Mededeling

Collapse
No announcement yet.

Win32.Agent.cmn

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Win32.Agent.cmn

    Hallo,

    Heb hier een laptop XP met heel veel spyware en ben bezig om deze schoon te maken via dit forum. McAfee virusprogramma en Ewido (HMP) blijft steeds steken. Het grootste probleem is Win32.Agent.cmn, met SpyBot en Ewido (online scanner) krijg ik alle entries naar boven, maar het zijn er zoveel (26000, vooral veel Font-bestanden) dat de programma's ze niet kan verwijderen. Hoe krijg ik al die bestanden eruit? Moet ik het dan handmatig doen?
    Alvast bedankt voor de hulp

  • #2
    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht tesamen met een logje van Hijackthis

    Comment


    • #3
      Bedankt voor je hulp Smeenk, MalwareBytes' Anti-Malware is de boel al aan het scannen.

      Comment


      • #4
        Hier zijn de logjes:

        Malwarebytes' Anti-Malware 1.11
        Database versie: 630

        Scan type: Volledige Scan (C:\|)
        Objecten gescand: 98087
        Verstreken tijd: 1 hour(s), 3 minute(s), 4 second(s)

        Geheugenprocessen geïnfecteerd: 0
        Geheugenmodulen geïnfecteerd: 2
        Registersleutels geïnfecteerd: 19
        Registerwaarden geïnfecteerd: 1
        Registerdata bestanden geïnfecteerd: 0
        Mappen geïnfecteerd: 3
        Bestanden geïnfecteerd: 43

        Geheugenprocessen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Geheugenmodulen geïnfecteerd:
        c:\program files\CPV\CPV8.dll (Adware.Bestrevenue) -> Unloaded module successfully.
        C:\WINDOWS\SYSTEM32\jkstmvie.dll (Trojan.Vundo) -> Unloaded module successfully.

        Registersleutels geïnfecteerd:
        HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Adware.Bestrevenue) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Adware.Bestrevenue) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
        HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

        Registerwaarden geïnfecteerd:
        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

        Registerdata bestanden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Mappen geïnfecteerd:
        C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\iDlo18 (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.

        Bestanden geïnfecteerd:
        c:\program files\CPV\CPV8.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\euooffmp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\pmffooue.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\gvkvbqry.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\yrqbvkvg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\jkstmvie.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\SYSTEM32\eivmtskj.ini (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\SYSTEM32\rgxvkjsx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\xsjkvxgr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\mstn.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP613\A0056354.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP614\A0059737.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\b155.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\cmsepaaj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\cuqbvtle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\dpkfhooj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\exsxgkyr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\giolmsbk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\mblovhkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\nuhlpvyt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\nxpvqhnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\phyprgqs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\ukgxxksv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\xqvlonme.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\xxywVnoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM\helper.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM\delnew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\Fonts\a.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\n.bat (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\cbxxurs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\efcyvuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\iifedab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\ssqpmkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\byXNheCu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\mljhigg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\nnnliIAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\urqrspn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\iifcDWqR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\WINDOWS\SYSTEM32\mlJDwVPF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


        Logfile of HijackThis v1.99.1
        Scan saved at 12:49:23, on 15-4-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\WLTRYSVC.EXE
        C:\WINDOWS\System32\bcmwltry.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\Program Files\SiteAdvisor\6253\SAService.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\system32\WLTRAY.exe
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
        C:\WINDOWS\system32\dla\tfswctrl.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
        C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
        C:\WINDOWS\system32\igfxsrvc.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\Program Files\Digital Line Detect\DLG.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\downloads\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
        O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - C:\WINDOWS\system32\fccaAsTj.dll (file missing)
        O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
        O2 - BHO: {312d5bc4-38e6-16e8-bc94-69f0113fd0c9} - {9c0df311-0f96-49cb-8e61-6e834cb5d213} - C:\WINDOWS\system32\inxfejbv.dll
        O2 - BHO: (no name) - {F48DC587-66CB-462A-A4D7-6007FFAD8527} - C:\WINDOWS\system32\yayyx.dll (file missing)
        O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
        O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
        O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
        O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
        O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
        O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
        O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Jacobine\lsass.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [acb8df57] rundll32.exe "C:\WINDOWS\system32\jkstmvie.dll",b
        O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - Global Startup: Digital Line Detect.lnk = ?
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
        O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
        O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
        O20 - Winlogon Notify: awturol - awturol.dll (file missing)
        O20 - Winlogon Notify: fccaAsTj - fccaAsTj.dll (file missing)
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
        O20 - Winlogon Notify: ljJBtssS - ljJBtssS.dll (file missing)
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O23 - Service: aa0n58e3y7t3 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: g35b7z8f6 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: is6y22l7i4j2 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
        O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
        O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

        Comment


        • #5
          Download dit bestand: zoek.exe
          Dubbelklik het, na een tijdje opent er een logje.
          Post de inhoud van dit logje in je volgende bericht

          Comment


          • #6
            Hier is het logje van zoek.exe:

            ======C:\WINDOWS====
            ----a-w 0 2008-04-15 10:42:49 C:\WINDOWS\0.LOG
            ----a-w 61,440 2008-03-20 14:11:16 C:\WINDOWS\ASUninst.exe
            --s-a-w 2,048 2008-04-15 10:42:28 C:\WINDOWS\BOOTSTAT.DAT
            ----a-w 340,258 2008-04-13 13:33:50 C:\WINDOWS\COMSETUP.LOG
            ----a-w 636 2008-04-15 07:00:24 C:\WINDOWS\cookies.ini
            ----a-w 1,212 2008-03-28 21:30:14 C:\WINDOWS\EventSystem.log
            ----a-w 1,005,366 2008-04-13 13:33:48 C:\WINDOWS\FaxSetup.log
            ----a-w 238 2008-04-06 17:39:22 C:\WINDOWS\IE4 Error Log.txt
            ----a-w 157,789 2008-04-13 13:33:50 C:\WINDOWS\IIS6.LOG
            ----a-w 1,374 2008-04-13 13:33:08 C:\WINDOWS\imsins.BAK
            ----a-w 1,374 2008-04-13 13:33:50 C:\WINDOWS\imsins.log
            ----a-w 10,554 2008-04-13 14:51:33 C:\WINDOWS\KB892130.log
            ----a-w 15,667 2008-04-13 13:31:00 C:\WINDOWS\KB941693.log
            ----a-w 16,426 2008-04-13 13:21:06 C:\WINDOWS\KB944338.log
            ----a-w 14,540 2008-04-13 13:19:50 C:\WINDOWS\KB945553.log
            ----a-w 53,617 2008-04-14 14:10:13 C:\WINDOWS\KB947864.log
            ----a-w 15,471 2008-04-13 13:26:10 C:\WINDOWS\KB948590.log
            ----a-w 14,431 2008-04-13 13:33:49 C:\WINDOWS\KB948881.log
            ----a-w 4,124 2008-04-15 10:42:44 C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
            ----a-w 49,952 2008-04-13 13:33:48 C:\WINDOWS\MSGSOCM.LOG
            ----a-w 939,426 2008-04-14 07:54:00 C:\WINDOWS\ntbtlog.txt
            ----a-w 205,846 2008-04-13 13:33:50 C:\WINDOWS\ntdtcsetup.log
            ----a-w 483,872 2008-04-13 13:33:48 C:\WINDOWS\OCGEN.LOG
            ----a-w 61,986 2008-04-13 13:33:50 C:\WINDOWS\OCMSN.LOG
            ---ha-w 54,156 2008-04-07 13:26:41 C:\WINDOWS\QTFont.qfn
            ----a-w 32,578 2008-04-15 10:41:32 C:\WINDOWS\SchedLgU.Txt
            ----a-w 1,322 2008-04-15 10:43:13 C:\WINDOWS\setupact.log
            ----a-w 977,832 2008-04-15 10:43:13 C:\WINDOWS\setupapi.log
            ----a-w 384,408 2008-04-13 13:33:50 C:\WINDOWS\TSOC.LOG
            ----a-w 83,966 2008-04-13 13:32:14 C:\WINDOWS\updspapi.log
            ----a-w 277,131 2008-03-20 12:59:13 C:\WINDOWS\url.txt
            ----a-w 159 2008-04-15 10:42:44 C:\WINDOWS\WIADEBUG.LOG
            ----a-w 49 2008-04-15 10:42:40 C:\WINDOWS\WIASERVC.LOG
            ----a-w 988 2008-04-13 15:29:33 C:\WINDOWS\WIN.INI
            ----a-w 1,712,335 2008-04-15 10:42:41 C:\WINDOWS\WindowsUpdate.log

            Entries: 35 (33)
            Directories: 0 Files: 35
            Bytes: 6,982,571 Blocks: 13,655
            ======C:\WINDOWS\system32=====
            --sh--w 1,294,716 2008-04-01 15:25:21 C:\WINDOWS\System32\agsecisq.ini
            ----a-w 90,688 2008-04-09 15:50:18 C:\WINDOWS\System32\avajmbwe.dll
            ----a-w 3,648 2008-04-13 12:28:17 C:\WINDOWS\System32\bdnjqtxl.dll
            ----a-w 26,493 2008-04-15 10:43:35 C:\WINDOWS\System32\Config.MPF
            --sh--w 1,374,494 2008-03-27 16:43:51 C:\WINDOWS\System32\cpylmlnm.ini
            --sha-w 294 2008-04-06 17:45:54 C:\WINDOWS\System32\cqosmmwi.ini
            --sh--w 2,047,623 2008-04-06 17:42:22 C:\WINDOWS\System32\cqosmmwi.tmp
            --sh--w 1,445,083 2008-03-26 16:42:10 C:\WINDOWS\System32\cvjpfrqg.ini
            ----a-w 37,888 2008-04-05 07:30:36 C:\WINDOWS\System32\fccaAsTj.dll__DELETE_ON_REBOOT
            ----a-w 207,304 2008-04-14 06:04:37 C:\WINDOWS\System32\FNTCACHE.DAT
            ----a-w 90,176 2008-04-07 17:38:39 C:\WINDOWS\System32\hduptfhi.dll
            ----a-w 93,248 2008-04-10 21:39:18 C:\WINDOWS\System32\hgjmgdpg.dll
            --sh--w 1,355,526 2008-03-28 16:47:12 C:\WINDOWS\System32\hpuiqkry.ini
            ----a-w 92,736 2008-04-13 12:29:52 C:\WINDOWS\System32\inxfejbv.dll
            --sh--w 1,451,393 2008-03-25 13:59:11 C:\WINDOWS\System32\jhbixprk.ini
            --sh--w 1,535,545 2008-03-21 16:30:03 C:\WINDOWS\System32\jnftfdqh.ini
            ----a-w 3,648 2008-04-11 21:39:40 C:\WINDOWS\System32\kgnnqyhs.dll
            ----a-w 91,712 2008-04-11 21:45:33 C:\WINDOWS\System32\kodyjdao.dll
            ----a-w 143 2008-04-15 09:16:45 C:\WINDOWS\System32\mcrh.tmp
            --sh--w 1,994,956 2008-04-02 15:32:34 C:\WINDOWS\System32\mqppldal.ini
            ----a-w 19,836,024 2008-04-05 20:56:22 C:\WINDOWS\System32\MRT.exe
            ----a-w 89,664 2008-04-06 17:37:43 C:\WINDOWS\System32\ngbaxnvb.dll
            ----a-w 3,648 2008-04-10 21:39:15 C:\WINDOWS\System32\nmomwirh.dll
            --sh--w 749,196 2008-04-09 15:48:25 C:\WINDOWS\System32\nmqacelw.ini
            ----a-w 54,614 2008-04-15 10:46:53 C:\WINDOWS\System32\PERFC009.DAT
            ----a-w 71,790 2008-04-15 10:46:53 C:\WINDOWS\System32\PERFC013.DAT
            ----a-w 384,930 2008-04-15 10:46:53 C:\WINDOWS\System32\PERFH009.DAT
            ----a-w 447,030 2008-04-15 10:46:53 C:\WINDOWS\System32\PERFH013.DAT
            ----a-w 967,490 2008-04-15 10:46:53 C:\WINDOWS\System32\PerfStringBackup.INI
            --sh--w 1,544,588 2008-03-22 16:33:32 C:\WINDOWS\System32\qhqmsqsw.ini
            ----a-w 37,888 2008-04-04 14:58:15 C:\WINDOWS\System32\rqRHaYss.dll
            ----a-w 3,648 2008-04-09 15:48:57 C:\WINDOWS\System32\ubceggec.dll
            ----a-w 147,456 2008-03-18 14:22:48 C:\WINDOWS\System32\vbzip10.dll
            --sh--w 1,347,738 2008-03-31 15:30:40 C:\WINDOWS\System32\vsshhlnb.ini
            ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
            ----a-w 2,206 2008-04-15 10:43:04 C:\WINDOWS\System32\WPA.DBL
            --sh--w 2,054,520 2008-04-06 17:38:25 C:\WINDOWS\System32\xjngawsb.ini
            --sha-w 180,363 2008-04-13 12:32:31 C:\WINDOWS\System32\xyyay.ini
            --sha-w 180,363 2008-04-13 12:29:59 C:\WINDOWS\System32\xyyay.ini2
            --sh--w 861,889 2008-04-10 21:38:38 C:\WINDOWS\System32\yrfauqit.ini

            Entries: 40 (24)
            Directories: 0 Files: 40
            Bytes: 44,047,735 Blocks: 86,054
            ======C:\WINDOWS\system32\drivers=====
            Entries: 0 (0)
            Directories: 0 Files: 0
            Bytes: 0 Blocks: 0
            =======C:\Program Files=====
            Entries: 0 (0)
            Directories: 0 Files: 0
            Bytes: 0 Blocks: 0
            =======C:=====
            ----a-w 6,608 2008-03-22 15:47:04 C:\delextra.exe
            ----a-w 90,260 2008-04-14 06:58:46 C:\gbnh.VVVVexe
            --sha-w 535,191,552 2008-04-15 10:42:28 C:\hiberfil.sys
            ----a-w 6,656 2008-04-14 06:58:46 C:\hlpr.VVVVexe
            ----a-w 164 2008-04-13 11:59:31 C:\install.dat
            --sha-r 0 2008-03-28 21:21:40 C:\IO.SYS
            --sha-r 0 2008-03-28 21:21:40 C:\MSDOS.SYS
            --sha-w 805,306,368 2008-04-15 10:42:26 C:\pagefile.sys

            Entries: 8 (4)
            Directories: 0 Files: 8
            Bytes: 1,340,601,608 Blocks: 2,618,364
            ======C:\Documents and Settings\Jacobine\Application Data======
            Entries: 0 (0)
            Directories: 0 Files: 0
            Bytes: 0 Blocks: 0
            ======C:\Temp======
            Entries: 0 (0)
            Directories: 0 Files: 0
            Bytes: 0 Blocks: 0
            ======C:\Documents and Settings\Jacobine======
            ---ha-w 5,242,880 2008-04-15 10:41:50 C:\Documents and Settings\Jacobine\NTUSER.DAT
            ---ha-w 180,224 2008-04-15 11:20:23 C:\Documents and Settings\Jacobine\ntuser.dat.LOG
            --sh--w 288 2008-04-15 10:41:20 C:\Documents and Settings\Jacobine\NTUSER.INI

            Entries: 3 (0)
            Directories: 0 Files: 3
            Bytes: 5,423,392 Blocks: 10,593
            ======C:\WINDOWS\Downloaded Program Files====
            Entries: 0 (0)
            Directories: 0 Files: 0
            Bytes: 0 Blocks: 0
            =============

            Comment


            • #7
              Open een kladblokbestand.
              Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

              @ECHO OFF
              IF EXIST log.txt DEL log.txt
              ECHO Deleting files>>log.txt
              FOR %%g in (
              C:\WINDOWS\cookies.ini
              C:\WINDOWS\System32\agsecisq.ini
              C:\WINDOWS\System32\avajmbwe.dll
              C:\WINDOWS\System32\bdnjqtxl.dll
              C:\WINDOWS\System32\cpylmlnm.ini
              C:\WINDOWS\System32\cqosmmwi.ini
              C:\WINDOWS\System32\cqosmmwi.tmp
              C:\WINDOWS\System32\cvjpfrqg.ini
              C:\WINDOWS\System32\fccaAsTj.dll__DELETE_ON_REBOOT
              C:\WINDOWS\System32\hduptfhi.dll
              C:\WINDOWS\System32\hgjmgdpg.dll
              C:\WINDOWS\System32\hpuiqkry.ini
              C:\WINDOWS\System32\inxfejbv.dll
              C:\WINDOWS\System32\jhbixprk.ini
              C:\WINDOWS\System32\jnftfdqh.ini
              C:\WINDOWS\System32\kgnnqyhs.dll
              C:\WINDOWS\System32\kodyjdao.dll
              C:\WINDOWS\System32\mcrh.tmp
              C:\WINDOWS\System32\mqppldal.ini
              C:\WINDOWS\System32\ngbaxnvb.dll
              C:\WINDOWS\System32\nmomwirh.dll
              C:\WINDOWS\System32\nmqacelw.ini
              C:\WINDOWS\System32\qhqmsqsw.ini
              C:\WINDOWS\System32\rqRHaYss.dll
              C:\WINDOWS\System32\ubceggec.dll
              C:\WINDOWS\System32\vbzip10.dll
              C:\WINDOWS\System32\vsshhlnb.ini
              C:\WINDOWS\System32\xjngawsb.ini
              C:\WINDOWS\System32\xyyay.ini
              C:\WINDOWS\System32\xyyay.ini2
              C:\WINDOWS\System32\yrfauqit.ini
              C:\delextra.exe
              C:\gbnh.VVVVexe
              C:\hlpr.VVVVexe
              C:\install.dat) DO (
              DEL /Q %%gNUCIA
              IF EXIST %%g (
              ATTRIB -r -s -h %%g
              DEL %%g
              REN %%g *NUCIA
              IF EXIST %%gNUCIA (
              ECHO renamed to %%gNUCIA>>log.txt)
              IF EXIST %%g (
              ECHO %%g not deleted>>log.txt
              ) ELSE (
              ECHO %%g deleted>>log.txt)
              ) ELSE (
              ECHO %%g not found>>log.txt))
              START NOTEPAD.EXE log.txt

              Ga naar Bestand - Opslaan als.
              Bij "Opslaan in" kies je: Bureaublad
              Bij "Bestandsnaam" zet je: del.bat
              Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
              Klik op de knop Opslaan.

              Dubbelklik op del.bat en post de inhoud van de logfile die opent.

              Comment


              • #8
                Hier is het del.bat-logje:

                Deleting files
                C:\WINDOWS\cookies.ini deleted
                C:\WINDOWS\System32\agsecisq.ini deleted
                C:\WINDOWS\System32\avajmbwe.dll deleted
                C:\WINDOWS\System32\bdnjqtxl.dll deleted
                C:\WINDOWS\System32\cpylmlnm.ini deleted
                C:\WINDOWS\System32\cqosmmwi.ini deleted
                C:\WINDOWS\System32\cqosmmwi.tmp deleted
                C:\WINDOWS\System32\cvjpfrqg.ini deleted
                C:\WINDOWS\System32\fccaAsTj.dll__DELETE_ON_REBOOT deleted
                C:\WINDOWS\System32\hduptfhi.dll deleted
                C:\WINDOWS\System32\hgjmgdpg.dll deleted
                C:\WINDOWS\System32\hpuiqkry.ini deleted
                renamed to C:\WINDOWS\System32\inxfejbv.dllNUCIA
                C:\WINDOWS\System32\inxfejbv.dll deleted
                C:\WINDOWS\System32\jhbixprk.ini deleted
                C:\WINDOWS\System32\jnftfdqh.ini deleted
                C:\WINDOWS\System32\kgnnqyhs.dll deleted
                C:\WINDOWS\System32\kodyjdao.dll deleted
                C:\WINDOWS\System32\mcrh.tmp deleted
                C:\WINDOWS\System32\mqppldal.ini deleted
                C:\WINDOWS\System32\ngbaxnvb.dll deleted
                C:\WINDOWS\System32\nmomwirh.dll deleted
                C:\WINDOWS\System32\nmqacelw.ini deleted
                C:\WINDOWS\System32\qhqmsqsw.ini deleted
                C:\WINDOWS\System32\rqRHaYss.dll deleted
                C:\WINDOWS\System32\ubceggec.dll deleted
                C:\WINDOWS\System32\vbzip10.dll deleted
                C:\WINDOWS\System32\vsshhlnb.ini deleted
                C:\WINDOWS\System32\xjngawsb.ini deleted
                C:\WINDOWS\System32\xyyay.ini deleted
                C:\WINDOWS\System32\xyyay.ini2 deleted
                C:\WINDOWS\System32\yrfauqit.ini deleted
                C:\delextra.exe deleted
                C:\gbnh.VVVVexe deleted
                C:\hlpr.VVVVexe deleted
                C:\install.dat deleted

                Comment


                • #9
                  Herstart je computer en dubbelklik nog een keer op del.bat.

                  Post daarna een nieuw logje van Hijackthis

                  Comment


                  • #10
                    Na het opstarten krijg ik een foutmelding:

                    Fout opgetreden tijdens het laden van C:\Windows\System32\jkstem32\jkstmvie.dll Komnon opgegeven module niet vinden.


                    Dit is het 2e del.bat-logje:

                    Deleting files
                    C:\WINDOWS\cookies.ini not found
                    C:\WINDOWS\System32\agsecisq.ini not found
                    C:\WINDOWS\System32\avajmbwe.dll not found
                    C:\WINDOWS\System32\bdnjqtxl.dll not found
                    C:\WINDOWS\System32\cpylmlnm.ini not found
                    C:\WINDOWS\System32\cqosmmwi.ini not found
                    C:\WINDOWS\System32\cqosmmwi.tmp not found
                    C:\WINDOWS\System32\cvjpfrqg.ini not found
                    C:\WINDOWS\System32\fccaAsTj.dll__DELETE_ON_REBOOT not found
                    C:\WINDOWS\System32\hduptfhi.dll not found
                    C:\WINDOWS\System32\hgjmgdpg.dll not found
                    C:\WINDOWS\System32\hpuiqkry.ini not found
                    C:\WINDOWS\System32\inxfejbv.dll not found
                    C:\WINDOWS\System32\jhbixprk.ini not found
                    C:\WINDOWS\System32\jnftfdqh.ini not found
                    C:\WINDOWS\System32\kgnnqyhs.dll not found
                    C:\WINDOWS\System32\kodyjdao.dll not found
                    C:\WINDOWS\System32\mcrh.tmp not found
                    C:\WINDOWS\System32\mqppldal.ini not found
                    C:\WINDOWS\System32\ngbaxnvb.dll not found
                    C:\WINDOWS\System32\nmomwirh.dll not found
                    C:\WINDOWS\System32\nmqacelw.ini not found
                    C:\WINDOWS\System32\qhqmsqsw.ini not found
                    C:\WINDOWS\System32\rqRHaYss.dll not found
                    C:\WINDOWS\System32\ubceggec.dll not found
                    C:\WINDOWS\System32\vbzip10.dll not found
                    C:\WINDOWS\System32\vsshhlnb.ini not found
                    C:\WINDOWS\System32\xjngawsb.ini not found
                    C:\WINDOWS\System32\xyyay.ini not found
                    C:\WINDOWS\System32\xyyay.ini2 not found
                    C:\WINDOWS\System32\yrfauqit.ini not found
                    C:\delextra.exe not found
                    C:\gbnh.VVVVexe not found
                    C:\hlpr.VVVVexe not found
                    C:\install.dat not found

                    Excuses hier is het HJT-logje:

                    Logfile of HijackThis v1.99.1
                    Scan saved at 14:00:43, on 15-4-2008
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\System32\WLTRYSVC.EXE
                    C:\WINDOWS\System32\bcmwltry.exe
                    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                    C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
                    C:\Program Files\McAfee\MPF\MPFSrv.exe
                    C:\Program Files\McAfee\MSK\MskSrver.exe
                    C:\Program Files\SiteAdvisor\6253\SAService.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
                    C:\WINDOWS\system32\WLTRAY.exe
                    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                    C:\WINDOWS\system32\dla\tfswctrl.exe
                    C:\WINDOWS\system32\hkcmd.exe
                    C:\WINDOWS\system32\igfxpers.exe
                    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Digital Line Detect\DLG.exe
                    C:\WINDOWS\system32\igfxsrvc.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\system32\wuauclt.exe
                    C:\Program Files\Internet Explorer\IEXPLORE.EXE
                    C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
                    C:\downloads\HijackThis.exe

                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                    O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - C:\WINDOWS\system32\fccaAsTj.dll (file missing)
                    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
                    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                    O2 - BHO: {312d5bc4-38e6-16e8-bc94-69f0113fd0c9} - {9c0df311-0f96-49cb-8e61-6e834cb5d213} - C:\WINDOWS\system32\inxfejbv.dll (file missing)
                    O2 - BHO: (no name) - {F48DC587-66CB-462A-A4D7-6007FFAD8527} - C:\WINDOWS\system32\yayyx.dll (file missing)
                    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
                    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
                    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                    O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Jacobine\lsass.exe
                    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
                    O4 - HKLM\..\Run: [acb8df57] rundll32.exe "C:\WINDOWS\system32\jkstmvie.dll",b
                    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                    O4 - Global Startup: Digital Line Detect.lnk = ?
                    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
                    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
                    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                    O20 - Winlogon Notify: awturol - awturol.dll (file missing)
                    O20 - Winlogon Notify: fccaAsTj - fccaAsTj.dll (file missing)
                    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
                    O20 - Winlogon Notify: ljJBtssS - ljJBtssS.dll (file missing)
                    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                    O23 - Service: aa0n58e3y7t3 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
                    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                    O23 - Service: g35b7z8f6 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
                    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                    O23 - Service: is6y22l7i4j2 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
                    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
                    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
                    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
                    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
                    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
                    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
                    Last edited by Mapo; 15-04-08, 14:01.

                    Comment


                    • #11
                      Start Hijackthis en vink alleen de volgende regels aan:
                      O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - C:\WINDOWS\system32\fccaAsTj.dll (file missing)
                      O2 - BHO: {312d5bc4-38e6-16e8-bc94-69f0113fd0c9} - {9c0df311-0f96-49cb-8e61-6e834cb5d213} - C:\WINDOWS\system32\inxfejbv.dll (file missing)
                      O2 - BHO: (no name) - {F48DC587-66CB-462A-A4D7-6007FFAD8527} - C:\WINDOWS\system32\yayyx.dll (file missing)
                      O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
                      O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Jacobine\lsass.exe
                      O4 - HKLM\..\Run: [acb8df57] rundll32.exe "C:\WINDOWS\system32\jkstmvie.dll",b
                      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                      O20 - Winlogon Notify: awturol - awturol.dll (file missing)
                      O20 - Winlogon Notify: fccaAsTj - fccaAsTj.dll (file missing)
                      O20 - Winlogon Notify: ljJBtssS - ljJBtssS.dll (file missing)

                      Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

                      Je Java software is verouderd.
                      Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                      Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                      • Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
                      • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                      • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                      • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                      • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                      • Herhaal dit tot alle oudere versies verdwenen zijn.
                      • Na het verwijderen van alle oudere versies, herstart je pc.
                      • Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                      Download ATF cleaner (mirror)(gemaakt door Atribune)

                      Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                      Dubbelklik op ATF cleaner om het programma te starten.
                      Op het tabblad "Main", plaats je een vinkje bij Select All.
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook FireFox als browser hebt:
                      Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                      Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                      Klik op de knop Empty Selected.

                      Het volgende doen als je ook Opera als browser hebt:
                      Klik op tabblad "Opera", plaats een vinkje bij Select All.
                      Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                      Klik op de knop Empty Selected.
                      Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                      Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                      Kijk hier hoe je je systeemherstel moet uitschakelen.
                      Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                      Post als laatste nog een nieuw logje van Hijackthis ter controle

                      Comment


                      • #12
                        Geweldig Smeenk, alles loopt weer als gesmeerd

                        Hier is het hopelijk laatste HJT-logje :

                        Logfile of HijackThis v1.99.1
                        Scan saved at 15:32:31, on 15-4-2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\System32\WLTRYSVC.EXE
                        C:\WINDOWS\System32\bcmwltry.exe
                        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\system32\WLTRAY.exe
                        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                        C:\WINDOWS\system32\dla\tfswctrl.exe
                        C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
                        C:\WINDOWS\system32\hkcmd.exe
                        C:\WINDOWS\system32\igfxpers.exe
                        C:\Program Files\McAfee.com\Agent\mcagent.exe
                        C:\WINDOWS\system32\igfxsrvc.exe
                        C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        C:\Program Files\Digital Line Detect\DLG.exe
                        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                        c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                        C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
                        C:\Program Files\McAfee\MPF\MPFSrv.exe
                        C:\Program Files\McAfee\MSK\MskSrver.exe
                        C:\Program Files\SiteAdvisor\6253\SAService.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\wuauclt.exe
                        C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
                        \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
                        C:\downloads\Spyware\HJT\HijackThis.exe

                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
                        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                        O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                        O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - (no file)
                        O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
                        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                        O2 - BHO: (no name) - {9c0df311-0f96-49cb-8e61-6e834cb5d213} - (no file)
                        O2 - BHO: (no name) - {F48DC587-66CB-462A-A4D7-6007FFAD8527} - (no file)
                        O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                        O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
                        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                        O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                        O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                        O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                        O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                        O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                        O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                        O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                        O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
                        O4 - Global Startup: Digital Line Detect.lnk = ?
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                        O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
                        O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
                        O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                        O20 - Winlogon Notify: awturol - C:\WINDOWS\
                        O20 - Winlogon Notify: fccaAsTj - C:\WINDOWS\
                        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
                        O20 - Winlogon Notify: ljJBtssS - C:\WINDOWS\
                        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                        O23 - Service: aa0n58e3y7t3 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
                        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        O23 - Service: g35b7z8f6 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                        O23 - Service: is6y22l7i4j2 - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
                        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
                        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
                        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
                        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                        O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
                        O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
                        O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

                        Comment


                        • #13
                          TeaTimer van Spybot is actief, deze moet uitgeschakeld worden omdat deze wijzigingen met Hijackthis weer ongedaan gaat maken.

                          Spybot openen > Modus > Geavanceerde modus > Gereedschap > Resident > TeaTimer uitschakelen > PC Herstarten

                          Download het volgende naar je bureaublad:

                          Dubbelklik daarna op ResetTeaTimer.bat.
                          Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via teatimer terug resetten.

                          Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                          O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - (no file)
                          O2 - BHO: (no name) - {9c0df311-0f96-49cb-8e61-6e834cb5d213} - (no file)
                          O2 - BHO: (no name) - {F48DC587-66CB-462A-A4D7-6007FFAD8527} - (no file)
                          O20 - Winlogon Notify: awturol - C:\WINDOWS\
                          O20 - Winlogon Notify: fccaAsTj - C:\WINDOWS\
                          O20 - Winlogon Notify: ljJBtssS - C:\WINDOWS\

                          Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                          Ga naar Start - Uitvoeren en geef hier het volgende in:
                          sc delete aa0n58e3y7t3
                          Druk daarna op OK.

                          Doe hetzelfde nog met de volgende 2 regels:
                          sc delete g35b7z8f6

                          en
                          sc delete is6y22l7i4j2

                          Herstart je computer en post een nieuw logje van Hijackthis ter controle

                          Comment


                          • #14
                            Excuses voor die Spybot, wat ik nog niet had vermeld is dat McAfee virusprogramma ook geinstalleerd is en die kan ik niet uitzetten, hopelijk kan dat geen kwaad Heb verder jouw opdrachten opgevolgd en dit is het HJT-log:

                            Logfile of HijackThis v1.99.1
                            Scan saved at 16:09:24, on 15-4-2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\System32\WLTRYSVC.EXE
                            C:\WINDOWS\System32\bcmwltry.exe
                            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                            C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                            c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                            c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                            C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
                            C:\Program Files\McAfee\MPF\MPFSrv.exe
                            C:\Program Files\McAfee\MSK\MskSrver.exe
                            C:\Program Files\SiteAdvisor\6253\SAService.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
                            C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\WINDOWS\system32\dla\tfswctrl.exe
                            C:\WINDOWS\system32\hkcmd.exe
                            C:\WINDOWS\system32\igfxpers.exe
                            C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                            C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
                            C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                            C:\WINDOWS\system32\igfxsrvc.exe
                            C:\WINDOWS\system32\WLTRAY.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\Program Files\Digital Line Detect\DLG.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            C:\downloads\Spyware\HJT\HijackThis.exe
                            C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                            O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                            O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
                            O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                            O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                            O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
                            O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                            O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                            O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                            O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                            O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                            O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                            O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                            O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                            O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
                            O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                            O4 - Global Startup: Digital Line Detect.lnk = ?
                            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                            O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
                            O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
                            O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                            O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
                            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
                            O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
                            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                            O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                            O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                            O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
                            O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                            O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
                            O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
                            O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                            O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
                            O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
                            O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

                            Comment


                            • #15
                              Het logje ziet er nu weer goed uit

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X