Vraag & Antwoord

Beveiliging & privacy

Hijackthislog, van virus met rundll probleem

8 antwoorden
  • Hier is dan mijn mijn log. [list:7aa51ed6c5][b:7aa51ed6c5] Logfile of HijackThis v1.98.2 Scan saved at 7:08:01 AM, on 10/22/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\System32\updatev01.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Louis & Desirée\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\updatev01.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ivmmreg32.dll,_mainRD O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylom.zonnet.nl/activex/zylomloader.cab [/b:7aa51ed6c5][/list:u:7aa51ed6c5] Dank jullie!
  • Ga ermee bezig. Zie ook hier: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=871446#871446 (andere topic over het probleem)
  • Druk op ctrl+alt+del en ga naar het tabblad processen, kill daar dit proces: [list:ccee464b0e][b:ccee464b0e]updatev01.exe[/b:ccee464b0e][/list:u:ccee464b0e] Scan nog een keer met hijackthis en vink onderstaande items aan, daarna sluit je alle browsers en vervolgens klik je op fix checked. [list:ccee464b0e][b:ccee464b0e]O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\updatev01.exe O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ivmmreg32.dll,_mainRD O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=81a20e2d4daf862b581047e8e0c24e8effd07b128e225c91fe269f1e3e53b395f49377f8e3605dd230f34a38bc2fbef0a2d6fd6f14c38aff842869220dcf:31e1e886df05c54f80cdc9defbb7eddc O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/terraexplorer/install/TEInstallPlugIn.cab[/b:ccee464b0e][/list:u:ccee464b0e] Herstart in veilige modus: http://users.pandora.be/marcvn/spyware/1378056.htm Laat alle bestanden weergeven: http://users.pandora.be/marcvn/spyware/1117602.htm Verwijder indien aanwezig de volgende items: [list:ccee464b0e]C:\Program Files\[b:ccee464b0e]WindUpdates <--- deze map[/b:ccee464b0e] O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\[b:ccee464b0e]updatev01.exe <--- dit bestand[/b:ccee464b0e] O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\[b:ccee464b0e]ivmmreg32.dll <--- dit bestand[/b:ccee464b0e] [/list:u:ccee464b0e](De laatste zal waarschijnlijk niet aanwezig zijn, anders had je die foutmelding niet. herstart en plaats een nieuwe log.
  • ik zit nu op mijn werk, dus kan nu niets doen. Vanavond heb ik de mogelijkheid, dus dan zal ik dit regelen. tot later!
  • Hier is dan mijn nieuwe hijackthis log, heb de map weggehaald. [list:ec61591337][b:ec61591337] Logfile of HijackThis v1.98.2 Scan saved at 7:18:37 PM, on 10/22/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Louis & Desirée\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylom.zonnet.nl/activex/zylomloader.cab [/b:ec61591337][/list:u:ec61591337] is het nu beter?!? ja trouwens... kreeg de fout niet bij het opstarten :S DANK!!!
  • Log ziet er goed uit. :wink:
  • Hallo PCguy, Dank je voor de genomen moeite!! Sootyhippo
  • Graag gedaan hoor :D

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.