Ga naar inhoud

reneebeerens

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    5

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door reneebeerens

    [OPGELOST] Vermoedelijk MSN virus

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Beste Kape,

    Ik had dit ook al gevonden, maar toch bedankt voor je snelle reactie!!! Ik heb precies gedaan wat je hebt gezegd en dit zijn de verkregen rapporten (erg lang)

    Report SDFix

    SDFix: Version 1.165

    Run by Ren‚e on ma 31-03-2008 at 14:41

    Microsoft Windows XP [versie 5.1.2600]

    Running From: C:\SDFix\SDFix

    Checking Services :

    Restoring Windows Registry Values

    Restoring Windows Default Hosts File

    Rebooting

    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\MDXTHWJ.exe - Deleted

    C:\Program Files\nvcoi\mst.stt - Deleted

    C:\WINDOWS\mrofinu1423.exe - Deleted

    C:\WINDOWS\mrofinu1423.exe.tmp - Deleted

    C:\WINDOWS\system32\real.txt - Deleted

    Folder C:\Program Files\JavaCore - Removed

    Folder C:\Program Files\nvcoi - Removed

    Folder C:\Program Files\Temporary - Removed

    Removing Temp Files

    ADS Check :

    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-03-31 14:49:46

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully

    hidden processes: 0

    hidden services: 0

    hidden files: 234

    Remaining Services :

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"

    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    @=""

    "C:\\WINDOWS\\system32\\mdxthwj.exe"="C:\\WINDOWS\\system32\\mdxthwj.exe:*:Enabled:Flash Media"

    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :

    File Backups: - C:\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"

    Sat 13 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"

    Mon 21 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

    Thu 7 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"

    Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"

    Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"

    Thu 27 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24787781dffde805add010cf21f5c14a\BIT9.tmp"

    Wed 19 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BITC.tmp"

    Tue 15 Jan 2008 7,265,280 ...H. --- "C:\Documents and Settings\Ren‚e\Application Data\Microsoft\Word\~WRL0245.tmp"

    Wed 16 Jan 2008 7,586,304 ...H. --- "C:\Documents and Settings\Ren‚e\Application Data\Microsoft\Word\~WRL1651.tmp"

    Tue 15 Jan 2008 7,834,624 ...H. --- "C:\Documents and Settings\Ren‚e\Application Data\Microsoft\Word\~WRL2483.tmp"

    Fri 17 Nov 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BITE0.tmp"

    Mon 30 Oct 2006 245,760 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Chemie\~WRL2243.tmp"

    Thu 12 Oct 2006 115,200 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL0005.tmp"

    Thu 12 Oct 2006 134,656 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL0180.tmp"

    Thu 12 Oct 2006 117,760 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL1231.tmp"

    Thu 12 Oct 2006 122,880 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL1287.tmp"

    Thu 12 Oct 2006 135,680 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL1492.tmp"

    Thu 12 Oct 2006 117,760 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL1809.tmp"

    Thu 12 Oct 2006 134,656 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL1864.tmp"

    Thu 12 Oct 2006 120,320 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL2114.tmp"

    Thu 12 Oct 2006 130,560 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL2959.tmp"

    Thu 12 Oct 2006 120,320 A..H. --- "C:\Documents and Settings\Ren‚e\Mijn documenten\HAS Den Bosch\VM Jaar 1\Blok 1\Casi\Casus Week 7 'Maak er moes van'\~WRL3422.tmp"

    Finished!

    Rapport HJT (second run)

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:57:12, on 31-3-2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

    C:\WINDOWS\system32\iprntctl.exe

    C:\WINDOWS\system32\iprntlgn.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Program Files\HPQ\SHARED\HPQWMI.exe

    C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe

    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    C:\Documents and Settings\Renée\Mijn documenten\Software\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = brdmgr.hasdb.nl:8080

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON

    O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

    O4 - HKLM\..\RunOnce: [symLnch] "C:\Documents and Settings\Renée\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Renée\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 10717 bytes

    Ik hoop dat het nu opgelost is.... Nogmaals superbedankt!

    Renée

    [OPGELOST] Vermoedelijk MSN virus

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Hallo,

    Ik ben redelijk radeloos! Sinds een dikke week heb ik het vermoeden dat ik een virus op mijn pc heb. Ik heb met mijn stomme kop op een link geklikt die ik doorgestuurd heb gekregen van een van mijn contactpersonen. Sindsdien doet mijn MSN dus raar.

    Het begon ermee dat ik zelf geen gesprekken meer kon open. Omdat ik geen Norton meer had, is deze maar opnieuw op mijn pc gezet. Een volledige systeemscan liet wel virussen zien - alles succesvol verwijderd -, maar het probleem is niet opgelost.

    Als ik nu een scan uitvoer, komen alleen mijn cookies naar boven (wat volgens mij vrij onschuldig is).

    Verder laat mijn scan niks zien. Ik heb mijn MSN opnieuw geïnstalleerd, met het idee dat het dan over zou zijn. Als ik nu mijn MSN echter een tijdje opgestart heb gehad, opent deze uit zichzelf met bijna al mijn contactpersonen en bericht en genereert denk ik het virus-bericht.

    Ik heb op meerdere fora over Hijackthis gelezen. Het rapport is als volgt:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:36:51, on 31-3-2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

    C:\WINDOWS\system32\iprntlgn.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\mrofinu1423.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\17PHolmes1423.exe

    C:\Program Files\HPQ\SHARED\HPQWMI.exe

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\WINDOWS\17PHolmes1423.exe

    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Renée\Mijn documenten\Software\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = brdmgr.hasdb.nl:8080

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mdxthwj.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

    O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON

    O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257

    O4 - HKLM\..\RunOnce: [symLnch] "C:\Documents and Settings\Renée\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Renée\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"

    O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP"""

    O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 11299 bytes

    Kan iemand mij helpen, want ik heb MSN echt nodig in verband met contacten voor school!

    Groetjes,

    Renée

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.