Wimad-E-virus??

jonofisher · #1 21e sep 2008, 16:43

HI Evil Fantasy - Ik heb een soortgelijk probleem aan de andere gebruiker hier. Ik heb combofix gedownload en uitgevoerd, de output van die staat hieronder. Zou ik erg waarderen alle hulp die u zouden kunnen bieden. Ik weet dat het bestand dat de trojan kwam - ik heb geprobeerd om het te verwijderen, maar windows laat me niet - zegt dat in gebruik is. Elke gedachten zou zeer welkom zijn.

Bedankt

ComboFix 08-09-20.05 - Administrator 2008-09-22 0:29:51.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT 1:00]
Running from: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Gemaakt van een nieuw herstelpunt
WARNING-THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE GEÏNSTALLEERD!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ 2o7 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ad.yi eldmanager [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ adver reclame [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-baa.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-discoverynetwork.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-mastercard.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-tfl.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ foxto ns.co [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ hits. gureport.co [1]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ nieuws. uk.msn [2]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ revsc i [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ RTM [6]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ servi ng-sys [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ specificaties ficclick [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ statc ounter [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ths.n ews.com [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ handel Doubler [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ beheerder @ tsw0 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ww0.t imeout [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@www.r eed.co [2]. Txt
C: \ WINDOWS \ system32 \ lsprst7.dll
.
((((((((((((((((((((((((( Bestanden Gemaakt van 2008-08-21 tot 2008-09-21 ))))))))))) ))))))))))))))))))))
.
2008-09-22 00:28. 2008-09-16 01:03 <DIR> d -------- C: \ 32788R22FWJFW
2008-09-22 00:00. 2008-09-22 00:00 <DIR> d -------- C: \ Program Files \ uitroeien It!
2008-09-14 21:22. 2008-04-14 01:12 221,184 - a ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ scripting
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ nl
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ l2schemas
2008-09-14 20:27. 2008-04-13 18:28 2.940.928 --------- C: \ WINDOWS \ system32 \ dllcache \ wmploc.dll
2008-09-14 20:26. 2008-04-14 01:10 844,314 --------- C: \ WINDOWS \ system32 \ dllcache \ Msdxm.ocx
2008-09-13 18:04. 2008-09-13 18:04 <DIR> d -------- C: \ Program Files \ Java
2008-09-13 18:04. 2008-09-13 18:05 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ LimeWire
2008-09-13 18:04. 2008-06-10 02:32 73.728 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-09-13 18:03. 2008-09-13 18:03 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2008-09-13 18:00. 2008-09-13 18:00 <DIR> d -------- C: \ Program Files \ LimeWire
2008-09-13 12:43. 2008-09-13 12:43 <DIR> d -------- C: \ Program Files \ iDump
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-09-13 12:08. 2008-04-17 13:12 107,368 - a ------ C: \ WINDOWS \ system32 \ GEARAspi.dll
2008-09-13 12:08. 2008-04-17 13:12 15,464 - a ------ C: \ WINDOWS \ system32 \ drivers \ GEARAspiWDM.sys
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ QuickTime
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ Bonjour
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ WINDOWS \ system32 \ DRVSTORE
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Apple Software Update
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-09-06 15:09. 2008-09-06 15:09 90,112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57,344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-08-29 10:18. 2008-08-29 10:18 87,336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 07:37 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM
2008-08-03 07:35 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype
2008-08-03 07:32 --------- d ----- w C: \ Program Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Program Files \ Common Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Skype
2008-07-18 21:10 94,920 ---- aw C: \ WINDOWS \ system32 \ dllcache \ cdm.dll
2008-07-18 21:10 94,920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-18 21:10 53,448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-18 21:10 53,448 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuauclt.exe
2008-07-18 21:10 45,768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008-07-18 21:10 36,552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008-07-18 21:10 36,552 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
2008-07-18 21:09 563,912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-18 21:09 563,912 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuapi.dll
2008-07-18 21:09 325,832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-18 21:09 325,832 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wucltui.dll
2008-07-18 21:09 205,000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-18 21:09 205,000 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuweb.dll
2008-07-18 21:09 1,811,656 ---- aw C: \ WINDOWS \ system32 \ Wuaueng.dll
2008-07-18 21:09 1,811,656 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Wuaueng.dll
2008-07-07 20:26 253,952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2008-07-07 20:26 253,952 ------ w C: \ WINDOWS \ system32 \ dllcache \ es.dll
2008-06-26 08:15 619,520 ------ w C: \ WINDOWS \ system32 \ dllcache \ urlmon.dll
2008-06-26 08:15 1.499.136 ------ w C: \ WINDOWS \ system32 \ dllcache \ shdocvw.dll
2008-06-24 16:43 74,240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008-06-24 16:43 74,240 ------ w C: \ WINDOWS \ system32 \ dllcache \ mscms.dll
2008-06-23 15:09 666,112 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2008-06-23 15:09 666,112 ------ w C: \ WINDOWS \ system32 \ dllcache \ Wininet.dll
2008-06-23 15:09 3,067,392 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries worden niet weergegeven
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]
"SWG" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2008-04-21 68856]
"Msmsgs" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-06-27 580096]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe" = "C: \ WINDOWS \ system32 \ bgsmsnd.exe" [2007-11-19 160136]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"S3TRAY2" = "S3Tray2.exe" [2001-10-11 C: \ WINDOWS \ system32 \ S3Tray2.exe]
"AGRSMMSG" = "AGRSMMSG.exe" [2003-06-27 C: \ WINDOWS \ AGRSMMSG.exe]
"ATIModeChange" = "Ati2mdxx.exe" [2001-09-04 C: \ WINDOWS \ system32 \ Ati2mdxx.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-04-19 219136]
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
R3 Tp4Track; IBM PS / 2 TrackPoint Driver, C: \ WINDOWS \ system32 \ drivers \ tp4track.sys [2003-05-15 13904]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (f1882860-129 D-11dd-89b6-000d60cb61ce)]
\ Shell \ AutoRun \ command - E: \ LaunchU3.exe
* Newly Created Service * - PROCEXP90
.
Inhoud van de 'Geplande taken' map
.
.
------- Bijkomende Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.co.uk/
R0 -: HKCU-Main, Search Page = hxxp: / / www.google.com
R0 -: HKCU-Main, Search Bar = hxxp: / / www.google.com / ie
R1 -: HKCU-Internet Settings, ProxyOverride = *. lokale
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & xporteren naar Microsoft Excel - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ EXCEL.EXE/3000
O16 -: (2DAD3559-2923-4935-AD49-B673D2539944) - hxxp: / / www-307.ibm.com/pc/support/acpir.cab
C: \ WINDOWS \ Downloaded Program Files \ acpir.inf
C: \ WINDOWS \ System32 \ capicom.dll
C: \ WINDOWS \ Downloaded Program Files \ acpir2.dll
O16 -: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) - hxxps: / / www.select2perform.eu/cabs/QOLCheck.ocx
C: \ WINDOWS \ Downloaded Program Files \ QOLCheck.ocx
.
************************************************** ************************
CatchMe 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:32:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI
het scannen van verborgen processen ...
het scannen van verborgen autostart items ...
het scannen van verborgen bestanden ...
scannen is voltooid
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Running Processes ---------------------
PROCES: C: \ WINDOWS \ system32 \ winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Voltooiingstijdstip: 2008-09-22 0:33:07
ComboFix-quarantaine-files.txt 2008-09-21 23:33:06
Pre-Run: 9484075008 bytes vrij
Post-Run: 9686056960 bytes vrij
167 --- EOF --- 2008-09-16 07:01:45

**evilfantasy** · #2 21e sep 2008, 17:37

Downloaden TrendMicro HijackThis.exe (HJT) naar het bureaublad.

Dubbelklik op HJTInstall.
Klik op de Installeer knop.
Het zal automatisch plaats HJT in C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Bij het installeren, HijackThis moet open voor je.
Klik op de Doe een systeem scannen en opslaan van een log-bestand knop
HijackThis scant en vervolgens een log zal openen in Kladblok.
Kopieer en plak de volledige inhoud van de log in je post.
Niet hebben HijackThis repareren alles nog. De meeste van wat hij vaststelt zal onschadelijk of zelfs vereist.

jonofisher · #3 21e sep 2008, 23:43

Bedankt voor de hulp. uitgang van bestand hieronder:

Logbestand van Trend Micro HijackThis v2.0.2
Scan opgeslagen om 07:40:46 op 22/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Draaiende processen:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ WINDOWS \ system32 \ bgsmsnd.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O4 - HKLM \ .. \ Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [bgsmsnd.exe] C: \ WINDOWS \ system32 \ bgsmsnd.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [msmsgs] "C: \ Program Files \ Messenger \ msmsgs.exe" / achtergrond
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (geen naam) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (2DAD3559-2923-4935-AD49-B673D2539944) (IASRunner Class) -- http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) (QOLCheck Control) -- https: / / www.select2perform.eu/cabs/QOLCheck.ocx
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Skype \ SKYPE4 ~ 1.dll
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Onbekende eigenaar - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Onbekende eigenaar - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
--
End of file - 6502 bytes

**evilfantasy** · #4 22e sep 2008, 07:42

Ik zie geen malware, wat problemen hebt u?

U kunt de scans hier http://www.computer-juice.com/forums...-posting-7476/ en na de logs als voltooid. Kijk naar de AVG informatie. You need to update jouwe.

jonofisher · #5 22e sep 2008, 10:38

Hi Evilfantasy - bedankt. Het probleem is dit: Een verdachte mp3 werd gedownload van limewire. Ik denk dat het is dubbel geklikt, en zeker was geprobeerd te laden in iTunes. (Maar het zal niet zijn uitgevoerd met media player - maken geen gebruik van dat - is dat zaken als Ik heb ergens gelezen dat wimad gebruikt windows mediaplayer kwetsbaarheid). Vervolgens heb ik het gescande bestand met AVG die opgepikt Wimad E. Maar het wont lijken om mij te laten verwijderen of in quarantaine verder, als ik het gewoon proberen en het verwijderen van het bestand, ramen, zegt het bestand in gebruik is en kan daarom niet worden verwijderd .

Ik zal u door de stappen die u wijzen op die andere pagina.

Bedankt

**evilfantasy** · #6 22e sep 2008, 10:41

Post de log van MalwareBytes. Als dat niet vinden zullen we gebruik maken van een andere scanner te vinden.

Gelijkaardige Draden
Draad	Thread Starter	Forum	Antwoorden	Last Post
Virus Vraag - Kan iemand mij vertellen of ik misschien een virus	billozz	Virus, spyware & Security	1	De 2 april 2009 13:58
Mijn vrienden MAC is een virus ... ehm ... ja ... een Virus ...	cheesepuff	Virus, spyware & Security	3	29 okt 2008 12:58
Ik kan alleen maar een virus.	xXeneXx	Virus, spyware & Security	2	28 okt 2008 17:26
Gelieve aub Pleeease Help Wimad-E-virus??	LiamRepiso	Virus, spyware & Security	16	10e sep 2008 04:39
Virus	lolli_pop	Virus, spyware & Security	13	17 nov 2007 09:42