AutoRun.inf ?

Argus

31-08-2009 00:33

Cfscript
Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.
KILLALL::
File::
c:\windows\system32\regedit42.exe
c:\windows\system32\regedit12.exe
c:\windows\system32\tcpsov23.exe
c:\windows\system32\setupl7.exe
c:\windows\system32\tcpsov66.exe
c:\program files\360
c:\windows\system32\sysme.bat
c:\windows\system32\tencent.sys
c:\windows\system32\smism.exe
c:\windows\system32\sdsk88sdddf.dat
c:\windows\Fonts\s3sds212.dat
Sla het kladblokbestand op als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
Jeroen

31-08-2009 11:27

Opdracht uitgevoerd … kon gewoon op internet via de PC:
ComboFix 09-08-30.04 - Jeroen Pluijmen 31-08-2009 11:06.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.225
Gestart vanuit: c:\documents and settings\Jeroen Pluijmen\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Jeroen Pluijmen\Bureaublad\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
“c:\program files\360”
“c:\windows\Fonts\s3sds212.dat”
“c:\windows\system32\regedit12.exe”
“c:\windows\system32\regedit42.exe”
“c:\windows\system32\sdsk88sdddf.dat”
“c:\windows\system32\setupl7.exe”
“c:\windows\system32\smism.exe”
“c:\windows\system32\sysme.bat”
“c:\windows\system32\tcpsov23.exe”
“c:\windows\system32\tcpsov66.exe”
“c:\windows\system32\tencent.sys”
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Fonts\s3sds212.dat
c:\windows\system32\regedit12.exe
c:\windows\system32\regedit42.exe
c:\windows\system32\sdsk88sdddf.dat
c:\windows\system32\setupl7.exe
c:\windows\system32\smism.exe
c:\windows\system32\sysme.bat
c:\windows\system32\tcpsov23.exe
c:\windows\system32\tcpsov66.exe
c:\windows\system32\tencent.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_BackGroumd_switch
——-\Legacy_BeckGround_switch
——-\Service_BackGroumd switch
——-\Service_BeckGround switch
(((((((((((((((((((( Bestanden Gemaakt van 2009-07-28 to 2009-08-31 ))))))))))))))))))))))))))))))
.
2009-08-31 08:59 . 2009-08-25 08:00 84912 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090830.018\NAVENG.SYS
2009-08-31 08:59 . 2009-08-25 08:00 177520 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090830.018\NAVENG32.DLL
2009-08-31 08:59 . 2009-08-25 08:00 1647984 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090830.018\NAVEX32A.DLL
2009-08-31 08:59 . 2009-08-25 08:00 1323568 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090830.018\NAVEX15.SYS
2009-08-31 08:59 . 2009-08-25 08:00 259440 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090830.018\ECMSVR32.DLL
2009-08-30 12:33 . 2009-08-30 12:33 27656 —-a-w- c:\windows\system32\drivers\pxsec.sys
2009-08-30 12:33 . 2009-08-30 12:33 22024 —-a-w- c:\windows\system32\drivers\pxscan.sys
2009-08-30 12:33 . 2009-08-30 12:33 ——– d—–w- c:\program files\Prevx
2009-08-30 12:33 . 2009-08-30 12:42 ——– d—–w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-08-30 08:00 . 2009-08-30 08:00 371248 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090830.018\EECTRL.SYS
2009-08-30 08:00 . 2009-08-30 08:00 2747440 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090830.018\CCERASER.DLL
2009-08-30 08:00 . 2009-08-30 08:00 102448 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090830.018\ERASER.SYS
2009-08-26 22:42 . 2000-01-05 13:19 86016 —-a-w- c:\windows\unvise32qt.exe
2009-08-26 22:42 . 2009-08-26 22:42 ——– d—–w- c:\documents and settings\All Users\Application Data\QuickTime
2009-08-26 22:42 . 2009-08-26 22:42 28672 —-a-w- c:\windows\system32\qttask.exe
2009-08-26 22:42 . 2009-08-26 22:42 ——– d—–w- c:\windows\system32\QuickTime
2009-08-26 22:42 . 2009-08-26 22:42 ——– d—–w- c:\program files\QuickTime
2009-08-26 22:42 . 2009-08-26 22:42 ——– d—–w- C:\My Music
2009-08-26 22:41 . 2009-08-26 22:41 ——– d—–w- c:\program files\Real
2009-08-26 22:41 . 2009-08-26 22:41 ——– d—–w- c:\program files\Common Files\Real
2009-08-26 22:38 . 2009-08-26 22:39 ——– d—–w- C:\@Home
2009-08-24 22:13 . 2009-08-24 22:14 ——– d—–w- c:\program files\Windows Live Safety Center
2009-08-24 22:07 . 2009-08-24 22:07 ——– d-sh–w- c:\documents and settings\Jeroen Pluijmen\UserData
2009-08-24 20:48 . 2009-08-24 20:48 ——– d—–w- c:\documents and settings\Jeroen Pluijmen\Application Data\Malwarebytes
2009-08-24 20:48 . 2009-08-03 11:36 38160 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 20:48 . 2009-08-24 20:48 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 20:48 . 2009-08-03 11:36 19096 —-a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 20:48 . 2009-08-24 20:48 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 18:48 . 2009-08-24 18:48 ——– d—–w- c:\program files\360
2009-08-24 18:25 . 2009-08-24 18:25 ——– d—–w- c:\program files\Trend Micro
2009-08-13 19:17 . 2009-07-10 13:31 1315328 -c—-w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 17:26 . 2009-07-11 19:34 276344 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 17:26 . 2009-07-11 19:34 293424 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 17:26 . 2009-07-11 19:34 533880 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 17:26 . 2009-07-11 19:34 451960 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 17:26 . 2009-07-11 19:34 397360 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-06 22:12 . 2009-08-06 22:12 ——– d—–w- c:\windows\system32\XPSViewer
2009-08-06 22:12 . 2009-08-06 22:12 ——– d—–w- c:\program files\MSBuild
2009-08-06 22:12 . 2009-08-06 22:12 ——– d—–w- c:\program files\Reference Assemblies
2009-08-06 22:11 . 2008-07-06 12:06 89088 -c—-w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-06 22:11 . 2008-07-06 12:06 575488 -c—-w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-06 22:11 . 2008-07-06 12:06 575488 ——w- c:\windows\system32\xpsshhdr.dll
2009-08-06 22:11 . 2008-07-06 12:06 117760 ——w- c:\windows\system32\prntvpt.dll
2009-08-06 22:11 . 2008-07-06 10:50 597504 -c—-w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-06 22:11 . 2008-07-06 12:06 1676288 -c—-w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-06 22:11 . 2008-07-06 12:06 1676288 ——w- c:\windows\system32\xpssvcs.dll
2009-08-06 22:10 . 2009-08-06 22:12 ——– d—–w- C:\fd125e2c53fdb549b156be7874b2
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c—-w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 16:58 . 2009-04-24 11:39 211088 —-a-w- c:\windows\system32\bgsserv.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 09:15 . 2003-05-15 07:39 292 —-a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-10051102}.dat
2009-08-31 09:15 . 2003-05-15 07:39 292 —-a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000C-00001102-00000004-10051102}.dat
2009-08-31 09:02 . 2005-02-17 01:20 110848 —-a-w- c:\documents and settings\Jeroen Pluijmen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 12:28 . 2008-09-29 14:39 ——– d—–w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-27 19:57 . 2003-05-14 14:22 ——– d–h–w- c:\program files\InstallShield Installation Information
2009-08-27 19:54 . 2005-01-26 19:36 ——– d—–w- c:\program files\Hitman Pro
2009-08-25 05:56 . 2007-08-27 16:56 ——– d—–w- c:\program files\DYMO Label
2009-08-06 22:21 . 2003-03-27 10:24 97930 —-a-w- c:\windows\system32\perfc013.dat
2009-08-06 22:21 . 2003-03-27 10:24 526740 —-a-w- c:\windows\system32\perfh013.dat
2009-08-05 09:01 . 2003-05-15 08:11 205312 —-a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:04 . 2003-03-27 10:23 58880 —-a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2003-05-14 14:03 286720 —-a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:34 . 2009-07-31 18:25 276344 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 276344 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-31 18:25 293424 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-31 18:25 533880 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 533880 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-31 18:25 451960 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-31 18:25 397360 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-11 19:34 . 2009-07-11 19:34 397360 —-a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-06-29 16:01 . 2005-10-21 15:51 827392 ——w- c:\windows\system32\wininet.dll
2009-06-29 16:01 . 2009-06-11 21:16 78336 —-a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:01 . 2003-03-27 10:24 17408 —-a-w- c:\windows\system32\corpol.dll
2009-06-25 08:27 . 2005-06-15 17:52 301568 —-a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2003-03-27 10:24 54272 —-a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2003-03-27 10:24 56832 —-a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2003-03-27 10:24 147456 —-a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2003-03-27 10:24 136192 —-a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2003-03-27 10:24 735232 —-a-w- c:\windows\system32\lsasrv.dll
2009-06-24 11:18 . 2003-03-27 10:24 92928 —-a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2003-03-27 10:24 119808 —-a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2003-03-27 10:24 81920 —-a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2003-03-27 10:24 79872 —-a-w- c:\windows\system32\telnet.exe
2009-06-10 14:16 . 2003-03-27 10:23 85504 —-a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:22 . 2003-05-14 13:57 2066432 —-a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2003-03-27 10:24 132096 —-a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2005-08-30 08:26 1295360 —-a-w- c:\windows\system32\quartz.dll
2006-05-05 19:46 . 2006-05-05 19:46 45651843 —-a-w- c:\program files\NIS06910NL.exe
2005-07-31 16:02 . 2005-07-31 16:02 257 —ha-w- c:\program files\hpothb07.tif
2005-07-31 16:02 . 2005-07-31 16:02 149 —ha-w- c:\program files\hpothb07.dat
2004-09-03 22:51 . 2004-09-03 22:51 5194 —-a-w- c:\program files\Untitled-1.htm
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“MsnMsgr”=“c:\program files\MSN Messenger\MsnMsgr.Exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“NvCplDaemon”=“c:\windows\System32\NvCpl.dll”
“CTSysVol”=“c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe”
“CTDVDDet”=“c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE”
“SBDrvDet”=“c:\program files\Creative\SB Drive Det\SBDrvDet.exe”
“UpdReg”=“c:\windows\UpdReg.EXE”
“CTStartup”=“c:\program files\Creative\Splash Screen\CTEaxSpl.EXE”
“zBrowser Launcher”=“c:\program files\Logitech\iTouch\iTouch.exe”
“DXM6Patch_981116”=“c:\windows\p_981116.exe”
“HPDJ Taskbar Utility”=“c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe”
“HPHUPD05”=“c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe”
“HP Software Update”=“c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”
“HPHmon05”=“c:\windows\System32\hphmon05.exe”
“Share-to-Web Namespace Daemon”=“c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe”
“LogitechVideoRepair”=“c:\program files\Logitech\Video\ISStart.exe”
“LogitechVideoTray”=“c:\program files\Logitech\Video\LogiTray.exe”
“SunJavaUpdateSched”=“c:\program files\Java\j2re1.4.2_04\bin\jusched.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“PCSuiteTrayApplication”=“c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe”
“RealTray”=“c:\program files\Real\RealPlayer\RealPlay.exe”
“CTHelper”=“CTHELPER.EXE” - c:\windows\system32\CTHELPER.EXE
“AsioReg”=“CTASIO.DLL” - c:\windows\system32\CTASIO.DLL
“Logitech Utility”=“Logi_MwX.Exe” - c:\windows\LOGI_MWX.EXE
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
“PcSync”=“c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe”
c:\documents and settings\Jeroen Pluijmen\Menu Start\Programma's\Opstarten\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\SqlMangr.exe
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
eEye JScript Patch Checker.lnk - c:\program files\eEye Digital Security\Jscript Patch\jscriptpatchchecker.exe
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“EnableFirewall”= 0 (0x0)
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\MSN Messenger\\msnmsgr.exe”=
“c:\\Program Files\\MSN Messenger\\livecall.exe”=
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
S2 darkshell;darkshell;\??\c:\windows\system32 –> c:\windows\system32
.
Inhoud van de ‘Gedeelde Taken’ map
2009-08-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-LDM - \Program\BackWeb-8876480.exe
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 11:19
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = “c:\program files\Creative\Splash Screen\CTEaxSpl.EXE” /run?Z?9~d???*?9~????????ln??????h?@?x?????:~D??????sx??s?)??????y??w????@@@???}|D@@?????>??w?????83?H??????|??}|??????}|L(?s?83??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
“ImagePath”=“\”c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\“ /s \”N360\“ /m \”c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\“ /prefetch:1”
“ImagePath”=“\??\c:\windows\system32”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
“WVJSMZU2N2J3TUTL6NSXFNN2ZH1”=hex:01,00,01,00,00,00,00,00,26,fe,c6,ed,74,95,2e,
16,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘explorer.exe’(3984)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\LVComS.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Voltooingstijd: 2009-08-31 11:25 - machine werd herstart
ComboFix-quarantined-files.txt 2009-08-31 09:25
ComboFix2.txt 2009-08-25 22:56
Pre-Run: 87.468.613.632 bytes beschikbaar
Post-Run: 87.396.737.024 bytes beschikbaar
271 — E O F — 2009-08-26 20:28
Argus

31-08-2009 12:25

Ga naar Start - Uitvoeren en kopïeer het volgende er in:
Combofix /u
Klik daarna op OK.
Dit zal combofix deïnstalleren
En doe nu een Onlinescan mit Kaspersky en post de inhoud van logj
Jeroen

31-08-2009 20:29

Twee keer met Kaspersky gescand, na 39% blijft deze hangen. Bij ColdFusion.
Overigens na de vorige opdracht geen pop-ups meer gezien. Ook werkt internet vandaag.
Is er mss een alternatief voor Kaspersky?
Argus

31-08-2009 23:50

Onlinescanner
Panda
F-secure
Bitdefender
Housecall
CA Antivirus
Mijn voorkeur is dan Bitdefender
Jeroen

01-09-2009 05:23

Gescand met Bitdefender.
Heden vertrek ik voor een week op vakantie, kan dus even niets nu.
Bij terugkomst zal ik de overige online scans uitvoeren.
Onderstaand resultaat van Bitdefender:
BitDefender Online Scanner
Scan report generated at: Tue, Sep 01, 2009 - 05:17:27
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
01:37:55
Files
413447
Folders
9884
Boot Sectors
0
Archives
37682
Packed Files
12366
Results
Identified Viruses
3
Infected Files
3
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
2
Engines Info
Virus Definitions
3920180
Engine build
AVCORE v2.1 Windows/i386 11.0.0.26 (Jul 24 2009)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\360\360Safe\NQHCWPCH.dat
Infected with: Gen:Trojan.Heur.GM.1002806020
C:\Program Files\360\360Safe\NQHCWPCH.dat
Disinfection failed
C:\Program Files\360\360Safe\NQHCWPCH.dat
Deleted
C:\System Volume Information\_restore{C7F5598D-24CD-4065-AC15-45720FA90B8C}\RP1475\A0091984.dll
Detected with: Adware.Sogou.Gen
C:\System Volume Information\_restore{C7F5598D-24CD-4065-AC15-45720FA90B8C}\RP1475\A0091984.dll
Delete failed
C:\WINDOWS\AppPatch\setupl7.sys
Infected with: Generic.Botget.C3500318
C:\WINDOWS\AppPatch\setupl7.sys
Deleted
Jeroen

07-09-2009 18:22

Terug van vakantie … meteen scan gedaan met Panda.
Onderstaand resultaat:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-09-07 18:02:52
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 3.0.0.134 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jeroen Pluijmen\Cookies\jeroen_pluijmen@stat.onestat.txt
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Jeroen Pluijmen\Bureaublad\Flash_Disinfector.exe
01574335 Adware/CPush Adware No 0 Yes No C:\System Volume Information\_restore{C7F5598D-24CD-4065-AC15-45720FA90B8C}\RP1475\A0091985.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ѭ
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ѭ
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Argus

07-09-2009 18:42

Je hoeft alle scanners niet te doen,hoor
Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen
Hijack This Uninstall lijst
Start Hijack This
Start Hijack This,Klik: Do a Systemscan only
Rechtsonder klik Config…. klik Misc Tools
Klik “Open Uninstall Manager”
Klik “Safe List”
Kopïeer Uninstall_list naar je Bureaublad en post de inhoud in je volgende Antwoord
Sluit Hijack This
En nog een fris logje van Hijack This
En hoe was je vakantie
Jeroen

07-09-2009 19:14

Vakantie was prima (Dubai)
Opdrachtjes uitgevoerd:
Overigens heb ik Norton uitstaan (voor zover mogelijk), pop-ups niet meer gezien en internet werkt naar behoren:
Als eerste de uninstall-list:
@Home Components
Aangifte inkomstenbelasting 2008
Ad-Aware SE Personal
ADBplus 2000 Special
Administratieve Software van Davilex
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0 - Nederlands
AXIS Media Control Embedded
Beveiligingsupdate for Windows Media Player 10 (KB911565)
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows Media Player 10 (KB936782)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958690)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960715)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973869)
Compatibiliteitspakket voor het 2007 Microsoft Office system
Demo Overzicht van mogelijkheden
DYMO Label Software
eEye Digital Security JScript Patch
Everest Poker (Remove Only)
GEAR driver installer for x86 and x64
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 9
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
HP Memories Disc
HP Photo and Imaging 2.4.1 - Scanjet 5530 Series
HP Software Update
Image Resizer Powertoy for Windows XP
Ipswitch WS_FTP Pro
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 15
Kasboek
LeechFTP
LG USB Modem Driver
Listing Factory 2008 v3.0
Logitech Desktop Messenger
Logitech iTouch-software
Logitech MouseWare 9.75
Logitech QuickCam
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft SQL Server Desktop Engine
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom
NetDiag
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton 360
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan 2.0
Patch 1
PC Connectivity Solution
Photosmart 140,240,7200,7600,7700,7900 Series
Pinnacle Hollywood FX 4.6
Ports Of Call XXL
PowerDVD
programma Biblio
programma CA 2000 voor Windows
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shockwave
Sound Blaster Audigy 2
Studio 8
Studio Content CD
Studio Webdesign 3
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB973815)
WEB! Pro Extended Edition
WebCam for MSN Messenger
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR
En een “fris logje” :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:06, on 7-9-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: CTHELPER.EXE
O4 - HKLM\..\Run: REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: “C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE” /run
O4 - HKLM\..\Run: C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: Logi_MwX.Exe
O4 - HKLM\..\Run: C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”
O4 - HKLM\..\Run: C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: \Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Service Manager.lnk = ?
O4 - Global Startup: eEye JScript Patch Checker.lnk = C:\Program Files\eEye Digital Security\Jscript Patch\jscriptpatchchecker.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.becs.nl/
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145126178296
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://82.151.42.114:1024//activex/AMC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 10308 bytes
Argus

07-09-2009 19:57

Verwijder via Software
Ad-Aware SE Personal
Java 2 Runtime Environment, SE v1.4.2_04
Installeer a-squared Free 4.5 is een Malware en Virusscanner inéén en Gratis,werkt volgens mij prima naast Norton
Download Java Runtime Environment (JRE) 6u16 en installeer het
Versie 6u15 word automatisch door Java verwijderd

AutoRun.inf ?

Argus

Jeroen

Argus

Jeroen

Argus

Jeroen

Jeroen

Argus

Jeroen

Argus