Volledige versie bekijken : logje ivm met msn virus
hoi
ja ik 1 van de mensen die veilig surf is toch aan een msn virus geraakt ...
maarja kheb al met adaware gescand normaal heeft hij hem te pakken maar voor de zekerheid wil ik nog een logje zetten.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:20:16, on 2/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dimitri\Local Settings\Temporary Internet Files\Content.IE5\OHYVWHUN\HiJackThis_v2[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUS ave_Installer.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: system32 - {C29D9B5D-B26B-4424-A20B-6E608AF1B5D1} - sysprinters.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 9111 bytes
Juisterr 3 July 2007, 11:58 Hallo,
Ga naar start > configuratiescherm > software en verwijder uit de lijst indien daar aanwezig.
WhenUSave
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUS ave_Installer.exe
O21 - SSODL: system32 - {C29D9B5D-B26B-4424-A20B-6E608AF1B5D1} - sysprinters.dll (file missing)
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad.
Dubbelklik op [b]Combofix.exe
Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
combofix:
"dimitri" - 2007-07-03 13:06:55 - ComboFix 07-07-03.8 - Service Pack 2 FAT32
((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))
2007-07-03 13:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 23:26 124,756 --a------ C:\DOCUME~1\dimitri\ymqsvf.exe
2007-07-02 23:26 10,830 --a------ C:\DOCUME~1\dimitri\icdkoj.exe
2007-07-02 23:19 124,756 --a------ C:\DOCUME~1\dimitri\pecraw.exe
2007-07-02 23:11 124,756 --a------ C:\DOCUME~1\dimitri\xeztbj.exe
2007-07-02 23:02 124,756 --a------ C:\DOCUME~1\dimitri\mzzvcu.exe
2007-07-02 22:59 <DIR> d-------- C:\install
2007-07-02 22:58 124,756 --a------ C:\DOCUME~1\dimitri\zmsqhb.exe
2007-07-02 22:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-02 22:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-02 22:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-02 21:57 24,040 --a------ C:\WINDOWS\system32\sysprinters.dll
2007-07-02 21:05 <DIR> d-------- C:\Program Files\BitTorrent
2007-07-02 21:05 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\BitTorrent
2007-07-02 18:19 <DIR> d-------- C:\Program Files\iPod
2007-07-02 18:18 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-02 18:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-02 16:18 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\Ahead
2007-07-02 16:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-07-02 16:12 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-02 16:12 <DIR> d-------- C:\Program Files\ffdshow
2007-07-02 15:56 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-02 15:56 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-02 15:56 <DIR> d-------- C:\Program Files\Xvid
2007-07-01 00:17 <DIR> d-------- C:\Program Files\avijoin
2007-06-30 23:43 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\DivX
2007-06-30 23:39 <DIR> d---s---- C:\DOCUME~1\dimitri\UserData
2007-06-30 23:24 <DIR> d-------- C:\Program Files\BSplayer_WhenUSave_Installer
2007-06-29 09:08 <DIR> d-------- C:\Program Files\QuickTime
2007-06-28 07:17 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\Apple Computer
2007-06-28 07:16 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-28 07:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-26 22:40 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-26 21:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-26 21:25 <DIR> d-------- C:\Program Files\Common Files\HP
2007-06-26 21:23 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-06-26 21:22 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-26 21:21 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-06-26 21:19 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-06-26 21:19 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-06-26 21:19 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-06-26 21:19 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-06-26 21:19 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-06-26 21:19 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-06-26 21:19 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-06-26 21:18 <DIR> d-------- C:\Program Files\HP
2007-06-26 21:15 70,273 --a------ C:\WINDOWS\hpoins05.dat
2007-06-26 21:15 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-06-26 21:15 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-06-26 21:15 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-06-26 21:14 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-26 21:14 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-06-26 21:08 581,632 -ra------ C:\WINDOWS\system32\hpotscl.dll
2007-06-26 21:08 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2007-06-26 21:08 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2007-06-26 21:08 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
2007-06-26 21:08 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-26 21:06 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-26 19:53 <DIR> d-------- C:\DOCUME~1\dimitri\Incomplete
2007-06-26 19:52 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\LimeWire
2007-06-26 19:50 <DIR> d-------- C:\Program Files\LimeWire
2007-06-25 23:29 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-25 23:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-25 23:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-25 23:28 <DIR> d-------- C:\e6ca389f62b347743a6b142e045be0
2007-06-25 23:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-25 21:09 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-25 21:04 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-06-25 21:03 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-25 21:02 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-06-25 21:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-06-25 21:00 3,051,520 --------- C:\WINDOWS\UNNeroVision.exe
2007-06-25 21:00 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-06-25 20:59 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-06-25 20:59 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-06-25 20:59 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-06-25 20:59 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-06-25 20:59 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-06-25 20:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-25 20:59 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-06-25 20:59 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-25 20:59 <DIR> d-------- C:\Program Files\Ahead
2007-06-25 20:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-06-25 20:58 <DIR> d-------- C:\DOCUME~1\dimitri\Contacts
2007-06-25 20:54 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-06-25 20:53 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-25 20:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-25 20:50 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-25 20:49 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-06-25 20:42 <DIR> d-------- C:\Program Files\SymNetDrv
2007-06-25 20:37 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-25 20:37 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-25 20:37 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-25 20:37 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-25 20:37 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-25 20:37 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-25 20:37 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-25 20:36 77,824 --a------ C:\WINDOWS\system32\athcfg11resloc.dll
2007-06-25 20:36 61,440 --a------ C:\WINDOWS\system32\wgapiloc.dll
2007-06-25 20:36 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-06-26 19:22:12 75,438 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-06-26 19:22:12 498,132 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2004-09-15 16:34 103552 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2005-04-05 15:07 218736 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 16:52 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-04-27 12:48 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 16:26]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2006-08-07 19:15]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-25 20:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\aawservice]
Contents of the 'Scheduled Tasks' folder
2007-06-25 18:26:08 C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - dimitri.job
2007-07-02 18:00:02 C:\WINDOWS\tasks\HPpromotions journeysoftware.job
2007-07-02 16:15:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
************************************************** ************************
catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 13:08:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-07-03 13:08:41
--- E O F ---
en nieuwe hijackthis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:09:35, on 3/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ACEngSvr.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\dimitri\Bureaublad\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 8380 bytes
Juisterr 3 July 2007, 18:35 Wil je dit bestand eerst eens laten scannen bij Jotti:
C:\WINDOWS\system32\sysprinters.dll
Let op! Soms staan sommige mappen en/of bestanden verborgen, dus eerst even dit uitvoeren: Mijn documenten> extra > mapopties > tabblad Weergave > klik verborgen bestanden en mappen weergeven >OK:
Jotti Virusscan (http://virusscan.jotti.org/) http://virusscan.jotti.org/
Bovenin staat “file to upload”.
Ga via “bladeren” naar onderstaand bestand, laat het scannen door eerst op “openen” en daarna op “submit” te klikken. Kopieer het antwoord dat je krijgt in je volgende post.
Als de server te druk is kun je het bestand ook hier laten scannen:
Kaspersky filescanner (http://www.kaspersky.com/scanforvirus) http://www.kaspersky.com/scanforvirus
Als je dat gedaan hebt doe dan onderstaande aub.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
C:\DOCUME~1\dimitri\ymqsvf.exe
C:\DOCUME~1\dimitri\icdkoj.exe
C:\DOCUME~1\dimitri\pecraw.exe
C:\DOCUME~1\dimitri\xeztbj.exe
C:\DOCUME~1\dimitri\mzzvcu.exe
C:\DOCUME~1\dimitri\zmsqhb.exe
Sla dit op op je Bureaublad als ComboFix-Do.txt.
Sleep ComboFix-Do.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HJT logje en de uitslag van Jotti.
uitslag jotti:
Scan taken on 03 Jul 2007 16:37:31 (GMT)
A-Squared Found nothing
AntiVir Found WORM/IRCBot.24040
ArcaVir Found Trojan.Ircbot.Acd
Avast Found nothing
AVG Antivirus Found BackDoor.Ircbot.AK
BitDefender Found Win32.Worm.Potos.A
ClamAV Found nothing
Dr.Web Found Win32.HLLW.Sodoku
F-Prot Antivirus Found W32/Backdoor.AZWK
F-Secure Anti-Virus Found Backdoor.Win32.IRCBot.acd
Fortinet Found W32/IRCBot.ACD!tr.bdr
Kaspersky Anti-Virus Found Backdoor.Win32.IRCBot.acd
NOD32 Found Win32/IRCBot.XW
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Backdoor.Win32.IRCBot.acd
uitslag combofix:
"dimitri" - 2007-07-03 18:42:35 - ComboFix 07-07-03.8 - Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\dimitri\Bureaublad\combofix-do.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\dimitri\icdkoj.exe
C:\DOCUME~1\dimitri\mzzvcu.exe
C:\DOCUME~1\dimitri\pecraw.exe
C:\DOCUME~1\dimitri\xeztbj.exe
C:\DOCUME~1\dimitri\ymqsvf.exe
C:\DOCUME~1\dimitri\zmsqhb.exe
((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))
2007-07-03 16:24 <DIR> d-------- C:\Program Files\directx
2007-07-03 16:15 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-03 16:07 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\ImgBurn
2007-07-03 13:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 22:59 <DIR> d-------- C:\install
2007-07-02 22:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-02 22:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-02 22:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-02 21:57 24,040 --a------ C:\WINDOWS\system32\sysprinters.dll
2007-07-02 21:05 <DIR> d-------- C:\Program Files\BitTorrent
2007-07-02 21:05 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\BitTorrent
2007-07-02 18:19 <DIR> d-------- C:\Program Files\iPod
2007-07-02 18:18 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-02 18:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-02 16:18 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\Ahead
2007-07-02 16:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-07-02 16:12 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-02 16:12 <DIR> d-------- C:\Program Files\ffdshow
2007-07-02 15:56 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-02 15:56 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-02 15:56 <DIR> d-------- C:\Program Files\Xvid
2007-07-01 00:17 <DIR> d-------- C:\Program Files\avijoin
2007-06-30 23:43 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\DivX
2007-06-30 23:39 <DIR> d---s---- C:\DOCUME~1\dimitri\UserData
2007-06-30 23:24 <DIR> d-------- C:\Program Files\BSplayer_WhenUSave_Installer
2007-06-29 09:08 <DIR> d-------- C:\Program Files\QuickTime
2007-06-28 07:17 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\Apple Computer
2007-06-28 07:16 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-28 07:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-26 22:40 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-26 21:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-26 21:25 <DIR> d-------- C:\Program Files\Common Files\HP
2007-06-26 21:23 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-06-26 21:22 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-06-26 21:21 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-06-26 21:19 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-06-26 21:19 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-06-26 21:19 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-06-26 21:19 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-06-26 21:19 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-06-26 21:19 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-06-26 21:19 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-06-26 21:18 <DIR> d-------- C:\Program Files\HP
2007-06-26 21:15 70,273 --a------ C:\WINDOWS\hpoins05.dat
2007-06-26 21:15 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-06-26 21:15 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-06-26 21:15 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-06-26 21:14 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-06-26 21:14 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-06-26 21:08 581,632 -ra------ C:\WINDOWS\system32\hpotscl.dll
2007-06-26 21:08 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll
2007-06-26 21:08 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2007-06-26 21:08 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
2007-06-26 21:08 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-26 21:06 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-26 19:53 <DIR> d-------- C:\DOCUME~1\dimitri\Incomplete
2007-06-26 19:52 <DIR> d-------- C:\DOCUME~1\dimitri\APPLIC~1\LimeWire
2007-06-26 19:50 <DIR> d-------- C:\Program Files\LimeWire
2007-06-25 23:29 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-25 23:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-25 23:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-25 23:28 <DIR> d-------- C:\e6ca389f62b347743a6b142e045be0
2007-06-25 23:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-25 21:09 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-25 21:04 2,977,792 --------- C:\WINDOWS\UNNMP.exe
2007-06-25 21:03 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-25 21:02 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-06-25 21:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-06-25 21:00 3,051,520 --------- C:\WINDOWS\UNNeroVision.exe
2007-06-25 21:00 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-06-25 20:59 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-06-25 20:59 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-06-25 20:59 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-06-25 20:59 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-06-25 20:59 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-06-25 20:59 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-25 20:59 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-06-25 20:59 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-25 20:59 <DIR> d-------- C:\Program Files\Ahead
2007-06-25 20:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-06-25 20:58 <DIR> d-------- C:\DOCUME~1\dimitri\Contacts
2007-06-25 20:54 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-06-25 20:53 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-25 20:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-25 20:50 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-25 20:49 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-06-25 20:42 <DIR> d-------- C:\Program Files\SymNetDrv
2007-06-25 20:37 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-25 20:37 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-25 20:37 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-25 20:37 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-25 20:37 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-25 20:37 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-25 20:37 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-25 20:36 77,824 --a------ C:\WINDOWS\system32\athcfg11resloc.dll
2007-06-25 20:36 61,440 --a------ C:\WINDOWS\system32\wgapiloc.dll
2007-06-25 20:36 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-25 20:36 494,080 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2007-06-25 20:36 494,080 --a------ C:\WINDOWS\system32\ar5211.sys
2007-06-25 20:36 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-06-26 19:22:12 75,438 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-06-26 19:22:12 498,132 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2004-09-15 16:34 103552 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2005-04-05 15:07 218736 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 17:22]
"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 16:52 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-04-27 12:48 C:\WINDOWS\system32\nwiz.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 16:26]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2006-08-07 19:15]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-25 20:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\aawservice]
Contents of the 'Scheduled Tasks' folder
2007-06-25 18:26:08 C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - dimitri.job
2007-07-03 14:00:02 C:\WINDOWS\tasks\HPpromotions journeysoftware.job
2007-07-02 16:15:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
************************************************** ************************
catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 18:43:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-07-03 18:44:07
C:\ComboFix2.txt ... 2007-07-03 13:08
C:\ComboFix-quarantined-files.txt ... 2007-07-03 18:44
en nieuwe hijackthis log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:45:02, on 3/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\dimitri\Bureaublad\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 8495 bytes
Juisterr 3 July 2007, 21:20 Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Klik op 'Fix checked' om de items te verwijderen.
* Download OTMoveIt.exe en plaats het op je bureaublad:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Open OTMoveIt.exe.
In het linkerpaneel, waar het zegt: "Paste List of Files/Folders to be Moved" ,kopieer en plak onderstaand gedeelte:
C:\WINDOWS\system32\sysprinters.dll
Daarna klik de MoveIt knop onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in volgende map: C:\_OTMoveIt\MovedFiles.
Kopieer en plak de inhoud van die log in je volgende post.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sysprinters.dll
C:\WINDOWS\system32\sysprinters.dll NOT unregistered.
C:\WINDOWS\system32\sysprinters.dll moved successfully.
Created on 07/03/2007 22:31:57
en hijackthis wss:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:33:33, on 3/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\dimitri\Bureaublad\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 8473 bytes
Juisterr 4 July 2007, 13:34 Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.
- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt
Hier nog wat tips. tips (http://www.jawwi.nl/tips/beveiligen.html)
ik vind het wel dat dit allemaal van dat ene msn virusje komt :o dan ga ik mijn maatje zijn pc ook is grondig laten door nemen door julie want die heeft nog meer problemen. Die haar printer print dingen af die niet werden gevraagt enz.
Juisterr 4 July 2007, 18:52 Jaja dat allemaal door dat ene kleine infectietje.
|
|