Vraag & Antwoord

Beveiliging & privacy

virus

6 antwoorden
  • volgens mijn avg virusscanner zou ik last hebben van een trojan horse wie heeft er kijk op deze dingen ik heb al een log file gemaakt alvast bedankt. Logfile of HijackThis v1.97.7 Scan saved at 19:43:53, on 2-5-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\LTSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\WINDOWS\System32\TFNF5.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe C:\Program Files\ADSLModemUtility(AnnexA)\SystemtrayV100B.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINDOWS\System32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Sitecom Wireless LAN\WLANUTL.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\Max Rieff\Bureaublad\Nieuwe map\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.problemcar.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.problemcar.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba-europe.com/mytoshiba O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [CleanRegPath] C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe O4 - HKLM\..\Run: [ADSLSYSTEMTRAY] C:\Program Files\ADSLModemUtility(AnnexA)\SystemtrayV100B.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: Sitecom Access Point Utility.lnk = C:\Program Files\SITECOM\Sitecom Access Point Utility\SmartAP.exe O4 - Global Startup: Sitecom Wireless LAN Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
  • Welk virus en waar bevindt zich het geinfecteerde bestand?
  • sorry is wel makelijk als je dat weet dit is een log flie van mijn virusscanner. Results of Complete Test, date and time 2-5-2004 19:25:49 : Testing C:\ volume Windows serial 10DE-D473 C:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not checked! C:\Documents and Settings\LocalService\ntuser.dat.LOG Cannot open; not checked! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked! C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked! C:\Documents and Settings\Max Rieff\NTUSER.DAT Cannot open; not checked! C:\Documents and Settings\Max Rieff\ntuser.dat.LOG Cannot open; not checked! C:\Documents and Settings\Max Rieff\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked! C:\Documents and Settings\Max Rieff\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked! C:\Documents and Settings\NetworkService\NTUSER.DAT Cannot open; not checked! C:\Documents and Settings\NetworkService\ntuser.dat.LOG Cannot open; not checked! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked! C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked! C:\Program Files\Sitecom Wireless LAN\sitecom_new.avi Cannot open; not checked! C:\Program Files\Sitecom Wireless LAN\Step1_Name.AVI Cannot open; not checked! C:\Program Files\Sitecom Wireless LAN\Step2_Infra.AVI Cannot open; not checked! C:\Program Files\Sitecom Wireless LAN\Step3_InfraNoWep.AVI Cannot open; not checked! C:\Program Files\Sitecom Wireless LAN\Step5_NoSetIP.AVI Cannot open; not checked! C:\Program Files\Sitecom Wireless LAN\Step6_SetIP.AVI Cannot open; not checked! C:\WINDOWS\IEVD\IEVD32.DLL Trojan horse Downloader.Winshow.V ******************** C:\WINDOWS\MSBG\MSBG.DLL Trojan horse Downloader.Winshow.V ******************** C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked! C:\WINDOWS\WINDC\WINDC32.DLL Trojan horse Downloader.Winshow.V ******************** C:\WINDOWS\WINLO\WINLO32.DLL Trojan horse Downloader.Winshow.V ******************** Testing D:\ volume Back up serial 7C84-6FA8 Test finished, duration 00:12:51.0 s 12048 objects tested, 4 found infected
  • Leesvoer: http://www.doxdesk.com/parasite/Winshow.html In je log is geen bho hiervan te zien. Je kan CWShredder eens laten scannen. Download [url=http://www.spywareinfo.com/~merijn/files/CWShredder.exe]CWShredder[/url]. Start het programma, klik op de Fix-knop. Reboot the pc in veilige modus, zorg dat alle verborgen bestanden zichtbaar zijn en verwijder: C:\WINDOWS\IEVD <---deze map C:\WINDOWS\WINDC <---deze map C:\WINDOWS\WINLO <---deze map edit: en deze : C:\WINDOWS\MSBG <---deze map
  • klaar ik heb deze eruit gehaald ievd,windc,winlo,msbg maar ik kwam deze tegen maakt dat wat uit winjq,winue,winzd deze staan ook in C:\windows en het nieuwe logfile: Logfile of HijackThis v1.97.7 Scan saved at 20:41:02, on 2-5-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\LTSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\WINDOWS\System32\TFNF5.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe C:\Program Files\ADSLModemUtility(AnnexA)\SystemtrayV100B.exe C:\WINDOWS\System32\TPSBattM.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Sitecom Wireless LAN\WLANUTL.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\Max Rieff\Bureaublad\Nieuwe map\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.problemcar.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.problemcar.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.toshiba-europe.com/mytoshiba O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [CleanRegPath] C:\Program Files\ADSLModemUtility(AnnexA)\CleanReg.exe O4 - HKLM\..\Run: [ADSLSYSTEMTRAY] C:\Program Files\ADSLModemUtility(AnnexA)\SystemtrayV100B.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: Sitecom Access Point Utility.lnk = C:\Program Files\SITECOM\Sitecom Access Point Utility\SmartAP.exe O4 - Global Startup: Sitecom Wireless LAN Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
  • Log is clean.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.