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\definfo.dat c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\umcat_01.db c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\usage.dat c:\program files\Norton Security Scan c:\program files\Norton Security Scan\Engine\2.7.3.34\{2A85E335-7417-424d-AD89-31DED1689794}.dat c:\program files\Norton Security Scan\Engine\2.7.3.34\{407D1C08-B366-4aca-92FB-E04E97F6681D}.dat c:\program files\Norton Security Scan\Engine\2.7.3.34\BilBDRes.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\ccL80U.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\ccScanw.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\ccVrTrst.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\dec_abi.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\DefLoad.exe c:\program files\Norton Security Scan\Engine\2.7.3.34\DefUtDCD.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\diLueCbk.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\ecmldr32.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\HeartBt.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\help.htm c:\program files\Norton Security Scan\Engine\2.7.3.34\Microsoft.VC80.CRT.manifest c:\program files\Norton Security Scan\Engine\2.7.3.34\msl.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\msvcp80.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\msvcr80.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe c:\program files\Norton Security Scan\Engine\2.7.3.34\patch25d.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\PrdDtRes.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\ReputationCacheDB.db c:\program files\Norton Security Scan\Engine\2.7.3.34\RevList.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\SAUpdt.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanCore.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanRes.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\ScanText.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\SKUCfg.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\SKURes.dll c:\program files\Norton Security Scan\Engine\2.7.3.34\SymHTML.dll c:\program files\Norton Security Scan\isolate.ini c:\program files\NortonInstaller c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\13\01\InstUI.loc c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\ccL80U.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\ccSet.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Engine.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\extract.dat c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\fallback.dat c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\finalzed.dat c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Install.mft c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstUI.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\layout.dat c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Lue.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\msvcm80.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\msvcp80.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\msvcr80.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\ProdCbk.dll c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\SKUCfg.dll c:\windows\popcinfot.dat c:\windows\system32\drivers\NSS c:\windows\system32\drivers\NSS\0207030.022\isolate.ini Besmet exemplaar van c:\windows\system32\ws2_32.dll werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\ws2_32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KDDDTQ -------\Legacy_MANYCAMQ -------\Legacy_SKMKMETQ -------\Service_kdddtq -------\Service_ManyCamq -------\Service_skmkmetq (((((((((((((((((((( Bestanden Gemaakt van 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))) . 2010-07-15 17:14 . 2010-07-15 17:14 2157 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com 2010-07-15 16:50 . 2010-07-15 16:50 2105 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\msnia.login.live.com 2010-07-15 16:50 . 2010-07-15 16:50 2095 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\login.live.com 2010-07-15 16:27 . 2010-07-15 16:27 -------- d-----w- c:\program files\Common Files\Cisco Systems 2010-07-15 16:27 . 2009-07-30 10:36 152192 ----a-r- c:\windows\system32\drivers\savonaccesscontrol.sys 2010-07-15 16:27 . 2009-07-30 10:36 24064 ----a-r- c:\windows\system32\drivers\savonaccessfilter.sys 2010-07-15 16:27 . 2009-12-07 07:22 26664 ----a-w- c:\windows\system32\SophosBootTasks.exe 2010-07-15 16:26 . 2010-07-15 16:32 -------- d-----w- c:\program files\Sophos 2010-07-15 16:26 . 2010-07-15 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2010-07-15 16:25 . 2008-05-23 05:38 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2010-07-15 16:25 . 2010-07-15 16:25 -------- d-----w- C:\savw_9_sa 2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes 2010-07-14 20:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-14 20:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-14 20:13 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-14 20:05 . 2010-07-14 20:05 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-07-14 20:05 . 2010-07-14 20:05 2560 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftdm32.exe 2010-07-14 20:05 . 2010-07-14 20:05 2560 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftdm.exe 2010-07-14 20:05 . 2010-07-14 20:05 16384 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftstp.exe 2010-07-14 20:05 . 2010-07-14 20:05 40960 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msfteml.dll 2010-07-14 20:05 . 2010-07-14 20:05 49152 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftcore.dll 2010-07-14 20:05 . 2010-07-14 20:05 28672 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftldr.dll 2010-07-13 22:06 . 2010-07-14 21:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-07-13 22:06 . 2010-07-13 22:06 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-07-13 20:56 . 2010-07-13 20:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-07-13 20:19 . 2010-07-13 20:21 -------- d-----w- c:\program files\VirtualDJ 2010-07-13 20:15 . 2010-07-13 20:15 -------- d-----w- c:\documents and settings\Chris\Application Data\Apple Computer 2010-07-13 18:06 . 2010-07-13 18:06 -------- d-----w- c:\documents and settings\Chris\Application Data\PCDJ 2010-07-13 18:03 . 2010-07-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDJ 2010-07-13 17:57 . 2010-07-13 18:57 -------- d-----w- c:\program files\PCDJ DEX 2010-07-12 23:31 . 2010-07-13 20:28 159112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-07-12 16:49 . 2010-07-12 16:49 -------- d-----w- c:\program files\Gravity 2010-07-11 15:00 . 2010-07-11 15:00 2165 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com 2010-07-06 20:33 . 2010-05-24 18:33 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-07-06 20:33 . 2010-07-06 20:33 -------- d-----w- c:\program files\ffdshow 2010-07-03 15:57 . 2010-07-03 15:57 -------- d--h--w- c:\windows\PIF 2010-07-03 12:10 . 2010-07-03 12:53 -------- d-----w- c:\program files\LQ Software 2010-07-01 21:13 . 2010-07-01 21:13 0 ----a-w- c:\windows\nsreg.dat 2010-07-01 21:13 . 2010-07-01 21:13 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Mozilla 2010-06-29 16:58 . 2010-06-29 17:00 -------- d-----w- c:\program files\QuickTime 2010-06-29 16:58 . 2010-06-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-29 16:57 . 2010-06-29 16:57 -------- d-sh--w- c:\documents and settings\Chris\PrivacIE 2010-06-29 16:57 . 2010-06-29 16:57 -------- d-----w- c:\program files\Common Files\Apple 2010-06-29 16:57 . 2010-06-29 16:57 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple 2010-06-29 16:56 . 2010-06-29 16:57 -------- d-----w- c:\program files\Apple Software Update 2010-06-29 16:56 . 2010-06-29 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-06-29 16:56 . 2010-06-29 16:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple Computer 2010-06-29 14:48 . 2010-06-29 14:48 128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\fusioncache.dat 2010-06-29 14:48 . 2010-06-29 14:50 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\ApplicationHistory 2010-06-29 09:02 . 2008-04-14 17:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-06-29 08:42 . 2010-07-14 22:04 -------- d-----w- c:\documents and settings\Chris\Application Data\BitTorrent 2010-06-29 08:42 . 2010-06-29 08:42 -------- d-----w- c:\program files\BitTorrent 2010-06-27 11:56 . 2010-06-27 11:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\DOSBox 2010-06-27 11:56 . 2010-06-27 12:32 -------- d-----w- c:\program files\DOSBox-0.74 2010-06-27 11:55 . 2010-06-27 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2010-06-26 22:24 . 2010-06-26 22:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-06-26 17:23 . 2010-06-26 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-06-26 17:22 . 2010-06-26 17:22 -------- d-sh--w- c:\documents and settings\Chris\IETldCache 2010-06-26 17:20 . 2010-06-26 17:20 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Search 2010-06-26 17:15 . 2010-06-26 17:15 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-26 17:13 . 2010-05-06 10:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-06-26 17:13 . 2010-05-06 10:36 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-26 17:13 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-26 17:13 . 2010-06-27 19:30 -------- d-----w- c:\windows\ie8updates 2010-06-26 17:13 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-06-26 17:09 . 2010-06-26 17:11 -------- dc-h--w- c:\windows\ie8 2010-06-26 16:50 . 2010-06-26 16:50 -------- d-----w- c:\windows\system32\XPSViewer 2010-06-26 16:50 . 2010-06-26 16:50 -------- d-----w- c:\program files\Reference Assemblies 2010-06-26 16:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-06-26 16:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-06-26 16:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-06-26 16:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-06-26 16:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-06-26 16:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-06-26 16:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-06-26 16:49 . 2010-06-26 16:49 -------- d-----w- C:\04043b209dec1c33afa59ab71e 2010-06-26 16:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-06-26 16:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-06-26 16:38 . 2010-06-26 16:38 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Desktop Search 2010-06-26 16:37 . 2010-06-27 19:22 -------- d-----w- c:\program files\Windows Desktop Search 2010-06-26 16:37 . 2010-06-26 16:37 -------- d-----w- c:\windows\system32\GroupPolicy 2010-06-26 16:36 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2010-06-26 16:36 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll 2010-06-26 16:36 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll 2010-06-26 16:36 . 2010-06-26 16:36 -------- d-----w- c:\program files\Windows Media Connect 2 2010-06-26 16:34 . 2010-06-26 16:34 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-06-26 16:31 . 2010-06-26 16:32 -------- d-----w- c:\windows\system32\URTTemp 2010-06-26 10:03 . 2010-07-15 16:56 -------- d-----w- c:\program files\zf 2010-06-16 16:09 . 2010-05-06 10:36 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-16 16:09 . 2010-05-06 10:36 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-16 16:09 . 2010-05-06 10:36 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-06-16 16:09 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2010-06-16 16:09 . 2010-05-06 10:36 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-06-16 16:09 . 2009-03-08 02:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll 2010-06-16 16:09 . 2009-03-08 02:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll 2010-06-16 16:09 . 2009-02-06 19:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-15 17:25 . 2010-04-04 19:50 -------- d-----w- c:\documents and settings\Chris\Application Data\.purple 2010-07-15 17:18 . 2010-01-12 19:42 70408 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-15 14:49 . 2010-01-12 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-14 20:17 . 2010-01-12 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-07-14 20:05 . 2010-02-06 15:26 -------- d-----w- c:\documents and settings\Chris\Application Data\DivX 2010-07-13 22:09 . 2010-03-31 15:30 -------- d-----w- c:\documents and settings\Chris\Application Data\dvdcss 2010-07-13 19:39 . 2010-02-07 12:35 -------- d-----w- c:\documents and settings\Chris\Application Data\vlc 2010-07-07 17:46 . 2003-04-08 12:00 537436 ----a-w- c:\windows\system32\perfh013.dat 2010-07-07 17:46 . 2003-04-08 12:00 101538 ----a-w- c:\windows\system32\perfc013.dat 2010-07-06 16:40 . 2010-02-07 12:37 3376 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-26 16:50 . 2010-01-12 19:52 -------- d-----w- c:\program files\MSBuild 2010-06-14 14:31 . 2010-01-12 13:06 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-05-31 11:01 . 2010-05-31 11:00 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-23 18:35 . 2010-04-24 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-05-23 18:34 . 2010-04-24 21:36 -------- d-----w- c:\documents and settings\Chris\Application Data\Skype 2010-05-23 18:29 . 2010-04-24 21:37 -------- d-----w- c:\documents and settings\Chris\Application Data\skypePM 2010-05-06 10:37 . 2006-06-23 12:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:10 . 2003-04-08 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-24 21:37 . 2010-04-24 21:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-04-20 05:35 . 2003-04-08 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ------- Sigcheck ------- [7] 2008-04-14 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . 34280C5B6B875D7100504204CFFD7527 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2005-03-02 . 0B62745CE93E8C6F56547F70269DBABC . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll [-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll [7] 2004-08-04 . 8E5D344FD717D35EE7ED1C8E0AD0CBE6 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2003-04-08 . 2E8CEC28BE4D9B830BA0AFF73C9279F7 . 561664 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB890859_0$\user32.dll [7] 2008-04-14 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll [-] 2008-04-14 . 5B75040C101C65694B9EAC24BF2088F2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [7] 2004-08-04 . 3B728289DFA923A2C12BE827382C2DB1 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-07 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-07-13 6082368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-9-4 429096] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "Windows Service Host"= c:\documents and settings\Chris\Application Data\svhost.exe "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\LQ Software\\msnmsgr.exe"= R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [15-7-2010 18:27 152192] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [15-7-2010 18:27 24064] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [7-9-2009 12:11 104488] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7-9-2009 12:11 93736] S3 ATMELFVNETusb(505A_2958)®;ATMEL FVNETusb(505A_2958)® Service for ATMEL USB FastVNET (505A);c:\windows\system32\drivers\vnet5a8x.sys [20-2-2010 18:29 119936] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?] S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\Chris\BUREAU~1\AIRCRA~1.COM\AIRCRA~1.3-W\bin\PEEK5.SYS --> c:\docume~1\Chris\BUREAU~1\AIRCRA~1.COM\AIRCRA~1.3-W\bin\PEEK5.SYS [?] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [15-7-2010 18:25 14976] . Inhoud van de 'Gedeelde Taken' map 2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-436374069-854245398-1004Core.job - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 12:17] 2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-436374069-854245398-1004UA.job - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 12:17] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\ozdkuk7y.default\ FF - plugin: c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-15 19:29 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2716) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2010-07-15 19:34:31 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-15 17:34 ComboFix2.txt 2010-07-15 16:15 Pre-Run: 21.508.681.728 bytes beschikbaar Post-Run: 21.571.358.720 bytes beschikbaar - - End Of File - - 7A4BA8DCD1F95ABA4912C458B0C14951
- 15 juli 2010
- 9 antwoorden
antiviri

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

ComboFix 10-07-14.04 - Chris 15-07-2010 17:58:13.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.361 [GMT 2:00] Gestart vanuit: c:\documents and settings\Chris\Bureaublad\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Chris\LOCALS~1\Temp\install_flash_player.exe c:\documents and settings\Chris\Local Settings\Application Data\hceusiine c:\documents and settings\Chris\Local Settings\Application Data\hceusiine\ytcsqnctssd.exe c:\documents and settings\Chris\Local Settings\Application Data\Windows Server c:\documents and settings\Chris\Local Settings\Application Data\Windows Server\config.data c:\documents and settings\Chris\Local Settings\Application Data\Windows Server\thread.xml c:\documents and settings\Chris\Local Settings\Application Data\Windows Server\worker.info c:\documents and settings\Chris\setup_dex_1.0.7228.exe c:\windows\Fonts\mlog c:\windows\google_cache879.tmp c:\windows\system32\dfttuyo.txt c:\windows\system32\dfttuyox.exe c:\windows\system32\hlp.dat c:\windows\system32\Install.txt c:\windows\system32\msmxjchn.dll Besmet exemplaar van c:\windows\system32\drivers\ndis.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\ndis.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASPIMGR (((((((((((((((((((( Bestanden Gemaakt van 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))) . 2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes 2010-07-14 20:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-14 20:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-14 20:58 . 2010-07-14 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-14 20:13 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-14 20:05 . 2010-07-14 20:05 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2010-07-14 20:05 . 2010-07-14 20:05 2560 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftdm32.exe 2010-07-14 20:05 . 2010-07-14 20:05 2560 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftdm.exe 2010-07-14 20:05 . 2010-07-14 20:05 16384 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftstp.exe 2010-07-14 20:05 . 2010-07-14 20:05 40960 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msfteml.dll 2010-07-14 20:05 . 2010-07-14 20:05 49152 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftcore.dll 2010-07-14 20:05 . 2010-07-14 20:05 28672 ----a-w- c:\documents and settings\Chris\Application Data\DivX\drvmsupl60\msftldr.dll 2010-07-13 22:06 . 2010-07-14 21:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-07-13 22:06 . 2010-07-13 22:06 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-07-13 20:56 . 2010-07-13 20:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-07-13 20:19 . 2010-07-13 20:21 -------- d-----w- c:\program files\VirtualDJ 2010-07-13 20:15 . 2010-07-13 20:15 -------- d-----w- c:\documents and settings\Chris\Application Data\Apple Computer 2010-07-13 19:27 . 2010-07-13 19:27 2303 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com 2010-07-13 18:06 . 2010-07-13 18:06 -------- d-----w- c:\documents and settings\Chris\Application Data\PCDJ 2010-07-13 18:03 . 2010-07-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDJ 2010-07-13 17:57 . 2010-07-13 18:57 -------- d-----w- c:\program files\PCDJ DEX 2010-07-13 16:29 . 2010-07-13 16:29 2105 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\msnia.login.live.com 2010-07-13 16:29 . 2010-07-13 16:29 2095 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\login.live.com 2010-07-12 23:31 . 2010-07-13 20:28 159112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-07-12 16:49 . 2010-07-12 16:49 -------- d-----w- c:\program files\Gravity 2010-07-11 15:00 . 2010-07-11 15:00 2165 ----a-w- c:\documents and settings\Chris\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com 2010-07-06 20:33 . 2010-05-24 18:33 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-07-06 20:33 . 2010-07-06 20:33 -------- d-----w- c:\program files\ffdshow 2010-07-03 18:40 . 2010-07-13 15:49 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-03 15:57 . 2010-07-03 15:57 -------- d--h--w- c:\windows\PIF 2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\windows\system32\drivers\NSS 2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\program files\Norton Security Scan 2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\program files\NortonInstaller 2010-07-03 14:30 . 2010-07-03 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-07-03 12:10 . 2010-07-03 12:53 -------- d-----w- c:\program files\LQ Software 2010-07-01 21:13 . 2010-07-01 21:13 0 ----a-w- c:\windows\nsreg.dat 2010-07-01 21:13 . 2010-07-01 21:13 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Mozilla 2010-06-29 16:58 . 2010-06-29 17:00 -------- d-----w- c:\program files\QuickTime 2010-06-29 16:58 . 2010-06-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-06-29 16:57 . 2010-06-29 16:57 -------- d-sh--w- c:\documents and settings\Chris\PrivacIE 2010-06-29 16:57 . 2010-06-29 16:57 -------- d-----w- c:\program files\Common Files\Apple 2010-06-29 16:57 . 2010-06-29 16:57 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple 2010-06-29 16:56 . 2010-06-29 16:57 -------- d-----w- c:\program files\Apple Software Update 2010-06-29 16:56 . 2010-06-29 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-06-29 16:56 . 2010-06-29 16:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Apple Computer 2010-06-29 14:48 . 2010-06-29 14:48 128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\fusioncache.dat 2010-06-29 14:48 . 2010-06-29 14:50 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\ApplicationHistory 2010-06-29 09:02 . 2008-04-14 17:02 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-06-29 08:42 . 2010-07-14 22:04 -------- d-----w- c:\documents and settings\Chris\Application Data\BitTorrent 2010-06-29 08:42 . 2010-06-29 08:42 -------- d-----w- c:\program files\BitTorrent 2010-06-27 11:56 . 2010-06-27 11:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\DOSBox 2010-06-27 11:56 . 2010-06-27 12:32 -------- d-----w- c:\program files\DOSBox-0.74 2010-06-27 11:55 . 2010-06-27 11:55 25 ----a-w- c:\windows\popcinfot.dat 2010-06-27 11:55 . 2010-06-27 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2010-06-26 22:24 . 2010-06-26 22:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-06-26 17:23 . 2010-06-26 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-06-26 17:22 . 2010-06-26 17:22 -------- d-sh--w- c:\documents and settings\Chris\IETldCache 2010-06-26 17:20 . 2010-06-26 17:20 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Search 2010-06-26 17:15 . 2010-06-26 17:15 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-26 17:13 . 2010-05-06 10:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-06-26 17:13 . 2010-05-06 10:36 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-26 17:13 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-26 17:13 . 2010-06-27 19:30 -------- d-----w- c:\windows\ie8updates 2010-06-26 17:13 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-06-26 17:09 . 2010-06-26 17:11 -------- dc-h--w- c:\windows\ie8 2010-06-26 16:50 . 2010-06-26 16:50 -------- d-----w- c:\windows\system32\XPSViewer 2010-06-26 16:50 . 2010-06-26 16:50 -------- d-----w- c:\program files\Reference Assemblies 2010-06-26 16:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-06-26 16:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-06-26 16:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-06-26 16:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-06-26 16:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-06-26 16:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-06-26 16:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-06-26 16:49 . 2010-06-26 16:49 -------- d-----w- C:\04043b209dec1c33afa59ab71e 2010-06-26 16:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-06-26 16:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-06-26 16:38 . 2010-06-26 16:38 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Desktop Search 2010-06-26 16:37 . 2010-06-27 19:22 -------- d-----w- c:\program files\Windows Desktop Search 2010-06-26 16:37 . 2010-06-26 16:37 -------- d-----w- c:\windows\system32\GroupPolicy 2010-06-26 16:36 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2010-06-26 16:36 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll 2010-06-26 16:36 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll 2010-06-26 16:36 . 2010-06-26 16:36 -------- d-----w- c:\program files\Windows Media Connect 2 2010-06-26 16:34 . 2010-06-26 16:34 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-06-26 16:31 . 2010-06-26 16:32 -------- d-----w- c:\windows\system32\URTTemp 2010-06-26 10:03 . 2010-07-12 17:23 -------- d-----w- c:\program files\zf 2010-06-16 16:09 . 2010-05-06 10:36 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-16 16:09 . 2010-05-06 10:36 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-16 16:09 . 2010-05-06 10:36 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-06-16 16:09 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2010-06-16 16:09 . 2010-05-06 10:36 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-06-16 16:09 . 2009-03-08 02:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll 2010-06-16 16:09 . 2009-03-08 02:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll 2010-06-16 16:09 . 2009-02-06 19:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-15 14:49 . 2010-01-12 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-14 20:17 . 2010-01-12 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-07-14 20:05 . 2010-02-06 15:26 -------- d-----w- c:\documents and settings\Chris\Application Data\DivX 2010-07-13 22:09 . 2010-03-31 15:30 -------- d-----w- c:\documents and settings\Chris\Application Data\dvdcss 2010-07-13 20:26 . 2010-04-04 19:50 -------- d-----w- c:\documents and settings\Chris\Application Data\.purple 2010-07-13 19:39 . 2010-02-07 12:35 -------- d-----w- c:\documents and settings\Chris\Application Data\vlc 2010-07-13 18:06 . 2010-01-12 19:42 69640 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-07 17:46 . 2003-04-08 12:00 537436 ----a-w- c:\windows\system32\perfh013.dat 2010-07-07 17:46 . 2003-04-08 12:00 101538 ----a-w- c:\windows\system32\perfc013.dat 2010-07-06 16:40 . 2010-02-07 12:37 3376 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-26 16:50 . 2010-01-12 19:52 -------- d-----w- c:\program files\MSBuild 2010-06-14 14:31 . 2010-01-12 13:06 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-05-31 11:01 . 2010-05-31 11:00 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-23 18:35 . 2010-04-24 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-05-23 18:34 . 2010-04-24 21:36 -------- d-----w- c:\documents and settings\Chris\Application Data\Skype 2010-05-23 18:29 . 2010-04-24 21:37 -------- d-----w- c:\documents and settings\Chris\Application Data\skypePM 2010-05-06 10:37 . 2006-06-23 12:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:10 . 2003-04-08 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-24 21:37 . 2010-04-24 21:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-04-20 05:35 . 2003-04-08 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ------- Sigcheck ------- [7] 2008-04-14 . 4CF588D2F2363B73EB4AF57967D46DFF . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . 34280C5B6B875D7100504204CFFD7527 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2005-03-02 . 0B62745CE93E8C6F56547F70269DBABC . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll [-] 2005-03-02 . A9F2EBFC6EF9C1FB38CEDCF747162B6C . 578560 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll [7] 2004-08-04 . 8E5D344FD717D35EE7ED1C8E0AD0CBE6 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2003-04-08 . 2E8CEC28BE4D9B830BA0AFF73C9279F7 . 561664 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB890859_0$\user32.dll [7] 2008-04-14 . 520391367546218929749612ABFE840C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . E118FC715924EDB5648A9B47319A40E8 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2006-05-19 . B6CF1CC6D4DC9FF11C35FD1CA4D744D3 . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819_0$\ws2_32.dll [7] 2004-08-04 . 06EBCBE58321E924980148B7E3DBD753 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2003-04-08 . 3EA6EDC08BB3F373839060EA8B40CE72 . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB914388_0$\ws2_32.dll [7] 2008-04-14 . 7ED22EA6D840CD388BD68B68580468E1 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll [-] 2008-04-14 . 5B75040C101C65694B9EAC24BF2088F2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [7] 2004-08-04 . 3B728289DFA923A2C12BE827382C2DB1 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-07 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-07-13 6082368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "Windows Service Host"= c:\documents and settings\Chris\Application Data\svhost.exe "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\LQ Software\\msnmsgr.exe"= S0 kdddtq;kdddtq; [x] S0 skmkmetq;skmkmetq; [x] S2 ManyCamq;ManyCamq;\??\c:\windows\System32\DRIVERS\ManyCamq.sys --> c:\windows\System32\DRIVERS\ManyCamq.sys [?] S3 ATMELFVNETusb(505A_2958)®;ATMEL FVNETusb(505A_2958)® Service for ATMEL USB FastVNET (505A);c:\windows\system32\drivers\vnet5a8x.sys [20-2-2010 18:29 119936] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?] S3 PEEK5;PEEK5 Protocol Driver;\??\c:\docume~1\Chris\BUREAU~1\AIRCRA~1.COM\AIRCRA~1.3-W\bin\PEEK5.SYS --> c:\docume~1\Chris\BUREAU~1\AIRCRA~1.COM\AIRCRA~1.3-W\bin\PEEK5.SYS [?] . Inhoud van de 'Gedeelde Taken' map 2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-436374069-854245398-1004Core.job - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 12:17] 2010-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-436374069-854245398-1004UA.job - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 12:17] 2010-07-13 c:\windows\Tasks\Norton Security Scan for Chris.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 07:48] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\ozdkuk7y.default\ FF - plugin: c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-15 18:09 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3272) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2010-07-15 18:15:52 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-15 16:15 Pre-Run: 21.944.426.496 bytes beschikbaar Post-Run: 22.062.223.360 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 77F6FF005A1C2FA28403D47C77E75DD9 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:19:59, on 15-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe E:\HijackThis (1).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe -- End of file - 3833 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4314 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 15-7-2010 18:44:28 mbam-log-2010-07-15 (18-44-28).txt Scantype: Snelle scan Objecten gescand: 131747 Verstreken tijd: 21 minuut/minuten, 31 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) En ik heb inmiddels anti virus geinstalleerd.
- 15 juli 2010
- 9 antwoorden
antiviri

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4314 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 14-7-2010 23:16:46 mbam-log-2010-07-14 (23-16-46).txt Scantype: Snelle scan Objecten gescand: 133496 Verstreken tijd: 16 minuut/minuten, 30 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 5 Registerwaarden geïnfecteerd: 3 Registerdata geïnfecteerd: 1 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 43 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot. Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\Chris\Application Data\svhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\svhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3905509622-6577247017-831297888-7973\mgrls32.exe (Worm.Autorun. -> Delete on reboot. C:\WINDOWS\system32\drivers\ManyCamq.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\114.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\2328142e.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\922.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\eiyskans.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\lurqjkle.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\mf9ipdd44.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\drleovjj.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\wpjt0oof.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\xb5y8f33u.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\netgisg.exe (Backdoor.Votwup) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\qcqtps.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\awkvrft.exe (Backdoor.Votwup) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\bohvby.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\2600ddb4.tmp (Trojan.Ransom) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\2dfad96d.tmp (Trojan.Ransom) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\5cc798bf.tmp (Trojan.Ransom) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\64e94188.tmp (Trojan.Ransom) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\b1ad283f.tmp (Trojan.Ransom) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\DP8O4UUJ\wzdcjrp[1].htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\DP8O4UUJ\rpldr32[1].exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\DP8O4UUJ\fwelcx[1].htm (Trojan.Dropper.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\DP8O4UUJ\hypwhc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\VGC0DEMF\yptozgozmu[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\VGC0DEMF\yptozgozmu[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\VGC0DEMF\gnemtrzxsn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\YYOT69NX\loaderadv600[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\YYOT69NX\rvqxfn[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aspimgr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\comsats.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\service.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\updata.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\785.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Local Settings\Temp\_check32.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Services.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:28:15, on 14-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\HijackThis (1).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\DOCUME~1\Chris\APPLIC~1\DivX\DRVMSU~1\msftldr.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe -- End of file - 4070 bytes
- 14 juli 2010
- 9 antwoorden
antiviri

UB40 plaatste een topic in Archief Bestrijding malware & virussen

Hallo allemaal, Mijn laptop heeft sinds vanavond last van 'antiviri' ofzoiets . Nu heb ik het inmiddels zover dat het programma niet meer opstart (gedaan via regedit). Hier alvast het hijack this logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:15:59, on 13-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system\dwm.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Chris\Local Settings\Application Data\dpdnepdqa\gdbktnctssd.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\Services.exe C:\Documents and Settings\Chris\Application Data\svhost.exe C:\WINDOWS\regedit.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE E:\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\Application Data\svhost.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [Windows Service Host] C:\Documents and Settings\Administrator\Application Data\svhost.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Services] C:\WINDOWS\Services.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows Service Host] C:\Documents and Settings\Chris\Application Data\svhost.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Windows Services] C:\WINDOWS\Services.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: IpSectPro service (darkness) - Unknown owner - C:\WINDOWS\system\dwm.exe -- End of file - 4589 bytes Alvast bedankt, Jordy
- 13 juli 2010
- 9 antwoorden
Zeer trage pc

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

Er staan geen temperatuur bij de processor en de grafische kaart. De pc is volgens mij nog nooit open geweest. (dus 7jaar geleden, toen was de aankoop).
- 27 juni 2010
- 19 antwoorden
Zeer trage pc

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

http://speccy.piriform.com/results/GTjHF42nEmbxBCc31MIkOIl
- 26 juni 2010
- 19 antwoorden
Zeer trage pc

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

Ik heb het geprobeerd de pc is er wel wat sneller op geworden nu start ie op in 4 min ofzo.
- 21 juni 2010
- 19 antwoorden
Zeer trage pc

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

@Kape: Ik heb het geprobeerd via de die site maar hij geeft een melding dat de pc niet aan de eisen voldoet. @Rubbere: Dat had ik ook voorgesteld aan mijn pa, maar dat was geen optie zei hij.
- 19 juni 2010
- 19 antwoorden
Zeer trage pc

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

Nee er is niet echt een 'merkbaar' verschil.
- 19 juni 2010
- 19 antwoorden
Zeer trage pc

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

Zie bijlage: log.txt
- 17 juni 2010
- 19 antwoorden
Zeer trage pc

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

De pc is wel een heel stuk sneller geworden, opstarten binnen 5 min zal het nooit worden(aangezien de pc bijna vol staat en jaren oud is). Ik heb ook nog wat onbelangrijke dingen uitgeschakeld bij het opstarten.
- 16 juni 2010
- 19 antwoorden
Zeer trage pc

UB40 reageerde op UB40's topic in Archief Bestrijding malware & virussen

Zie bijlage: hijackthis.log mbam-log-2010-06-15 (19-14-03).txt
- 15 juni 2010
- 19 antwoorden

Inloggen

UB40

Items

Registratiedatum

Laatst bezocht

UB40's prestaties

Leerling (3/14)

Recente badges

Reputatie

Krijg .net frame niet geupdate

Krijg .net frame niet geupdate

antiviri

antiviri

antiviri

antiviri

antiviri

Zeer trage pc

Zeer trage pc

Zeer trage pc

Zeer trage pc

Zeer trage pc

Zeer trage pc

Zeer trage pc

Zeer trage pc

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie