Anoniem2 Geplaatst: 26 november 2009 Delen Geplaatst: 26 november 2009 Bij het opstarten een foutmelding over sshnas.dll. Hijack This log hieronder.\r\n\r\nLogfile of Trend Micro HijackThis v2.0.2\r\nScan saved at 22:32:24, on 26-11-2009\r\nPlatform: Windows Vista SP2 (WinNT 6.00.1906)\r\nMSIE: Internet Explorer v8.00 (8.00.6001.18828)\r\nBoot mode: Normal\r\n\r\nRunning processes:\r\nC:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe\r\nC:\\Users\\Wally\\Program Files (x86)\\DNA\\btdna.exe\r\nC:\\Program Files (x86)\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\r\nK:\\TomTom HOME 2\\TomTomHOMERunner.exe\r\nC:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqtra08.exe\r\nC:\\Program Files (x86)\\Hewlett-Packard\\HP Odometer\\hpsysdrv.exe\r\nC:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\TSMAgent.exe\r\nC:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\Kernel\\CLML\\CLMLSvc.exe\r\nC:\\Program Files (x86)\\Hewlett-Packard\\Media\\DVD\\DVDAgent.exe\r\nC:\\Program Files (x86)\\HP\\HP Software Update\\hpwuSchd2.exe\r\nC:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\r\nC:\\Program Files (x86)\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatchTray10.exe\r\nK:\\Roxio\\CinePlayer\\DMXLauncher.exe\r\nK:\\Cyberlink\\PowerDVD\\PDVDServ.exe\r\nC:\\Windows\\SysWOW64\\qttask.exe\r\nC:\\Program Files (x86)\\Hewlett-Packard\\Media\\TV\\TVAgent.exe\r\nC:\\Program Files (x86)\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\CPSHelpRunner10.exe\r\nC:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSTE08.exe\r\nC:\\Program Files (x86)\\Hewlett-Packard\\KBD\\kbd.exe\r\nC:\\Users\\Wally\\Desktop\\HijackThis.exe\r\n\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=Pavilion&pf=cndt[/url]\r\nR1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://www.zeelandnet.nl/[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=Pavilion&pf=cndt[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=Pavilion&pf=cndt[/url]\r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = \r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = \r\nR0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm\r\nR0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = \r\nO1 - Hosts: ::1 localhost\r\nO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files (x86)\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\r\nO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)\r\nO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - K:\\Office\\Office12\\GrooveShellExtensions.dll\r\nO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre1.5.0_09\\bin\\ssv.dll\r\nO2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll\r\nO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\5.1.1309.3572\\swg.dll\r\nO4 - HKLM\\..\\Run: [hpsysdrv] c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe\r\nO4 - HKLM\\..\\Run: [KBD] C:\\Program Files (x86)\\Hewlett-Packard\\KBD\\KbdStub.EXE\r\nO4 - HKLM\\..\\Run: [StartCCC] \"c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun\r\nO4 - HKLM\\..\\Run: [HP Health Check Scheduler] c:\\Program Files (x86)\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe\r\nO4 - HKLM\\..\\Run: [UpdatePSTShortCut] \"c:\\Program Files (x86)\\CyberLink\\CyberLink DVD Suite Deluxe\\MUITransfer\\MUIStartMenu.exe\" \"c:\\Program Files (x86)\\CyberLink\\CyberLink DVD Suite Deluxe\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerStarter\"\r\nO4 - HKLM\\..\\Run: [TSMAgent] \"c:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\TSMAgent.exe\"\r\nO4 - HKLM\\..\\Run: [CLMLServer for HP TouchSmart] \"c:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Media\\Kernel\\CLML\\CLMLSvc.exe\"\r\nO4 - HKLM\\..\\Run: [DVDAgent] \"c:\\Program Files (x86)\\Hewlett-Packard\\Media\\DVD\\DVDAgent.exe\"\r\nO4 - HKLM\\..\\Run: [HP Software Update] C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe\r\nO4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe\r\nO4 - HKLM\\..\\Run: [GrooveMonitor] \"K:\\Office\\Office12\\GrooveMonitor.exe\"\r\nO4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"K:\\Adobe\\Reader\\Reader_sl.exe\"\r\nO4 - HKLM\\..\\Run: [RoxWatchTray] \"C:\\Program Files (x86)\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatchTray10.exe\"\r\nO4 - HKLM\\..\\Run: [DMXLauncher] \"K:\\Roxio\\CinePlayer\\DMXLauncher.exe\"\r\nO4 - HKLM\\..\\Run: [RemoteControl] K:\\Cyberlink\\PowerDVD\\PDVDServ.exe\r\nO4 - HKLM\\..\\Run: [NBKeyScan] \"K:\\Nero\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"\r\nO4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Windows\\SysWOW64\\qttask.exe\" -atboottime\r\nO4 - HKLM\\..\\Run: [TVAgent] \"C:\\Program Files (x86)\\Hewlett-Packard\\Media\\TV\\TVAgent.exe\"\r\nO4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun\r\nO4 - HKCU\\..\\Run: [BitTorrent DNA] \"C:\\Users\\Wally\\Program Files (x86)\\DNA\\btdna.exe\"\r\nO4 - HKCU\\..\\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] \"C:\\Program Files (x86)\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020\r\nO4 - HKCU\\..\\Run: [TomTomHOME.exe] \"K:\\TomTom HOME 2\\TomTomHOMERunner.exe\"\r\nO4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe\r\nO4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe\r\nO4 - HKCU\\..\\Run: [SSHNAS] rundll32.exe C:\\Windows\\system32\\sshnas.dll,DllWork\r\nO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqtra08.exe\r\nO8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\\Office\\Office12\\EXCEL.EXE/3000\r\nO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files (x86)\\Java\\jre1.5.0_09\\bin\\ssv.dll\r\nO9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files (x86)\\Java\\jre1.5.0_09\\bin\\ssv.dll\r\nO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - K:\\Office\\Office12\\ONBttnIE.dll\r\nO9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - K:\\Office\\Office12\\ONBttnIE.dll\r\nO9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\\Office\\FRONTP~1\\OFFICE11\\REFIEBAR.DLL\r\nO13 - Gopher Prefix: \r\nO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - K:\\Office\\Office12\\GrooveSystemServices.dll\r\nO23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)\r\nO23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe (file missing)\r\nO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe\r\nO23 - Service: Ati External Event Utility - Unknown owner - C:\\Windows\\system32\\Ati2evxx.exe (file missing)\r\nO23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe\r\nO23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe\r\nO23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe\r\nO23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\\Windows\\system32\\DFSR.exe (file missing)\r\nO23 - Service: GameConsoleService - WildTangent, Inc. - C:\\Program Files (x86)\\HP Games\\My HP Game Console\\GameConsoleService.exe\r\nO23 - Service: Google Updateservice (gupdate1c9db25fe5e9845) (gupdate1c9db25fe5e9845) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\r\nO23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files (x86)\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\r\nO23 - Service: HP Health Check Service - Hewlett-Packard - c:\\Program Files (x86)\\Hewlett-Packard\\HP Health Check\\hphc_service.exe\r\nO23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTMon.exe\r\nO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)\r\nO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\\Program Files (x86)\\Common Files\\LightScribe\\LSSrvc.exe\r\nO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)\r\nO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - K:\\Nero\\Nero\\Nero8\\Nero BackItUp\\NBService.exe\r\nO23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)\r\nO23 - Service: NMIndexingService - Nero AG - C:\\Program Files (x86)\\Common Files\\Nero\\Lib\\NMIndexingService.exe\r\nO23 - Service: Norton Internet Security - Unknown owner - C:\\Program Files (x86)\\Norton Internet Security\\Engine\\16.0.0.125\\ccSvcHst.exe (file missing)\r\nO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\Windows\\SysWOW64\\IoctlSvc.exe\r\nO23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)\r\nO23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - K:\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe\r\nO23 - Service: Roxio Upnp Server 10 - Sonic Solutions - K:\\Roxio\\Digital Home 10\\RoxioUpnpService10.exe\r\nO23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\\Program Files (x86)\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxLiveShare10.exe\r\nO23 - Service: RoxMediaDB10 - Sonic Solutions - C:\\Program Files (x86)\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxMediaDB10.exe\r\nO23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\\Program Files (x86)\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatch10.exe\r\nO23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)\r\nO23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)\r\nO23 - Service: SessionLauncher - Unknown owner - C:\\Users\\Wally\\AppData\\Local\\Temp\\DX9\\SessionLauncher.exe (file missing)\r\nO23 - Service: @%SystemRoot%\\system32\\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\\Windows\\system32\\SLsvc.exe (file missing)\r\nO23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)\r\nO23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)\r\nO23 - Service: TomTomHOMEService - TomTom - K:\\TomTom HOME 2\\TomTomHOMEService.exe\r\nO23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\\Program Files (x86)\\Hewlett-Packard\\Media\\TV\\Kernel\\TV\\TVCapSvc.exe\r\nO23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\\Program Files (x86)\\Hewlett-Packard\\Media\\TV\\Kernel\\TV\\TVSched.exe\r\nO23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)\r\nO23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)\r\nO23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)\r\nO23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)\r\nO23 - Service: @%ProgramFiles%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)\r\n\r\n--\r\nEnd of file - 12174 bytes Quote Link naar reactie
0 Anoniem2 Geplaatst: 26 november 2009 Auteur Delen Geplaatst: 26 november 2009 de boosdoener .\nO4 - HKCU\\..\\Run: [SSHNAS] rundll32.exe C:\\Windows\\system32\\sshnas.dll,DllWork Quote Link naar reactie
0 Anoniem2 Geplaatst: 26 november 2009 Auteur Delen Geplaatst: 26 november 2009 Gewoon hard verwijderen? Quote Link naar reactie
0 Anoniem2 Geplaatst: 27 november 2009 Auteur Delen Geplaatst: 27 november 2009 Word niet zo gewaardeerdop Fora \n[URL]http://www.nucia.eu/forum/showthread.php?t=53334[/URL] Quote Link naar reactie
Vraag
Anoniem2
Link naar reactie
3 antwoorden op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen