Ga naar inhoud

[OPGELOST] MSN virus


Aanbevolen berichten

  • Reacties 35
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Je was sneller met je logjes ... dan ik met mijn antwoord :)

Om te beginnen mag je dit al uitvoeren.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Dream%20D...es/stg_drm.ocx

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chocolati.../armhelper.ocx

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte mappen via Windows Verkenner :

C:\Program Files\AdTools Service

C:\Program Files\Common Files\BOONTY Shared

En hang dan een nieuw logje van HJT aan een volgende bericht.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:04:23, on 14/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE

C:\WINDOWS\vsnpstd.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

D:\sony\SsAAD.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ssAAD.exe] D:\sony\SsAAD.exe

O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\system32\Utility.exe \1008

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares lite] "D:\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129w.bay129.mail.live.com/mail/resources/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--

End of file - 11173 bytes

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\sqmnoopt11.sqm

C:\sqmdata09.sqm

C:\sqmnoopt10.sqm

C:\sqmdata08.sqm

C:\WINDOWS\system32\ehlgcs.exe

C:\sqmnoopt09.sqm

C:\sqmdata07.sqm

C:\sqmnoopt08.sqm

C:\sqmdata06.sqm

C:\sqmnoopt07.sqm

C:\sqmdata05.sqm

C:\sqmnoopt06.sqm

C:\sqmdata04.sqm

C:\WINDOWS\system32\hacklg.exe

C:\sqmnoopt05.sqm

C:\sqmdata03.sqm

C:\sqmnoopt04.sqm

C:\sqmdata02.sqm

C:\sqmnoopt03.sqm

C:\sqmdata01.sqm

C:\WINDOWS\system32\SETE1.tmp

C:\WINDOWS\system32\SETAC.tmp

C:\WINDOWS\system32\SET82.tmp

C:\WINDOWS\system32\SET4F.tmp

C:\WINDOWS\system32\SET395.tmp

C:\WINDOWS\system32\SET22.tmp

C:\WINDOWS\system32\SET15.tmp

C:\WINDOWS\system32\SETB6.tmp

C:\WINDOWS\system32\SETE.tmp

C:\WINDOWS\system32\SETA5.tmp

C:\WINDOWS\system32\SET7B.tmp

C:\WINDOWS\system32\SET48.tmp

C:\WINDOWS\system32\SET38E.tmp

C:\WINDOWS\system32\SET1B.tmp

Folder::

C:\SDFix

C:\FOUND.004

C:\FOUND.003

C:\FOUND.002

C:\FOUND.001

C:\Program Files\temp01

C:\Program Files\AdTools Service

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 08-04-13.3 - An Froyman 2008-04-14 13:14:56.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.262 [GMT 2:00]

Gestart vanuit: C:\Downloads\ComboFix.exe

Command switches used :: C:\Documents and Settings\An Froyman\Bureaublad\CFscript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\sqmdata01.sqm

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmdata07.sqm

C:\sqmdata08.sqm

C:\sqmdata09.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\sqmnoopt07.sqm

C:\sqmnoopt08.sqm

C:\sqmnoopt09.sqm

C:\sqmnoopt10.sqm

C:\sqmnoopt11.sqm

C:\WINDOWS\system32\ehlgcs.exe

C:\WINDOWS\system32\hacklg.exe

C:\WINDOWS\system32\SET15.tmp

C:\WINDOWS\system32\SET1B.tmp

C:\WINDOWS\system32\SET22.tmp

C:\WINDOWS\system32\SET38E.tmp

C:\WINDOWS\system32\SET395.tmp

C:\WINDOWS\system32\SET48.tmp

C:\WINDOWS\system32\SET4F.tmp

C:\WINDOWS\system32\SET7B.tmp

C:\WINDOWS\system32\SET82.tmp

C:\WINDOWS\system32\SETA5.tmp

C:\WINDOWS\system32\SETAC.tmp

C:\WINDOWS\system32\SETB6.tmp

C:\WINDOWS\system32\SETE.tmp

C:\WINDOWS\system32\SETE1.tmp

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\FOUND.001

C:\FOUND.001\FILE0000.CHK

C:\FOUND.002

C:\FOUND.002\FILE0000.CHK

C:\FOUND.002\FILE0001.CHK

C:\FOUND.002\FILE0002.CHK

C:\FOUND.002\FILE0003.CHK

C:\FOUND.003

C:\FOUND.003\FILE0000.CHK

C:\FOUND.003\FILE0001.CHK

C:\FOUND.004

C:\FOUND.004\FILE0000.CHK

C:\FOUND.004\FILE0001.CHK

C:\FOUND.004\FILE0002.CHK

C:\FOUND.004\FILE0003.CHK

C:\FOUND.004\FILE0004.CHK

C:\Program Files\temp01\

C:\SDFix

C:\SDFix\apps\assosfix.reg

C:\SDFix\apps\cliptext.exe

C:\SDFix\apps\download.exe

C:\SDFix\apps\dummy.sys

C:\SDFix\apps\Enable_Command_Prompt.reg

C:\SDFix\apps\ERDNT.E_E

C:\SDFix\apps\ERDNTDOS.LOC

C:\SDFix\apps\ERDNTWIN.LOC

C:\SDFix\apps\ERUNT.EXE

C:\SDFix\apps\ERUNT.LOC

C:\SDFix\apps\fix.reg

C:\SDFix\apps\FixBH.reg

C:\SDFix\apps\FixComponents.reg

C:\SDFix\apps\FIXCU.reg

C:\SDFix\apps\FIXLM.reg

C:\SDFix\apps\FixPath.exe

C:\SDFix\apps\FixRedir.reg

C:\SDFix\apps\FixSchedule.reg

C:\SDFix\apps\FixWebCheck.reg

C:\SDFix\apps\FixXPsp2.reg

C:\SDFix\apps\grep.exe

C:\SDFix\apps\HPFix.reg

C:\SDFix\apps\HPFix2.reg

C:\SDFix\apps\HPFix3.reg

C:\SDFix\apps\HPFix4.reg

C:\SDFix\apps\HPFix5.reg

C:\SDFix\apps\HPFix6.reg

C:\SDFix\apps\HPFix7.reg

C:\SDFix\apps\isadmin.exe

C:\SDFix\apps\leg2.txt

C:\SDFix\apps\legacy.txt

C:\SDFix\apps\legacybk.txt

C:\SDFix\apps\locate.com

C:\SDFix\apps\LS.exe

C:\SDFix\apps\MD5File.exe

C:\SDFix\apps\MyGcpvFix.reg

C:\SDFix\apps\MyGkFix2.reg

C:\SDFix\apps\Process.exe

C:\SDFix\apps\procs.exe

C:\SDFix\apps\psservice.exe

C:\SDFix\apps\Rem.txt

C:\SDFix\apps\Rem2.txt

C:\SDFix\apps\Replace\regedit.exe

C:\SDFix\apps\Replace\W2K.exe

C:\SDFix\apps\Replace\w2k\beep.sys

C:\SDFix\apps\Replace\w2k\null.sys

C:\SDFix\apps\Replace\XP.exe

C:\SDFix\apps\Replace\xp\beep.sys

C:\SDFix\apps\Replace\xp\null.sys

C:\SDFix\apps\Reset_AppInit_DLLs.reg

C:\SDFix\apps\RestartIt!.exe

C:\SDFix\apps\Restore_SecurityCenter.reg

C:\SDFix\apps\Restore_SharedAccess.reg

C:\SDFix\apps\sc.exe

C:\SDFix\apps\sed.exe

C:\SDFix\apps\SF.exe

C:\SDFix\apps\shutdown.exe

C:\SDFix\apps\srv2.txt

C:\SDFix\apps\srv2bk.txt

C:\SDFix\apps\svc.txt

C:\SDFix\apps\svcbk.txt

C:\SDFix\apps\swreg.exe

C:\SDFix\apps\swsc.exe

C:\SDFix\apps\unzip.exe

C:\SDFix\apps\vfind.exe

C:\SDFix\apps\WINMSG.EXE

C:\SDFix\apps\winsec.reg

C:\SDFix\apps\zip.exe

C:\SDFix\backups\backupreg.zip

C:\SDFix\backups\backups.zip

C:\SDFix\backups\HOSTS

C:\SDFix\catchme.exe

C:\SDFix\dummy.sys

C:\SDFix\Report.txt

C:\SDFix\RunThis.bat

C:\SDFix\SDFIX_ReadMe_Online.url

C:\sqmdata01.sqm

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmdata07.sqm

C:\sqmdata08.sqm

C:\sqmdata09.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\sqmnoopt07.sqm

C:\sqmnoopt08.sqm

C:\sqmnoopt09.sqm

C:\sqmnoopt10.sqm

C:\sqmnoopt11.sqm

C:\WINDOWS\system32\ehlgcs.exe

C:\WINDOWS\system32\hacklg.exe

C:\WINDOWS\system32\SET15.tmp

C:\WINDOWS\system32\SET1B.tmp

C:\WINDOWS\system32\SET22.tmp

C:\WINDOWS\system32\SET38E.tmp

C:\WINDOWS\system32\SET395.tmp

C:\WINDOWS\system32\SET48.tmp

C:\WINDOWS\system32\SET4F.tmp

C:\WINDOWS\system32\SET7B.tmp

C:\WINDOWS\system32\SET82.tmp

C:\WINDOWS\system32\SETA5.tmp

C:\WINDOWS\system32\SETAC.tmp

C:\WINDOWS\system32\SETB6.tmp

C:\WINDOWS\system32\SETE.tmp

C:\WINDOWS\system32\SETE1.tmp

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))

.

2008-04-14 11:08 . 2008-04-14 11:08 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-14 09:59 . 2008-04-14 09:59 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-09 17:56 . 2008-04-09 17:56 <DIR> d-------- C:\Program Files\Prisma

2008-04-08 19:31 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-04-08 19:29 . 2008-04-08 19:29 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-04-03 15:04 . 2008-04-03 15:04 648 --a------ C:\bar.emf

2008-03-30 11:59 . 2008-03-30 12:00 <DIR> d-------- C:\Program Files\Microsoft Works

2008-03-30 11:55 . 2008-03-30 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-30 11:53 . 2008-03-30 11:53 <DIR> dr-h----- C:\MSOCache

2008-03-29 09:48 . 2008-03-29 09:48 <DIR> d-------- C:\Program Files\uTorrent

2008-03-29 09:47 . 2008-03-29 09:47 <DIR> d-------- C:\Documents and Settings\An Froyman\Application Data\uTorrent

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 15:20 --------- d-----w C:\Documents and Settings\An Froyman\Application Data\cerasus.media

2008-03-04 20:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-03 12:08 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-03 12:08 --------- d-----w C:\Program Files\Windows Live

2008-03-03 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-27 09:35 0 ----a-w C:\Program Files\temp01

2008-02-26 14:16 --------- d-----w C:\Program Files\Alawar

2008-02-25 12:26 --------- d-----w C:\Program Files\Farm Frenzy

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2003-03-25 10:28 13,089,928 ----a-r C:\WINDOWS\system32\config\systemprofile\mpsetup.exe

2003-03-25 10:28 13,089,928 ----a-r C:\Documents and Settings\Default User\mpsetup.exe

.

((((((((((((((((((((((((((((( snapshot@2008-04-14_10.59.12,47 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-14 08:09:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-14 11:13:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-01-16 15:54:00 53,770 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-04-14 09:03:52 53,770 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-01-16 15:54:00 70,744 ----a-w C:\WINDOWS\system32\perfc013.dat

+ 2008-04-14 09:03:52 70,744 ----a-w C:\WINDOWS\system32\perfc013.dat

- 2008-01-16 15:54:00 382,026 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-04-14 09:03:52 382,026 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-01-16 15:54:00 444,074 ----a-w C:\WINDOWS\system32\perfh013.dat

+ 2008-04-14 09:03:52 444,074 ----a-w C:\WINDOWS\system32\perfh013.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"ares lite"="D:\Ares\Ares.exe" [ ]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 19:57 98304]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 19:57 532480]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]

"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-04-08 12:00 59392]

"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168]

"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-08 12:00 455168]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:10 339968]

"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-07-05 18:52 315392]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-30 16:58 71304]

"LWBMOUSE"="C:\Program Files\Belkin muis\Wireless Mouse Driver\MOUSE32A.EXE" [2001-11-09 08:47 356352]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-26 11:10 77824]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 17:39 40960]

"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]

"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28 155648]

"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe" [ ]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-24 13:44 100056]

"SsAAD.exe"="D:\sony\SsAAD.exe" [2006-01-07 02:36 81920]

"CloseDNF"="C:\WINDOWS\system32\Utility.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"<NO NAME>"=

R1 SMBHC;Stuurprogramma voor Microsoft SM Bus-hostcontroller;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57]

R3 SMBBATT;Microsoft Smart Battery-stuurprogramma;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07]

S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys []

S3 AtmElan;ATM geëmuleerde LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]

S3 AtmLane;ATM LAN-emulatie;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-03 22:58]

S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Inhoud van de 'Gedeelde Taken' map

"2008-01-18 18:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:

"2008-04-09 15:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - An Froyman.job"

- C:\PROGRA~1\NORTON~1\NAVW32.EXEh/task:

"2008-04-14 09:42:20 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-14 13:17:54

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-14 13:18:23

ComboFix-quarantined-files.txt 2008-04-14 11:18:20

ComboFix2.txt 2008-04-14 08:59:24

Pre-Run: 14,066,778,112 bytes beschikbaar

Post-Run: 14,051,049,472 bytes beschikbaar

.

2008-04-14 07:30:37 --- E O F ---

Is dit ongeveer alles? Ik ben mij toch zorgen aan het maken... mijn virusprogramma staat niet meer op 'autoprotect' en ik ben hier vanalles aan het doen wat ik niet begrijp? Wat is juist de bedoeling?

Link naar reactie
Delen op andere sites

Is dit ongeveer alles? Ik ben mij toch zorgen aan het maken... mijn virusprogramma staat niet meer op 'autoprotect' en ik ben hier vanalles aan het doen wat ik niet begrijp? Wat is juist de bedoeling?
Nog niet helemaal ... maar als je begint te twijfelen over wat we aan het doen zijn is het beter dat we er mee stoppen. Want het is jouw PC. Doel van heel deze handel was om je besmetting op te ruimen ... en dat is voor een groot deel ook al gebeurd. Dan houden we het daar maar bij, want de topic starter is altijd de baas :s
Link naar reactie
Delen op andere sites

OK, dan gaan we weer aan de slag.

Wil je even nakijken of je volgende mappen nog op je PC kan vinden ?

C:\Program Files\temp01

C:\Program Files\AdTools Service

C:\Program Files\Common Files\BOONTY Shared

Zo ja, mag je deze allemaal verwijderen. Zo nee, laat dat even weten.

Wat die antivirus betreft. Kan je die instelling "autoprotect" in je Norton niet terug (manueel) inschakelen. Ben geen Norton-kenner, maar dat lijkt me toch mogelijk te moeten zijn.

Als je dit achter de rug hebt, nog graag een nieuw logje van HJT ... en met wat meeval zijn we dan bijna aan het einde van je Latijn :)

Link naar reactie
Delen op andere sites

Als ik 'autoprotect' terug wil inschakelen, geeft norton een 'fout'......
Welk is de juiste foutmelding ? En heb je die Norton op CD of online binnengehaald ? Zodat je (indien nodig) een nieuwe installatie kan doen.

Nog graag dat nieuw HJT-logje, aub.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.