Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hardnekkig virus... kan nix installeren

Anoniem
tdw
6 antwoorden
  • Logfile of HijackThis v1.99.1
    Scan saved at 20:23:26, on 28-5-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    D:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Wamp\wampserver.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    D:\Program Files\Wamp\apache\Apache.exe
    D:\Program Files\Wamp\mysql\bin\mysqld-nt.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    D:\Program Files\Wamp\apache\Apache.exe
    C:\Program Files\Security Task Manager\TaskMan.exe
    C:\Documents and Settings\Thijs\Mijn documenten\hijackthis\HijackThis.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchsa.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchcs.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
    O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
    O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe
    O4 - Startup: ATITool.lnk = ?
    O4 - Startup: WampServer.lnk = D:\Program Files\Wamp\wampserver.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117291664514
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0C7071A2-F6C4-4426-A34B-25F332F3762A}: NameServer = 194.134.5.5 194.134.0.97
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: wampapache - Unknown owner - D:\Program Files\Wamp\apache\Apache.exe" –ntservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - D:\Program Files\Wamp\mysql\bin\mysqld-nt.exe" –defaults-file=C:\WINDOWS\mywamp.ini wampmysqld (file missing)



    vol met spyware he?? :p

  • Download en installeer CCleaner
    Nog niet gebruiken.

    Download CWShredder en klik op "Fix" (sluit wel eerst alle vensters)

    Start je PC op in VEILIGE mode.
    Kijk hier hoe dat moet.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:c337ea1aac]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchba.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchmn.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchsa.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.defaultsearch.com/search/B90D4C2B8B3F4AB2BDDB776C16EAB8D8/1043/ie/searchcs.htm
    O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
    O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
    O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
    O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    [/b:c337ea1aac]Klik op 'Fix checked' om de items te verwijderen

    Zorg dat de besturingssysteembestanden en verborgen bestanden zichtbaar zijn
    De volgende directories/bestanden verwijderen:[b:c337ea1aac]
    C:\Windows\ms32.exe
    C:\Windows\msdirectx.sys
    [/b:c337ea1aac]
    Start CCleaner
    Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
    Kies in ieder geval voor de volgende items:
    Internet Explorer:
    - Tijdelijke Internet bestanden
    Systeem:
    - Prullenbak leegmaken
    - Tijdelijke bestanden

    klik nu in Ccleaner op opschonen (rechts onderaan).

    Herstart je PC en voer een online virus scan uit bijv. Housecall

    Maak een nieuw log met hijackthis en post deze.
    Vermeld ook het resultaat van de virus scan.

    Sjaak
  • Logfile of HijackThis v1.99.1
    Scan saved at 22:07:56, on 28-5-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    D:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\WINDOWS\System32\msmsngr.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    D:\Program Files\YB-Bot\mirc.exe
    D:\Program Files\X-Chat 2\xchat.exe
    C:\Documents and Settings\Thijs\Mijn documenten\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: ATITool.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117291664514
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0C7071A2-F6C4-4426-A34B-25F332F3762A}: NameServer = 194.134.5.5 194.134.0.97
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: wampmysqld - Unknown owner - D:\Program Files\Wamp\mysql\bin\mysqld-nt.exe" –defaults-file=C:\WINDOWS\mywamp.ini wampmysqld (file missing)



    housecall heeft geen virussen gevonden

  • Scan het volgende bestand eens bij Jotti

    C:\WINDOWS\System32\msmsngr.exe

    Sjaak
  • maakt niet meer uit, alles is weg.. format gedaan :)
  • [quote:43b4215e64]
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000) [/quote:43b4215e64]
    Installeer dan gelijk SP2. Dat was jou grote fout.
    Het virus wat jij op je PC had (ms32.exe) maakte gebruik van gaten in de beveiliging die later zijn gedicht.
    Hijackthis laat maar een beperkt deel van instellingen uit het register zien. Dus welke instellingen er allemaal tussentijds in het register zijn gewijzigd waardoor jij niets meer kon instelling is onduidelijk.
    Het zou bijv. onder een de group policies kunnen staan waardoor de gebruiker van de pc geen programma's meer mag installeren.

    Sjaak

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.