melding McAfee

• 

  Ron

  14-12-2008 14:46

  Goedemiddag,

  Sinds een paar dagen komt mijn McAfee na een volledige systeemscan met een bestand wat niet geheel verwijderd kan worden.

  Het gaat om: RemAdm-ProcLaunch!171. Dit bestand staat in C:\System Volume Information\_Restore. Als ik het probeer te verwijderen met McAfee komt ie terug met de melding “cannot be completely removed”. Ook in veilige modus kan ik het niet verwijderen.

  Heb al een mail gestuurd naar McAfee maar tot op heden nog geen antwoord gehad.

  Daarom dat ik het hier eens probeer. In het verleden al eens goed geholpen hier.

  Ik heb alle stappen goed doorlopen en hieronder mijn 2 logjes.

  Alvast bedankt voor de hulp!!!

  Logfile of Trend Micro HijackThis v2.0.2

  Scan saved at 2:38:45 PM, on 12/14/2008

  Platform: Windows XP SP3 (WinNT 5.01.2600)

  MSIE: Internet Explorer v7.00 (7.00.6000.16762)

  Boot mode: Normal

  Running processes:

  C:\WINDOWS\System32\smss.exe

  C:\WINDOWS\system32\winlogon.exe

  C:\WINDOWS\system32\services.exe

  C:\WINDOWS\system32\lsass.exe

  C:\WINDOWS\system32\svchost.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\system32\svchost.exe

  C:\WINDOWS\system32\spoolsv.exe

  C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

  C:\WINDOWS\system32\CTsvcCDA.exe

  C:\Program Files\Java\jre6\bin\jqs.exe

  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

  c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

  c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

  C:\Program Files\McAfee\VirusScan\McShield.exe

  C:\Program Files\McAfee\MPF\MPFSrv.exe

  C:\WINDOWS\Explorer.EXE

  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

  C:\WINDOWS\system32\nvsvc32.exe

  C:\WINDOWS\system32\IoctlSvc.exe

  C:\WINDOWS\system32\PnkBstrA.exe

  C:\WINDOWS\system32\PSIService.exe

  C:\WINDOWS\system32\svchost.exe

  C:\WINDOWS\System32\TUProgSt.exe

  C:\WINDOWS\system32\MsPMSPSv.exe

  c:\PROGRA~1\mcafee.com\agent\mcagent.exe

  C:\Program Files\Multimedia Card Reader\shwicon2k.exe

  C:\WINDOWS\system32\rundll32.exe

  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

  C:\Program Files\Logitech\Video\LogiTray.exe

  C:\WINDOWS\system32\LVCOMSX.EXE

  C:\Program Files\Java\jre6\bin\jusched.exe

  C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

  C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

  C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

  C:\WINDOWS\CTHELPER.EXE

  C:\WINDOWS\system32\RUNDLL32.EXE

  C:\WINDOWS\system32\ctfmon.exe

  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

  C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

  C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

  C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe

  C:\Program Files\Logitech\Video\FxSvr2.exe

  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

  C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

  C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

  C:\Program Files\Mozilla Firefox\firefox.exe

  C:\WINDOWS\system32\wuauclt.exe

  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

  O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

  O4 - HKLM\..\Run: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

  O4 - HKLM\..\Run: KHALMNPR.EXE

  O4 - HKLM\..\Run: C:\Program Files\Multimedia Card Reader\shwicon2k.exe

  O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

  O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

  O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\ISStart.exe

  O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\LogiTray.exe

  O4 - HKLM\..\Run: C:\WINDOWS\system32\LVCOMSX.EXE

  O4 - HKLM\..\Run: “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32

  O4 - HKLM\..\Run: C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

  O4 - HKLM\..\Run: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

  O4 - HKLM\..\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

  O4 - HKLM\..\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

  O4 - HKLM\..\Run: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

  O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

  O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

  O4 - HKLM\..\Run: “C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe”

  O4 - HKLM\..\Run: C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe

  O4 - HKLM\..\Run: “C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe”

  O4 - HKLM\..\Run: “C:\Program Files\RivaTuner v2.20\RivaTuner.exe” /S

  O4 - HKLM\..\Run: “C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE”

  O4 - HKLM\..\Run: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

  O4 - HKLM\..\Run: CTHELPER.EXE

  O4 - HKLM\..\Run: CTXFIHLP.EXE

  O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

  O4 - HKLM\..\Run: nwiz.exe /install

  O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

  O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

  O4 - HKCU\..\Run: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

  O4 - HKCU\..\Run: “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe”

  O4 - HKCU\..\Run: “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot

  O4 - HKCU\..\Run: “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray

  O4 - HKCU\..\Run: C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

  O4 - HKCU\..\Run: “C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe” /SCB

  O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.20\RivaTuner.exe

  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

  O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

  O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O15 - Trusted Zone: http://download.windowsupdate.com

  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183812921453

  O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab

  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183812814781

  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

  O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab

  O17 - HKLM\System\CCS\Services\Tcpip\..\{54EA13B1-8E53-4273-873F-40B89EDF863C}: NameServer = 192.168.0.1

  O17 - HKLM\System\CCS\Services\Tcpip\..\{6B0F6083-1BED-42A8-8FD9-712847DB7A50}: NameServer = 192.168.178.1

  O17 - HKLM\System\CCS\Services\Tcpip\..\{6FA4E2AD-2809-4ABE-A0A2-14C2D4129591}: NameServer = 192.168.0.1

  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

  O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

  O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

  O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

  O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

  O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

  –

  End of file - 12185 bytes

  Malwarebytes' Anti-Malware 1.31

  Database versie: 1499

  Windows 5.1.2600 Service Pack 3

  12/14/2008 2:14:07 PM

  mbam-log-2008-12-14 (14-14-07).txt

  Scan type: Snelle Scan

  Objecten gescand: 77574

  Verstreken tijd: 8 minute(s), 31 second(s)

  Geheugenprocessen geïnfecteerd: 0

  Geheugenmodulen geïnfecteerd: 0

  Registersleutels geïnfecteerd: 0

  Registerwaarden geïnfecteerd: 0

  Registerdata bestanden geïnfecteerd: 0

  Mappen geïnfecteerd: 0

  Bestanden geïnfecteerd: 1

  Geheugenprocessen geïnfecteerd:

  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:

  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:

  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:

  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:

  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:

  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:

  C:\Documents and Settings\Ronnie Maurix.CP3747-B\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

  Rapporteren
• 

  Argus

  14-12-2008 15:39

  Systeemherstel

  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.http://users.pandora.be/marcvn/spyware/1852808.htm

  Rapporteren
• 

  Ron

  14-12-2008 20:26

  Zo simpel…. maar het werkt wel!!!

  Heb net weer een scan gedaan en nu geen geinfecteerde bestanden meer.

  Bedankt voor de info!!!

  Rapporteren