system32 - verwijderd maar nog steeds problemen met IE

Status
Niet open voor verdere reacties.
D

demol007

Gebruiker
Lid geworden
9 mrt 2002
Berichten
145
Ik heb gisteren system32.exe ontdekt nadat mijn PC zo langzaam werd als een 486 na een nachtje doorzakken. Het kostte even zoekwerk maar ik weet dat het om een worm gaat en waarschijnlijk kwbot.c. Ik heb al de stappen doorlopen die o.a. Symentec aangeeft ter verwijdering van de worm. Mijn PC lijkt weer als een zonnetje te lopen MAAAAAAR.... ik kan internet niet meer benaderen met Internet Explorer. Gisteren IE6 geupdate maar dat helpt niet.
Zowel Adaware(verwijderde items in bestand bijlage) als Spybot hebben gedraaid en in totaal zijn 63 items verwijderd.
Mijn registry is flink opgeschoond (door Hangmat)
Virusscanner Symantec heeft online gescand maar vindt niets.

1. Heeft dit weigeren van IE te maken met kwbot ?
2. In de zoekfunctie vond ik meerdere malen verwijzingen naar HIJACK. Kan dit prog in dit geval nog helpen ?
3. En wat nu met IE ? (Op dit moment gebruik ik Phoenix-Mozilla maar dat is geen oplossing.)


Alvast bedankt ,
Anja
 

Bijlagen

  • adaware_verwijderden_02122003.txt
    5,1 KB · Weergaven: 24
Jij bedoelt "housecall" , de online scanner die nu bij Tiscali zit ?
"Controleer uw browser: Om HouseCall te kunnen gebruiken heeft u Microsoft Internet Explorer (versie 3.02 of hoger) of Netscape Navigator (versie 3.01 of hoger) nodig."
En die IE doet het nou net niet ! :-(

Ik ga wel de andere opties even proberen..... :)
 
resultaat van sysclean package van trend micro

Ik werd 2 keer gevraagd een virusbestand te verwijderen.
En nu Hijack.....


/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-12-03, 13:56:31, Running scanner "C:\temp\TSC.BIN"...
2006-12-03, 13:56:42, Scanner "C:\temp\TSC.BIN" has finished running.
2006-12-03, 13:56:42, TSC Log:

Damage Cleanup Engine (DCE) 3.5(Build 1119)
Windows 2000(Build 2195: )

Start time : Sun Dec 03 13:56:32 2006


Load Damage Cleanup Template (DCT) "C:\temp\tsc.ptn" (version 220) [success]

Complete time : Sun Dec 03 13:56:42 2006

Execute pattern count(559), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\SOFTWARE": Toegang geweigerd.
2006-12-03, 13:57:36, An error occurred while scanning file "C:\WINNT\system32\config\DEFAULT": Toegang geweigerd.
2006-12-03, 14:00:38, An error occurred while scanning file "C:\Documents and Settings\Administrator\NTUSER.DAT": Toegang geweigerd.
2006-12-03, 14:00:38, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat.LOG": Toegang geweigerd.
2006-12-03, 14:01:37, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Toegang geweigerd.
2006-12-03, 14:01:37, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Toegang geweigerd.
2006-12-03, 14:12:03, Running scanner "C:\temp\VSCANTM.BIN"...
2006-12-03, 14:44:20, Files Detected:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:12:04
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB C:\*.* /P=C:\temp

C:\WINNT\system32\ClrSchP036.exe [ADW_RULEDOR.C]
C:\Program Files\ClearSearch\Loader.exe [ADW_RULEDOR.C]
C:\Recycled\Dc81.exe [BKDR_SDBOT.14176]
50133 files have been read.
50133 files have been checked.
31005 files have been scanned.
44319 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:44:20
---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:44:20, Files Clean:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:12:03
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB C:\*.* /P=C:\temp

Success Clean [ ADW_RULEDOR.C]( 1) from C:\WINNT\system32\ClrSchP036.exe
Success Clean [ ADW_RULEDOR.C]( 1) from C:\Program Files\ClearSearch\Loader.exe
Success Clean [BKDR_SDBOT.14176]( 1) from C:\Recycled\Dc81.exe
50133 files have been read.
50133 files have been checked.
31005 files have been scanned.
44319 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:44:20 32 minutes 15 seconds (1934.95 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:44:20, Clean Fail:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:12:03
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB C:\*.* /P=C:\temp

50133 files have been read.
50133 files have been checked.
31005 files have been scanned.
44319 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:44:20 32 minutes 15 seconds (1934.95 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:44:20, Scanner "C:\temp\VSCANTM.BIN" has finished running.
2006-12-03, 14:47:57, Running scanner "C:\temp\VSCANTM.BIN"...
2006-12-03, 14:53:32, Files Detected:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:47:58
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB D:\*.* /P=C:\temp

19197 files have been read.
19197 files have been checked.
9654 files have been scanned.
11137 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:53:32
---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:53:32, Files Clean:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:47:58
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB D:\*.* /P=C:\temp

19197 files have been read.
19197 files have been checked.
9654 files have been scanned.
11137 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:53:32 5 minutes 32 seconds (332.15 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:53:32, Clean Fail:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:47:58
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB D:\*.* /P=C:\temp

19197 files have been read.
19197 files have been checked.
9654 files have been scanned.
11137 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:53:32 5 minutes 32 seconds (332.15 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:53:32, Scanner "C:\temp\VSCANTM.BIN" has finished running.
2006-12-03, 14:53:32, Running scanner "C:\temp\VSCANTM.BIN"...
2006-12-03, 14:53:33, Files Detected:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:53:32
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB E:\*.* /P=C:\temp

2 files have been read.
2 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:53:33
---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:53:33, Files Clean:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:53:32
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB E:\*.* /P=C:\temp

2 files have been read.
2 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:53:33 0.02 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:53:33, Clean Fail:
Copyright (c) 1990 - 2002 Trend Micro Inc.
Report Date : 12/3/2006 14:53:32
VSAPI Engine Version : 6.510-1002
VSCANTM Version : 1.0-11111728
Virus Pattern Version : 694 (56771 Patterns) (2003/12/02) (169400)
Command Line: C:\temp\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB E:\*.* /P=C:\temp

2 files have been read.
2 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 14:53:33 0.02 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 14:53:33, Scanner "C:\temp\VSCANTM.BIN" has finished running.
 
resultaat van Hijack

Ik zag dat P. Arntz dit soort logfiles checkt maar sinds juli 2003 is er geen beweging meer op dat subject. Kan iemand hier even naar kijken ?
Er is eerst gescand met Adaware, dan spybot, dan sysclean van trend micro en als laatste hijack.

Logfile of HijackThis v1.97.7
Scan saved at 15:18:12, on 3-12-2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\locator.exe
C:\WINNT\Explorer.exe
C:\Mouse\AMI MOUSE 150T OPTICAL WEB SCROLL\LWBWHEEL.exe
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\123progs\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINNT\System32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\123progs\acrobat reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LWBMOUSE] C:\Mouse\AMI MOUSE 150T OPTICAL WEB SCROLL\LWBWHEEL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
 
Jojo, ik heb je raad opgevolgd. En nou zie ik ook waarom er sinds juli 2003 "geen beweging" meer was.... niet verder gekeken dan mijn neus lang is. Blont !!!

Oh ja, sinds gisterenavond vertraagt mijn PC ontzettend als ik verkenner opstart. Explorer.exe dus.

Ik heb alvast een image klaar gelegd en backups gebrand van bestanden. Je weet maar nooit.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan Onderaan