Volledige versie bekijken : msn virus
benjii49 8 May 2008, 18:48 Hoi,
denk dat er een virus in mennen msn zit, men contacten krijgen dagelijks deze link toegestuurd vanuit mijn account xxxx://benjii49.this.are.the.fri3ndp1x.info (http://benjii49.this.are.the.fri3ndp1x.info)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:17, on 8/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx/?lang=nl-be (http://be.msn.com/default.aspx/?lang=nl-be)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop (http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop (http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 6728 bytes
kunde hieraan zien of da probleemke bij mij zit?
dank bij voorbaat
grtz
Benjii
Juisterr 8 May 2008, 22:22 Download hier MSNFix by BendeBoy (http://www.nucia.eu/dedicated/msnfix) en sla het op je bureaublad.
Dubbelklik MSNFix.exe, er zal nu een icoontje op je bureaublad verschijnen.
Sla eerst al uw documenten en werkjes etc. op omdat er een kans is dat de PC opnieuw moet gestart. Dit is normaal als een bestand zich hardnekkig heeft vast gezet.
Dubbelklik het icoontje "Start MSNFix"en laat het zijn gang gaan.
(Indien je meldingen krijgt van je scanner e.d. sta dit toe).
Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (MSNFix.txt ).
Post die in je volgende bericht, tesamen met een logje van Hijackthis.
benjii49 9 May 2008, 22:54 heb alles uitgevoerd maar dat rapport krijg ik niet, hij zei na een tijdje dat hij een bestand niet kon vinden system32/del.bat geloof ik, kon iets niet uitvoeren
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:54, on 9/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx/?lang=nl-be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 6208 bytes
grtjs
Mosquitos 10 May 2008, 13:34 Dit komt van een andere site uit een topic van de maker van MSNFix
Windows Vista
Download hier MSNFix by BendeBoy (http://www.nucia.eu/dedicated/msnfix/) en sla het op je bureaublad.
Dubbelklik MSNFix.exe, er zal nu een icoontje op je bureaublad verschijnen.
Rechtsklik het icoontje "Start MSNFix" en kies voor "Uitvoeren als Administrator".
Laat het verder zijn gang gaan. Indien je meldingen krijgt van je scanner e.d. sta dit toe.
Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (C:\MSNFix.txt).
benjii49 10 May 2008, 14:33 gelukt denk ik,
------------- BENDEBOYS MSNFIX RAPORT -------------
- Version: 3.6.0.14 - Last Update: 17/02/08
- Scan performed on: za 10/05/2008 - 14:25:22,82 By Vista
- Bootmode: Normal Mode
It is possible to complain about messenger virusses.
Visit MalwareComplaints.com for more information!
Het is mogelijk om uw beklag te doen tegen messenger virussen.
Bezoek MalwareComplaints.com voor meer informatie.
((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))
2008-05-09 -17:58:08 - A.S.. "C:\Windows\bootstat.dat"
2008-05-08 - 7:00:52 - A.... "C:\Windows\DIFxAPI.dll"
2008-04-23 - 7:12:04 - A.... "C:\Windows\System32\advpack.dll"
2008-04-23 - 7:14:22 - A.... "C:\Windows\System32\asferror.dll"
2008-04-23 - 7:12:46 - A.... "C:\Windows\System32\dnsapi.dll"
2008-04-23 - 7:12:46 - A.... "C:\Windows\System32\dnsrslvr.dll"
2008-04-23 - 7:12:04 - A.... "C:\Windows\System32\dxtmsft.dll"
2008-04-23 - 7:12:04 - A.... "C:\Windows\System32\dxtrans.dll"
2008-04-23 -17:12:00 - A.... "C:\Windows\System32\FNTCACHE.DAT"
2008-04-23 - 7:13:58 - A.... "C:\Windows\System32\gameux.dll"
2008-04-23 - 7:14:12 - A.... "C:\Windows\System32\gdi32.dll"
2008-04-23 - 7:12:00 - A.... "C:\Windows\System32\icardie.dll"
2008-04-23 - 7:11:58 - A.... "C:\Windows\System32\ie4uinit.exe"
2008-04-23 - 7:12:04 - A.... "C:\Windows\System32\ieapfltr.dll"
2008-04-23 - 7:12:02 - A.... "C:\Windows\System32\ieframe.dll"
2008-04-23 - 7:11:58 - A.... "C:\Windows\System32\iernonce.dll"
2008-04-23 - 7:11:58 - A.... "C:\Windows\System32\iesetup.dll"
2008-04-23 - 7:12:04 - A.... "C:\Windows\System32\ieui.dll"
2008-04-23 - 7:11:58 - A.... "C:\Windows\System32\ieUnatt.exe"
2008-04-23 - 7:12:04 - A.... "C:\Windows\System32\jsproxy.dll"
2008-04-23 - 7:14:22 - A.... "C:\Windows\System32\LAPRXY.DLL"
2008-04-23 - 7:10:52 - A.... "C:\Windows\System32\mcmde.dll"
2008-04-05 -22:56:22 - A.... "C:\Windows\System32\mrt.exe"
2008-04-23 - 7:12:02 - A.... "C:\Windows\System32\mshtml.dll"
2008-04-23 - 7:12:02 - A.... "C:\Windows\System32\mshtmled.dll"
2008-04-23 - 7:12:00 - A.... "C:\Windows\System32\mstime.dll"
2008-04-23 - 7:15:10 - A.... "C:\Windows\System32\netcfg.exe"
2008-04-23 - 7:15:10 - A.... "C:\Windows\System32\netiougc.exe"
2008-04-23 - 7:15:24 - A.... "C:\Windows\System32\ntkrnlpa.exe"
2008-04-23 - 7:15:24 - A.... "C:\Windows\System32\ntoskrnl.exe"
2008-04-23 - 7:13:32 - A.... "C:\Windows\System32\oleaut32.dll"
2008-05-09 -18:03:48 - A.... "C:\Windows\System32\perfc009.dat"
2008-05-09 -18:03:48 - A.... "C:\Windows\System32\perfc013.dat"
2008-05-09 -18:03:48 - A.... "C:\Windows\System32\perfh009.dat"
2008-05-09 -18:03:48 - A.... "C:\Windows\System32\perfh013.dat"
2008-04-23 - 7:11:58 - A.... "C:\Windows\System32\pngfilt.dll"
2008-04-23 - 7:14:56 - A.... "C:\Windows\System32\quartz.dll"
2008-04-23 - 7:15:10 - A.... "C:\Windows\System32\tcpipcfg.dll"
2008-04-23 - 7:11:16 - A.... "C:\Windows\System32\tzres.dll"
2008-04-23 - 7:11:58 - A.... "C:\Windows\System32\urlmon.dll"
2008-04-23 -17:23:42 - A.... "C:\Windows\System32\w95inf16.dll"
2008-04-23 -17:23:42 - A.... "C:\Windows\System32\w95inf32.dll"
2008-04-23 - 7:16:36 - A.... "C:\Windows\System32\WebClnt.dll"
2008-04-23 - 7:12:04 - A.... "C:\Windows\System32\wininet.dll"
2008-04-23 - 7:14:22 - A.... "C:\Windows\System32\WMASF.DLL"
2008-04-23 - 6:10:52 - A.... "C:\Windows\System32\wuapi.dll"
2008-04-23 - 6:10:30 - A.... "C:\Windows\System32\wuapp.exe"
2008-04-23 - 6:11:22 - A.... "C:\Windows\System32\wuauclt.exe"
2008-04-23 - 6:11:22 - A.... "C:\Windows\System32\wuaueng.dll"
2008-04-23 - 6:11:22 - A.... "C:\Windows\System32\wucltux.dll"
2008-04-23 - 6:10:52 - A.... "C:\Windows\System32\wudriver.dll"
2008-04-23 - 6:10:52 - A.... "C:\Windows\System32\wups.dll"
2008-04-23 - 6:11:22 - A.... "C:\Windows\System32\wups2.dll"
2008-04-23 - 6:10:30 - A.... "C:\Windows\System32\wuwebv.dll"
2008-05-10 -14:23:24 - A.SH. "C:\Users\Vista\ntuser.dat"
((((((((((((((( DELETING )))))))))))))))
!! FILES BEFORE FIX !!
C:\Windows\System32\javaws.exe
!! FILES AFTER FIX !!
((((((((((((((( ShellServiceObjectDelayLoad )))))))))))))))
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
---------- END OF LOG ----------
de hijackthislog,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:19, on 10/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx/?lang=nl-be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 6107 bytes
grtjs
Juisterr 10 May 2008, 16:01 Oeps, tja vista, verkeerde link gegeven. :shy:
Schakel tijdelijk Windows Defender uit
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
* Open Windows Defender > Klik Tools
* Klik "General Settings" of Options
* Scroll naar "Real Time Protection Options"
* Haal het vinkje weg bij "Turn on Real Time Protection (recommended)" > Klik "Save"
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)
Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden)
Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
benjii49 10 May 2008, 19:21 de logbestandjes,
ComboFix 08-05-09.1 - Vista 2008-05-10 18:58:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1083 [GMT 2:00]
Gestart vanuit: C:\Users\Vista\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\jusched.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))
.
2008-05-10 18:58 . 2008-05-10 18:58 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-05-08 18:13 . 2008-05-10 18:48 <DIR> d-------- C:\hijackthis
2008-05-08 07:02 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-05-08 07:00 . 2008-01-15 11:26 4,874,240 --a------ C:\Windows\RtHDVCpl.exe
2008-05-08 07:00 . 2008-01-07 19:30 2,156,544 --a------ C:\Windows\System32\RtkAPO.dll
2008-05-08 07:00 . 2008-01-15 19:19 2,047,576 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-05-08 07:00 . 2007-11-07 17:31 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-05-08 07:00 . 2008-01-09 18:52 636,416 --a------ C:\Windows\System32\RtkPgExt.dll
2008-05-08 07:00 . 2007-11-13 12:35 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-05-08 07:00 . 2008-01-14 16:18 29,696 --a------ C:\Windows\System32\RtkCoInst.dll
2008-05-07 17:42 . 2008-05-08 07:53 <DIR> d-------- C:\Users\Vista\{fca3417e-97f6-4c8f-9afc-c90dd737e177}
2008-04-24 00:18 . 2008-04-24 00:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-23 17:22 . 2008-04-23 17:23 <DIR> d-------- C:\Program Files\ArcSoft
2008-04-23 17:22 . 1999-05-26 09:46 212,480 --a------ C:\Windows\pcdlib32.dll
2008-04-23 17:22 . 2001-06-20 11:09 21 --a------ C:\Windows\PI_setup.ini
2008-04-23 17:21 . 2008-04-23 17:21 <DIR> d-------- C:\Windows\Options
2008-04-23 17:21 . 2008-04-23 17:21 <DIR> d-------- C:\Program Files\Aashima
2008-04-23 17:21 . 2002-05-22 17:35 127,038 --a------ C:\Windows\Clement.exe
2008-04-23 07:16 . 2008-04-23 17:21 <DIR> d-------- C:\Windows\System32\Color
2008-04-23 07:16 . 2008-04-23 07:16 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-23 07:16 . 2008-04-23 07:16 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-23 07:14 . 2008-04-23 07:14 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-23 07:14 . 2008-04-23 07:14 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-04-23 07:14 . 2008-04-23 07:14 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-23 07:14 . 2008-04-23 07:14 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-23 07:14 . 2008-04-23 07:14 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-23 07:14 . 2008-04-23 07:14 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-23 07:13 . 2008-04-23 07:13 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-04-23 07:13 . 2008-04-23 07:13 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-04-23 07:13 . 2008-04-23 07:13 558,080 --a------ C:\Windows\System32\oleaut32.dll
2008-04-23 07:13 . 2008-04-23 07:13 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-23 07:11 . 2008-04-23 07:11 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-04-23 07:11 . 2008-04-23 07:11 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-23 07:11 . 2008-04-23 07:11 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-04-23 07:11 . 2008-04-23 07:11 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-04-23 07:11 . 2008-04-23 07:11 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-23 07:10 . 2008-04-23 07:10 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-04-23 06:11 . 2008-04-23 06:11 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-23 06:11 . 2008-04-23 06:11 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-23 06:11 . 2008-04-23 06:11 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-23 06:11 . 2008-04-23 06:11 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-23 06:10 . 2008-04-23 06:10 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-23 06:10 . 2008-04-23 06:10 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-23 06:10 . 2008-04-23 06:10 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-23 06:10 . 2008-04-23 06:10 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-23 06:10 . 2008-04-23 06:10 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-22 20:50 . 2008-04-22 20:50 <DIR> d-------- C:\Users\Vista\AppData\Roaming\WinBatch
2008-04-22 20:22 . 2008-04-22 20:22 <DIR> d-------- C:\Windows\PCHEALTH
2008-04-22 20:19 . 2008-04-22 20:22 <DIR> d-------- C:\Program Files\Windows Live
2008-04-22 20:19 . 2008-04-23 17:54 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-22 20:18 . 2008-04-23 17:50 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-04-22 20:18 . 2008-04-23 17:50 <DIR> d-------- C:\ProgramData\WLInstaller
2008-04-21 14:44 . 2008-04-21 14:47 <DIR> dr------- C:\Users\Vista\Favorieten
2008-04-21 14:02 . 2008-04-21 14:11 <DIR> d-------- C:\Oude Schijf
2008-04-17 11:03 . 2008-04-17 11:03 <DIR> dr------- C:\Users\Vista\Searches
2008-04-17 11:03 . 2008-04-23 17:56 <DIR> dr------- C:\Users\Vista\Contacts
2008-04-17 11:03 . 2008-04-17 11:03 <DIR> d-------- C:\Users\Vista\AppData\Roaming\Symantec
2008-04-17 11:03 . 2008-04-17 11:03 <DIR> d-------- C:\Users\Vista\AppData\Roaming\ATI
2008-04-17 11:03 . 2008-04-17 11:03 <DIR> d--hs---- C:\$RECYCLE.BIN
2008-04-17 11:01 . 2008-04-17 11:01 <DIR> d-------- C:\Users\Vista\AppData\Roaming\Hewlett-Packard
2008-04-17 10:59 . 2008-04-17 11:03 <DIR> dr------- C:\Users\Vista\Videos
2008-04-17 10:59 . 2008-04-17 11:03 <DIR> dr------- C:\Users\Vista\Saved Games
2008-04-17 10:59 . 2008-04-21 14:44 <DIR> dr------- C:\Users\Vista\Pictures
2008-04-17 10:59 . 2008-04-21 14:44 <DIR> dr------- C:\Users\Vista\Music
2008-04-17 10:59 . 2008-04-17 11:03 <DIR> dr------- C:\Users\Vista\Links
2008-04-17 10:59 . 2008-04-17 11:03 <DIR> dr------- C:\Users\Vista\Downloads
2008-04-17 10:59 . 2008-04-23 07:03 <DIR> dr------- C:\Users\Vista\Documents
2008-04-17 10:59 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Vista\AppData\Roaming\Media Center Programs
2008-04-17 10:59 . 2008-04-17 10:59 <DIR> d--h----- C:\Users\Vista\AppData
2008-04-17 10:59 . 2008-05-08 07:01 <DIR> d-------- C:\Users\Vista
2008-04-17 10:59 . 2008-04-17 11:11 524,288 --ahs---- C:\Users\Vista\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms
2008-04-17 10:59 . 2008-04-17 11:11 524,288 --ahs---- C:\Users\Vista\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
2008-04-17 10:59 . 2008-05-10 19:00 262,144 --ah----- C:\Users\Vista\ntuser.dat.LOG1
2008-04-17 10:59 . 2008-04-17 11:11 65,536 --ahs---- C:\Users\Vista\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-17 10:59 . 2008-04-17 10:59 1,835 -rahs---- C:\Windows\System32\drivers\103C_HP_CPC_KC863AA-B14 a6320.be_YC_0Pavi_QCZH751_E81NLv3PrA1_49_INARRA2_S ASUSTek Computer INC._V2.00_B5.13_T071029_WUH0_L413_M2047_J500_7AMD _8Athlon 64 X2 Dual Core_92.6_#080417_N10DE03EF_Z_G100294C3.MRK
2008-04-17 10:59 . 2008-04-17 10:59 0 --ah----- C:\Users\Vista\ntuser.dat.LOG2
2008-04-17 10:55 . 2008-04-17 10:55 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-10 14:18 --------- d-----w C:\ProgramData\Symantec
2008-05-08 05:00 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-08 05:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-30 15:58 --------- d-----w C:\Program Files\ATI Technologies
2008-04-23 15:23 4,608 ----a-w C:\Windows\System32\w95inf32.dll
2008-04-23 15:23 2,272 ----a-w C:\Windows\System32\w95inf16.dll
2008-04-23 15:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 15:10 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-23 15:10 --------- d-----w C:\Program Files\Windows Mail
2008-04-23 05:13 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-23 05:13 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-23 05:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-23 05:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-23 05:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-23 05:12 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-04-23 05:12 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-23 05:12 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 05:12 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-04-23 05:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-23 05:12 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-23 05:12 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-04-23 05:12 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-04-23 04:15 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-23 04:09 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-23 04:09 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-04-23 04:09 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-23 04:09 --------- d-----w C:\Program Files\Symantec
2008-04-17 08:59 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-04-17 08:55 --------- d-sh--w C:\ProgramData\Sjablonen
2008-04-17 08:55 --------- d-sh--w C:\ProgramData\Menu Start
2008-04-17 08:55 --------- d-sh--w C:\ProgramData\Favorieten
2008-04-17 08:55 --------- d-sh--w C:\ProgramData\Documenten
2008-04-17 08:55 --------- d-sh--w C:\ProgramData\Bureaublad
2008-02-25 20:10 372,736 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-02-25 20:10 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-02-25 20:09 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-02-25 20:09 315,392 ----a-w C:\Windows\System32\atipdlxx.dll
2008-02-25 20:09 253,952 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-02-25 20:08 655,360 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-02-25 20:00 1,499,136 ----a-w C:\Windows\System32\atidxx32.dll
2008-02-25 19:55 3,074,048 ----a-w C:\Windows\System32\atiumdag.dll
2008-02-25 19:47 9,662,464 ----a-w C:\Windows\System32\atioglxx.dll
2008-02-25 19:40 4,084,736 ----a-w C:\Windows\System32\atiumdva.dll
2008-02-25 19:29 47,104 ----a-w C:\Windows\System32\amdpcom32.dll
2008-02-19 18:34 75,883 ----a-w C:\Windows\System32\Fix.bat
2007-12-10 23:36 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 15:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-11 02:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 15:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-23 07:13 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-11 10:01 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 03:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.JPGL"= jpgl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{36ADF0D0-3273-4304-B61D-31C5AA81B948}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{49418AC1-E460-44AF-9AA7-EC8110F337B8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsd efs\20080507.010\IDSvix86.sys [2008-04-03 23:22]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2008-02-26 00:53]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mo n.sys [2007-05-29 08:55]
R3 DCamUSBNW800;CIF USB Camera (2110);C:\Windows\system32\DRIVERS\pcam800.sys [2002-04-29 16:23]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2007-08-13 08:50]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Inhoud van de 'Gedeelde Taken' map
"2008-05-05 18:30:08 C:\Windows\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Vista.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 19:00:21
Windows 6.0.6000 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2008-05-10 19:01:16
ComboFix-quarantined-files.txt 2008-05-10 17:01:13
Pre-Run: 398,539,542,528 bytes beschikbaar
Post-Run: 398,645,547,008 bytes beschikbaar
224 --- E O F --- 2008-05-09 16:03:25
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:58, on 10/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx/?lang=nl-be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 5800 bytes,
grtjs
Juisterr 10 May 2008, 20:51 Alleen nog je java updaten.
Download Java Runtime Environment (JRE) 6u6 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 6".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement", en klik op Continue.
De pagina zal herladen.
Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 6 en bewaar het op je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u6-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.
Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG
benjii49 11 May 2008, 12:29 heb je stappen gedaan tot het verwijderen van java, bij mij staat er alleen Java(TM) SE Runtime Environment 6 update 1 tussen, moet ik deze verwijderen dan?
Grtz
Ben
ps: kan wel zijn dat ik morgen pas reageer, vertrek zo dadelijk en weet nog niet wanneer ik terug ben ;)
Mosquitos 11 May 2008, 15:35 heb je stappen gedaan tot het verwijderen van java, bij mij staat er alleen Java(TM) SE Runtime Environment 6 update 1 tussen, moet ik deze verwijderen dan?
Grtz
Ben
ps: kan wel zijn dat ik morgen pas reageer, vertrek zo dadelijk en weet nog niet wanneer ik terug ben ;)
Ja eerst de oude java verwijderen en dan de nieuwe installeren.
Anders ga je 2 versies hebben.
benjii49 12 May 2008, 13:04 Heb Java geinstalleerd en combofix is verwijdert, moet ik nu nog een log maken of is het in orde zo?
iedereen alvast bedankt voor de hulp
grtjs
Juisterr 12 May 2008, 17:21 Het is goed zo.
|
|