Pagina 1 van 2 12 LaatsteLaatste
Weergegeven resultaten: 1 t/m 10 van 20
  1. #1
    Up-to-date   FraiD's schermafbeelding
    Geregistreerd
    15 August 2006
    Locatie
    Sint-Truiden
    Berichten
    66
    Bedankjes
    18
    Bedankt
    7 keer in 6 posts

    PC VOL spyware & virussen

    Logfile of HijackThis v1.99.1
    Scan saved at 16:25:33, on 29/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender8\bdmcon.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Softwin\BitDefender8\bdnagent.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\dfndrff_e16.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\{C48361EF-063A-1043-0210-030205290020}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msgs.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Bob\Mijn documenten\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_e16.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_e16.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e16.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\o0pqla751d.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

  2. #2
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    1. Download dit bestand: - combofix.exe
    2. Dubbelklik op combofix.exe en volg de instructies die je krijgt.
    3. Wanneer het tooltje klaar is zal het een rapport maken voor je, post die log hier met een nieuw hijackthis logje.

    Note:
    Niet klikken terwijl combofix bezig is, dat zou het tooltje doen vastlopen!

    Member of ASAP

  3. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    FraiD (30 September 2006)

  4. #3
    Up-to-date   FraiD's schermafbeelding
    Geregistreerd
    15 August 2006
    Locatie
    Sint-Truiden
    Berichten
    66
    Bedankjes
    18
    Bedankt
    7 keer in 6 posts
    Bob - 06-09-30 11:07:21,19 Service Pack 2
    ComboFix 06.09.28 - Running from: "C:\Program Files\Mozilla Firefox"

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    FILES REMOVED:

    C:\WINDOWS\system32\o0pqla751d.dll
    C:\WINDOWS\system32\r4p80e7ueh.dll


    Granting sedebugprivilege to Administrators ... successful


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\drsmartload2.dat
    C:\dfndrff_e16.exe
    C:\drsmartload.exe
    C:\deskbar.exe
    C:\deskbar_e13.exe
    C:\kybrdff_e16.exe
    C:\nwnmff_e16.exe
    C:\WINDOWS\uninstall_nmon.vbs
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Program Files\Deskbar
    C:\Program Files\Common Files\{C48361EF-063A-1043-0210-030205290020}


    ((((((((((((((((((((((((((((((( Files Created from 2006-08-30 to 2006-09-30 ))))))))))))))))))))))))))))))))))


    2006-09-27 22:02 1,233 --a------ C:\WINDOWS\system32\fsq04806.sys
    2006-09-27 16:20 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
    2006-09-13 19:25 327,168 --a------ C:\WINDOWS\IsUn0413.exe
    2006-09-13 19:23 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


    2006-09-30 11:09 -------- d-------- C:\Program Files\Common Files
    2006-09-30 11:06 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-09-29 17:10 -------- d-------- C:\Program Files\SpeedFan
    2006-09-28 22:15 -------- d-------- C:\Program Files\Azureus
    2006-09-27 22:01 -------- d-------- C:\Program Files\MSN Messenger
    2006-09-27 16:23 1015296 --a------ C:\WINDOWS\system32\logonuiX.exe
    2006-09-25 16:11 -------- d-------- C:\Documents and Settings\Bob\Application Data\LimeWire
    2006-09-25 16:10 -------- d-------- C:\Program Files\LimeWire
    2006-09-24 13:57 -------- d-------- C:\Documents and Settings\Bob\Application Data\uTorrent
    2006-09-24 13:56 -------- d-------- C:\Program Files\WinRAR
    2006-09-17 22:46 -------- d-------- C:\Program Files\Google
    2006-09-17 00:01 -------- d-------- C:\Program Files\TGTSoft
    2006-09-13 19:28 -------- d-------- C:\Program Files\Hewlett-Packard
    2006-09-11 20:00 17920 --a------ C:\Documents and Settings\Bob\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-10 00:07 -------- d-------- C:\Program Files\Globe Software
    2006-08-31 01:12 -------- d-------- C:\Documents and Settings\Bob\Application Data\Azureus
    2006-08-23 00:21 -------- d-------- C:\Program Files\Sygate
    2006-08-23 00:21 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-20 16:12 -------- d-------- C:\Program Files\Common Files\Softwin
    2006-08-20 16:11 -------- d-------- C:\Program Files\Softwin
    2006-08-16 11:54 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-08-16 00:58 -------- d-------- C:\Documents and Settings\Bob\Application Data\Google
    2006-08-16 00:57 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-08-15 18:03 -------- d---s---- C:\Documents and Settings\Bob\Application Data\Microsoft
    2006-08-15 17:51 -------- d-------- C:\Program Files\Java
    2006-08-15 17:49 -------- d-------- C:\Program Files\Common Files\Java
    2006-08-15 01:35 -------- d-------- C:\Documents and Settings\Bob\Application Data\Apple Computer
    2006-08-13 13:53 -------- d-------- C:\Program Files\Internet Explorer
    2006-08-13 12:58 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-08-12 21:24 -------- d-------- C:\Documents and Settings\Bob\Application Data\Verzendmap van Share-to-Web
    2006-08-12 12:38 -------- d-------- C:\Program Files\Windows Media Player
    2006-08-12 12:28 -------- d-------- C:\Program Files\QuickTime
    2006-08-06 17:29 -------- d-------- C:\Program Files\quicksnooker
    2006-08-04 23:24 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2006-08-04 22:56 -------- d-------- C:\Program Files\Stardock
    2006-08-04 21:07 -------- d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
    2006-08-04 19:15 -------- d-------- C:\Documents and Settings\Bob\Application Data\Lavasoft
    2006-08-03 13:45 -------- d-------- C:\Program Files\Outlook Express
    2006-08-03 13:45 -------- d-------- C:\Program Files\Common Files\System
    2006-08-03 13:36 -------- d-------- C:\Program Files\Messenger
    2006-08-03 00:57 -------- d-------- C:\Documents and Settings\Bob\Application Data\MSN6
    2006-08-01 20:55 -------- d-------- C:\Documents and Settings\Bob\Application Data\vlc
    2006-08-01 19:45 -------- d-------- C:\Program Files\VideoLAN
    2006-07-31 22:19 58952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
    2006-07-31 22:19 -------- d-------- C:\Program Files\MessengerPlus! 3
    2006-07-31 22:06 -------- d-------- C:\Program Files\Lavasoft
    2006-07-31 21:58 -------- d-------- C:\Program Files\CCleaner
    2006-07-31 21:21 -------- d-------- C:\Documents and Settings\Bob\Application Data\Macromedia
    2006-07-31 17:48 -------- d-------- C:\Documents and Settings\Bob\Application Data\Sun
    2006-07-31 14:40 62 --ahs---- C:\Documents and Settings\Bob\Application Data\desktop.ini
    2006-07-31 14:40 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-07-31 14:40 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-07-31 13:56 -------- d-------- C:\Program Files\Common Files\Designer
    2006-07-31 13:55 -------- d-------- C:\Program Files\Microsoft Office
    2006-07-31 13:55 -------- d-------- C:\Program Files\ATI Technologies
    2006-07-31 13:54 -------- d-------- C:\Documents and Settings\Bob\Application Data\Mozilla
    2006-07-31 13:28 -------- d-------- C:\Program Files\Movie Maker
    2006-07-31 13:23 -------- d-------- C:\Program Files\Windows NT
    2006-07-31 13:23 -------- d-------- C:\Program Files\NetMeeting
    2006-07-31 13:03 -------- d--h----- C:\Program Files\Uninstall Information
    2006-07-31 13:03 -------- d-------- C:\Documents and Settings\Bob\Application Data\Identities
    2006-07-31 12:56 -------- d-------- C:\Program Files\xerox
    2006-07-31 12:56 -------- d-------- C:\Program Files\microsoft frontpage
    2006-07-31 12:55 0 -rahs---- C:\MSDOS.SYS
    2006-07-31 12:55 0 -rahs---- C:\IO.SYS
    2006-07-31 12:55 0 --a------ C:\CONFIG.SYS
    2006-07-31 12:55 0 --a------ C:\AUTOEXEC.BAT
    2006-07-31 12:52 -------- d-------- C:\Program Files\Online Services
    2006-07-31 12:51 -------- d-------- C:\Program Files\Common Files\Services
    2006-07-31 12:51 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-07-31 12:49 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-07-31 12:49 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-07-31 12:49 -------- d-------- C:\Program Files\MSN
    2006-07-31 12:49 -------- d-------- C:\Program Files\ComPlus Applications
    2006-07-27 15:26 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 10:29 72704 --a--c--- C:\WINDOWS\system32\hlink.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.ex e"
    "StatBar"="C:\\Program Files\\Globe Software\\StatBar\\StatBar.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
    "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
    "BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""
    "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.e xe -startgui"
    "HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w 32x86\\3\\hpztsb08.exe"
    "DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,92,00,00,00,00,00,00,00 ,6e,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff ,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23 ,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EX E"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EX E"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer\Run]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer\Run]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MessengerPlus3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"="MsgPlus"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"="MsnMsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
    "WebClient"=dword:00000002
    "W32Time"=dword:00000002
    "TermService"=dword:00000003
    "stisvc"=dword:00000002
    "SSDPSRV"=dword:00000003
    "Schedule"=dword:00000002
    "RemoteRegistry"=dword:00000002
    "PolicyAgent"=dword:00000002
    "Nla"=dword:00000003
    "helpsvc"=dword:00000002
    "CiSvc"=dword:00000003


    HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


    Completion time: Sat 30/09/2006 11:09:56.33
    ComboFix.txt








    Logfile of HijackThis v1.99.1
    Scan saved at 11:12:06, on 30/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender8\bdmcon.exe
    C:\Program Files\Softwin\BitDefender8\bdnagent.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Globe Software\StatBar\StatBar.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Bob\Mijn documenten\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 8.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: MsgPlusLoader.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




    Bedankt

  5. #4
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Ziet er goed uit, hoe werkt alles verder?

    Member of ASAP

  6. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    FraiD (30 September 2006)

  7. #5
    Up-to-date   FraiD's schermafbeelding
    Geregistreerd
    15 August 2006
    Locatie
    Sint-Truiden
    Berichten
    66
    Bedankjes
    18
    Bedankt
    7 keer in 6 posts
    Goed, buiten MSN werkt niet.

    Moet ik MSN niet verwijderen en dan weer herinstalleren?
    Ik merktte zojuist op dat MSN plus! erafgegooid is door dat virus, hoe zit het daarmee?

    kan je me trouwens een goede gratis firewall adviseren? ik heb nu namelijk Sygate Personal Firewall maar ik betrouw het niet helemaal (door die worm)


    Veel dank!

  8. #6
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Herinstalleer eens MSN + ook MSN plus herinstalleren.

    Ik gebruik ook die firewall, en trouwens geen enkele firewall is perfect of antivirus.

    Member of ASAP

  9. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    FraiD ( 1 October 2006)

  10. #7
    Up-to-date   FraiD's schermafbeelding
    Geregistreerd
    15 August 2006
    Locatie
    Sint-Truiden
    Berichten
    66
    Bedankjes
    18
    Bedankt
    7 keer in 6 posts
    Mijn virusscanner had zojuist 2 virussen gevonden (BitDefender)

    Daarna had ik msn 7.5 + msg plus erafgesmeten en herstart.
    Ik ga msn Live installeren.

    Hartelijk dank!
    He je misschien wat tips voor me ivm zuining omgaan met het downloaden e.d?

  11. #8
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Kan je me vertellen wat bitdefender had gevonden? En waar het zich bevond?

    Member of ASAP

  12. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    FraiD ( 1 October 2006)

  13. #9
    Up-to-date   FraiD's schermafbeelding
    Geregistreerd
    15 August 2006
    Locatie
    Sint-Truiden
    Berichten
    66
    Bedankjes
    18
    Bedankt
    7 keer in 6 posts
    C:\Documents and Settings\Bob\a.exe Infected Generic.Kelvir.21CDFC64<o></o>
    C:\Documents and Settings\Bob\a.exe Disinfection failed<o></o>
    C:\Documents and Settings\Bob\a.exe Deleted<o></o>
    C:\Documents and Settings\Bob\drsmartload1135a.exe Suspect BehavesLike:Trojan.Downloader<o></o>
    C:\Documents and Settings\Bob\drsmartload1135a.exe Disinfection failed<o></o>
    C:\Documents and Settings\Bob\drsmartload1135a.exe Deleted<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\A18VWHYD\drsmartload1135a[1].exe Suspect BehavesLike:Trojan.Downloader<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\A18VWHYD\drsmartload1135a[1].exe Disinfection failed<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\A18VWHYD\drsmartload1135a[1].exe Deleted<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\CTY7CPMB\jackjohnson[1].mp3 Infected Generic.Kelvir.21CDFC64<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\CTY7CPMB\jackjohnson[1].mp3 Disinfection failed<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\CTY7CPMB\jackjohnson[1].mp3 Deleted<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\GVKRULGH\Yinstall[1].mp3 Infected Dropped:Trojan.Downloader.Purityscan.U<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\GVKRULGH\Yinstall[1].mp3 Disinfection failed<o></o>
    C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\GVKRULGH\Yinstall[1].mp3 Deleted<o></o>
    C:\Documents and Settings\Bob\Yinstall.exe Infected Dropped:Trojan.Downloader.Purityscan.U<o></o>
    C:\Documents and Settings\Bob\Yinstall.exe Disinfection failed<o></o>
    C:\Documents and Settings\Bob\Yinstall.exe Deleted<o></o>

  14. #10
    Erelid   jurgenv's schermafbeelding
    Geregistreerd
    10 May 2005
    Locatie
    West-Vlaanderen
    Berichten
    5.887
    Bedankjes
    100
    Bedankt
    901 keer in 829 posts
    Ok, de-installeer MSN terug, want ik denk dat we met dat MSN virus zitten die de laatste tijd opsteekt, je moet nu eerst MSN de-installeren anders is het dweilen met de kraan open. Da mag je pas verder doen met de stappen:

    * Download en installeer Ewido Anti-Spyware 4.0.
    • Na de installatie, open Ewido Anti-Spyware 4.0:
      * onder "Status", klik op Change state naast "Resident shield".
      * onder "Update", klik op de Start update knop.
      * onder "Scanner", tab "Settings":
      • - onder "How to act?", klik op "Recommended actions" en selecteer Quarantine.
        - onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found

      Sluit Ewido. Laat het nog niet scannen.


    * Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
    die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm

    * Start je computer op in VEILIGE MODUS

    * Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

    • open ewido en klik op de Scanner tab bovenaan en klik dan op Complete System Scan. Deze scan zal heel je systeem afcannen dus dit kan een tijdje duren
    • Ewido zal alle geïnfecteerde objecten aan de linkerkant tonen. Waneer de scan gedaan is, zal het alles naar de 'Quarantine' optie zetten. klik dan op de Apply all actions knop. Ewido zal dan het volgend bericht tonen aan de rechterkant: "All actions have been applied"
    • Klik dan op "Save Report", en dan op "Save Report As". dit zal een rapport maken Wees zeker dat je het rapport makkelijk kunt terugvinden (ijvoorbeeld op je bureaublad).


    * Herstart je computer in normale modus.

    * Download ATF cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Gebruik je ook Firefox als browser:
    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit verwijdert het vinkje bij "Firefox saved passwords")
    Klik op de knop Empty Selected.

    Gebruik je ook Opera als browser:
    Klik op tabblad "Opera", plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop Empty Selected.
    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

    * Post dan een nieuw hijackthis logje hier met het rapport van ewido.

    Member of ASAP

  15. De volgende gebruiker bedankt jurgenv voor deze nuttige post:

    FraiD ( 1 October 2006)

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. PC VOL spyware & virussen
    Door FraiD in forum Malware
    Reacties: 4
    Laatste bericht: 29 September 2006, 19:19
  2. spyware voorkomen+spyware in het algemeen
    Door nielsvandesype in forum Malware
    Reacties: 6
    Laatste bericht: 14 January 2006, 20:21
  3. virussen
    Door eric2 in forum Malware
    Reacties: 8
    Laatste bericht: 7 November 2005, 17:35
  4. virussen
    Door JelleB in forum HijackThis
    Reacties: 4
    Laatste bericht: 7 November 2005, 15:47

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •