Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Werd dit sytheem gehijacked?

Anoniem
miekiemoes
8 antwoorden
  • Ik vrees van wel, want daar zit echt TE veel in…

    Logfile of HijackThis v1.98.2
    Scan saved at 9:36:44 AM, on 11/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\pwned.exe
    C:\WINDOWS\System32\winconfig.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\winnt\system32\dllcache\userlist.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\teamspeak2_RC2\TeamSpeak.exe
    C:\Documents and Settings\Deviant\My Documents\My Received Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://klounada.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DC8D6028-5621-EAE8-8F5F-FA8C76A99410} - C:\WINDOWS\mfcth32.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [msnmgre] pwned.exe
    O4 - HKLM\..\Run: [Windows Spooler] winconfig.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [tujccwtr] C:\WINDOWS\System32\zcfmhpi.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [winpipe] c:\windows\system32\winpipe.exe
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
    O4 - HKLM\..\RunServices: [msnmgre] pwned.exe
    O4 - HKLM\..\RunServices: [Windows Spooler] winconfig.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Deviant\Application Data\eber.exe
    O4 - HKCU\..\Run: [Xvyfi] C:\WINDOWS\System32\w?nspool.exe
    O4 - HKCU\..\Run: [jbmsbob] c:\windows\xgynbcw.exe
    O4 - HKCU\..\Run: [iyyokib] c:\windows\srwojij.exe
    O4 - HKCU\..\Run: [diwhwyk] c:\windows
    nodgaj.exe
    O4 - Global Startup: 476406.exe
    O4 - Global Startup: 949555.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: secmon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD22321C-ABF0-4212-8241-1819638D2DEC}: NameServer = 208.33.159.39 199.2.252.10
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

    Alvast bedankt



  • Ik kijk wel even…
  • *Ga via configuratiescherm naar software > programma's wijzigen/verwijderen en kijk of volgend programma aanwezig is en de-installeer die:

    [b:58eb712950]180solutions
    Windows AdTools
    VVSN[/b:58eb712950]

    *Download Adaware se, installeer het, laat het updaten en doe een volledige scan.

    *Doe een online virusscan:housecall

    *Reboot je pc en post daarna een nieuw logje.
  • Ok, maar ik heb niet alle programma's gevonden in de softwarelijst…
    Dit is de nieuwe log:

    Logfile of HijackThis v1.98.2
    Scan saved at 12:47:13 PM, on 11/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\pwned.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\winnt\system32\dllcache\userlist.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\teamspeak2_RC2\TeamSpeak.exe
    C:\Documents and Settings\Deviant\My Documents\My Received Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://klounada.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DC8D6028-5621-EAE8-8F5F-FA8C76A99410} - C:\WINDOWS\mfcth32.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [msnmgre] pwned.exe
    O4 - HKLM\..\Run: [Windows Spooler] winconfig.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [tujccwtr] C:\WINDOWS\System32\zcfmhpi.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [winpipe] c:\windows\system32\winpipe.exe
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
    O4 - HKLM\..\RunServices: [msnmgre] pwned.exe
    O4 - HKLM\..\RunServices: [Windows Spooler] winconfig.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Deviant\Application Data\eber.exe
    O4 - HKCU\..\Run: [Xvyfi] C:\WINDOWS\System32\w?nspool.exe
    O4 - HKCU\..\Run: [jbmsbob] c:\windows\xgynbcw.exe
    O4 - HKCU\..\Run: [iyyokib] c:\windows\srwojij.exe
    O4 - HKCU\..\Run: [diwhwyk] c:\windows
    nodgaj.exe
    O4 - Global Startup: 476406.exe
    O4 - Global Startup: 949555.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: secmon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD22321C-ABF0-4212-8241-1819638D2DEC}: NameServer = 208.33.159.39 199.2.252.10
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

    Alvast bedankt



  • Ja, was best mogelijk dat je die niet allemaal gevonden hebt.

    * Start hijackthis en vink volgende items aan:

    [b:7f29af7d30]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://klounada.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {DC8D6028-5621-EAE8-8F5F-FA8C76A99410} - C:\WINDOWS\mfcth32.dll (file missing)

    O4 - HKLM\..\Run: [msnmgre] pwned.exe
    O4 - HKLM\..\Run: [Windows Spooler] winconfig.exe
    O4 - HKLM\..\Run: [tujccwtr] C:\WINDOWS\System32\zcfmhpi.exe
    O4 - HKLM\..\Run: [winpipe] c:\windows\system32\winpipe.exe
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
    O4 - HKLM\..\RunServices: [msnmgre] pwned.exe
    O4 - HKLM\..\RunServices: [Windows Spooler] winconfig.exe
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Deviant\Application Data\eber.exe
    O4 - HKCU\..\Run: [Xvyfi] C:\WINDOWS\System32\w?nspool.exe
    O4 - HKCU\..\Run: [jbmsbob] c:\windows\xgynbcw.exe
    O4 - HKCU\..\Run: [iyyokib] c:\windows\srwojij.exe
    O4 - HKCU\..\Run: [diwhwyk] c:\windows
    nodgaj.exe
    O4 - Global Startup: 476406.exe
    O4 - Global Startup: 949555.exe
    O4 - Global Startup: secmon.exe

    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
    O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)[/b:7f29af7d30]

    *Sluit nu [b:7f29af7d30]alle[/b:7f29af7d30] vensters behalve hijackthis en klik op 'fix checked'

    * Start nu je pc op in VEILIGE MODE. Hoe start ik in veilige mode op.

    * Zorg ervoor dat je verborgen mappen en bestanden weergegeven zijn. Hoe deze weer te geven.

    *Zoek daarna via verkenner volgende items en verwijder deze manueel:

    C:\winnt\system32\dllcache\[b:7f29af7d30]userlist.exe[/b:7f29af7d30]
    C:\Documents and Settings\Deviant\Application Data\[b:7f29af7d30]eber.exe[/b:7f29af7d30]
    C:\WINDOWS\System32\[b:7f29af7d30]w?nspool.exe[/b:7f29af7d30]
    c:\windows\[b:7f29af7d30]xgynbcw.exe[/b:7f29af7d30]
    c:\windows\[b:7f29af7d30]srwojij.exe[/b:7f29af7d30]
    c:\windows\[b:7f29af7d30]nnodgaj.exe[/b:7f29af7d30]
    c:\[b:7f29af7d30]x.cab[/b:7f29af7d30]
    c:\[b:7f29af7d30]ied_s7m.cab[/b:7f29af7d30]
    c:\windows\system32\[b:7f29af7d30]winpipe.exe[/b:7f29af7d30]
    C:\WINDOWS\System32\[b:7f29af7d30]zcfmhpi.exe[/b:7f29af7d30]
    C:\WINDOWS\System32\[b:7f29af7d30]vbsys2.dll[/b:7f29af7d30]
    C:\Program Files\[b:7f29af7d30]Windows AdTools[/b:7f29af7d30] <==deze map
    C:\Program Files\[b:7f29af7d30]VVSN[/b:7f29af7d30] <==deze map
    c:\program files\[b:7f29af7d30]180solutions[/b:7f29af7d30] <==deze map

    Zoek de volgende items en verwijder ze ook.
    Deze 3 staan hoogstwaarschijnlijk in de volgende map: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    [b:7f29af7d30]secmon.exe
    476406.exe
    949555.exe[/b:7f29af7d30]

    Deze staan hoogstwaarschijnlijk in C:\WINDOWS\System32

    [b:7f29af7d30]pwned.exe[/b:7f29af7d30]
    [b:7f29af7d30]winconfig.exe[/b:7f29af7d30]

    *Ga daarna naar start > uitvoeren en typ: [b:7f29af7d30]cleanmgr[/b:7f29af7d30] en klik op ok.
    Laat het je systeem scannen op bestanden die moeten verwijderd worden.
    Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
    Klik daarna op ok.

    *Ga naar start > uitvoeren en typ: %temp% , selecteer heel die inhoud en verwijder het.

    *Reboot je pc terug normaal, start hijackthis, 'scan', 'save log' en post hier een nieuw logje.
  • Btw… ken je dit volgende?

    C:\winnt\system32\dllcache\[b:8e543abdd5]userlist.exe[/b:8e543abdd5]

    Indien niet… wil je het dan hier eens submitten?:

    http://virusscan.jotti.dhs.org/ en
    http://www.virustotal.com/flash/index_en.html

    Edit: Is niet meer nodig… Die moet ook verwijderd worden. Heb het hierboven al aangepast. ;)
  • Alvast hartelijk bedankt, ik ga het plan nu uitvoeren :wink:
  • EN dit is het vervolg…..

    Logfile of HijackThis v1.98.2
    Scan saved at 1:58:32 PM, on 11/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\teamspeak2_RC2\TeamSpeak.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\Documents and Settings\Deviant\My Documents\My Received Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jaddq.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jaddq.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jaddq.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jaddq.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jaddq.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jaddq.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jaddq.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://klounada.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://find4u.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {8037964D-1365-8C5E-3AC3-419713B83CBE} - C:\WINDOWS\system32\iepw32.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
    O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe"

    O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [winpipe] c:\windows\system32\winpipe.exe
    O4 - HKLM\..\Run: [msbc.exe] C:\WINDOWS\system32\msbc.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
    O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Deviant\LOCALS~1\Temp\djtopr1150.exe"
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [armeows] c:\windows\mtvvmar.exe
    O4 - HKCU\..\Run: [dqjxjsc] c:\windows\mtvvmar.exe
    O4 - HKCU\..\Run: [ujucvpc] c:\windows\oupoujg.exe
    O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Deviant\Application Data\eber.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: secmon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
    pqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
    O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll


Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.