Vraag & Antwoord

Beveiliging & privacy

Hijack this log.

7 antwoorden
  • Hallo, Mijn een vriendin van mij heeft een msn virus binnengekregen. Die steeds de tekst rond stuur 'omg jij naakt met een link' Heb haar daarom eventjes een logje laten maken. Zouden jullie die willen bekijken?? En kijken of iets verkeerds tussen staat? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:04:32, on 5-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\winsys2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\DOCUME~1\Felicity\LOCALS~1\Temp\msnmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Graphic Update] C:\DOCUME~1\Felicity\LOCALS~1\Temp\msnmsgs.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7470 bytes Alvast ontzettend bedankt. Mvg Guido.
  • Download hier [url=http://www.bendeboy.nl/misc/MSNFix.exe][color=red:ff2ac4a3b9][b:ff2ac4a3b9]MSNFix by BendeBoy[/b:ff2ac4a3b9][/color:ff2ac4a3b9][/url] ([url=http://bendeboy.be.funpic.org/MSNFix.exe][color=red:ff2ac4a3b9]Mirror[/color:ff2ac4a3b9][/url]) en sla het op je bureaublad. Dubbelklik [b:ff2ac4a3b9]MSNFix.exe[/b:ff2ac4a3b9], er zal nu een icoontje op je bureaublad verschijnen. Dubbelklik het icoontje "[b:ff2ac4a3b9]Start MSNFix[/b:ff2ac4a3b9]"en laat het zijn gang gaan. (Indien je meldingen krijgt van je scanner e.d. sta dit toe). Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (C:\MSNFix.txt). Post deze in je volgende reactie. Post ook een vers Hijackthis logje. Pim :)
  • Hallo, Dit is het logje van MSNFIX: ---------- BENDEBOYS MSNFIX RAPORT ---------- - Version: 3.6.0.4 - Last Update: 04/11/07 - Scan performed on: di 06-11-2007 - 21:01:52,84 By Felicity - Bootmode: Normal Mode ((((((((((((((( CREATED FILES LAST MONTH ))))))))))))))) 2007-11-06 -19:33:42 - A.S.. "C:\WINDOWS\bootstat.dat" 2007-09-27 -22:19:40 - A.... "C:\WINDOWS\system32\MRT.exe" 2007-10-28 -15:20:42 - A.... "C:\WINDOWS\system32\perfc009.dat" 2007-10-28 -15:20:42 - A.... "C:\WINDOWS\system32\perfc013.dat" 2007-10-28 -15:20:42 - A.... "C:\WINDOWS\system32\perfh009.dat" 2007-10-28 -15:20:42 - A.... "C:\WINDOWS\system32\perfh013.dat" 2007-11-06 -18:13:46 - A..H. "C:\Documents and Settings\Felicity\NTUSER.DAT" ((((((((((((((( FOUND FILES ))))))))))))))) !! BEFORE FIX !! C:\DOCUME~1\Felicity\LOCALS~1\Temp\msnmsgs.exe !! AFTER FIX !! ((((((((((((((( ShellServiceObjectDelayLoad ))))))))))))))) "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" ---------- END OF LOG ---------- En dit is het verse logje van Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:05:00, on 6-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\winsys2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7335 bytes Is het nu goed of moet er nog meer gebeurden? Hartelijk dank alvast! Groeten Guido.
  • Start Hijackthis, kies voor [i:528db82ef3]'Do a system scan only'[/i:528db82ef3] en vink onderstaande regels aan: [b:528db82ef3] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe [/b:528db82ef3] Sluit nu [u:528db82ef3]alle[/u:528db82ef3] openstaande vensters, behalve Hijackthis en klik op [b:528db82ef3]Fix Checked[/b:528db82ef3]. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:528db82ef3]bureaublad[/b:528db82ef3] Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:528db82ef3] C:\WINDOWS\system32\winsys2.exe [/b:528db82ef3] Sla dit op op je Bureaublad als [b:528db82ef3]CFScript.txt[/b:528db82ef3] Sleep [b:528db82ef3]CFScript.txt[/b:528db82ef3] in [b:528db82ef3]ComboFix.exe[/b:528db82ef3] zoals getoond in onderstaand voorbeeld : [img:528db82ef3]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:528db82ef3] Dit zal [b:528db82ef3]ComboFix[/b:528db82ef3] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:528db82ef3]Combofix.txt[/b:528db82ef3] in je volgende antwoord samen met een nieuw HijackThislogje. Pim
  • hee, dit is het logje van combofix. ComboFix 07-11-08.1 - Felicity 2007-11-07 21:09:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.659 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Felicity\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Felicity\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\winsys.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))) . 2007-11-07 21:08 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-05 19:57 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-05 16:37 <DIR> d-------- C:\Program Files\MSN Messenger 2007-11-01 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-28 02:57 49,152 --a------ C:\WINDOWS\system32\nircmd.exe 2007-10-28 02:57 16,384 --a------ C:\WINDOWS\system32\restart.exe 2007-10-28 02:57 11,254 --a------ C:\WINDOWS\system32\locate.com 2007-10-28 01:15 57,670 --a------ C:\WINDOWS\system32\Fix.bat 2007-10-14 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hema Album Software Advanced . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-02 20:05 --------- d-----w C:\Documents and Settings\Felicity\Application Data\LimeWire 2007-10-14 16:19 --------- d-----w C:\Program Files\Hema Album Software Advanced 2007-10-03 14:14 --------- d-----w C:\Program Files\NijghVersluys 2007-09-29 16:50 --------- d-----w C:\Documents and Settings\Felicity\Application Data\Ahead 2007-09-19 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA 2007-09-08 12:11 --------- d-----w C:\Program Files\Java 2007-09-08 12:10 --------- d-----w C:\Program Files\Common Files\Java 2007-09-08 12:08 --------- d-----w C:\Program Files\LimeWire Plus 2007-08-21 06:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-30 20:15:47 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-07-30 20:15:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat 2007-07-30 20:15:45 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012007073020070731\index.dat 2007-07-30 20:15:47 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 08:08 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43] "nwiz"="nwiz.exe" [2006-08-11 14:43 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 11:13] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 11:14] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-31 18:09] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-12-27 19:43] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 00:03] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 20:58] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 21:01] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:03] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 21:48] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "IE7"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-31 17:49:21] R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2007-10-16 21:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-08 21:10:39 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2007-11-08 21:10:54 . --- E O F --- en dit is het logje van hijack this. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:13:40, on 8-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IE7] cmd.exe /C rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7034 bytes Wat moet ik nog meer doen?? Groeten Guido.
  • Verwijder het volgende bestand: C:\WINDOWS\system32\[b:7aa93973ba]Fix.bat [/b:7aa93973ba] Verwijder Combofix: Ga naar start --> uitvoeren en typ daar: [b:7aa93973ba]Combofix /U [/b:7aa93973ba] Klik op ok om te bevestigen. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner ( van Atribune)[/url] Dubbelklik op [b:7aa93973ba]ATF cleaner[/b:7aa93973ba] om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij Select All. Haal het vinkje weg bij Prefetch. Klik op de knop Empty Selected. Gebruik je ook [b:7aa93973ba]Firefox[/b:7aa93973ba] als browser: Klik op tabblad "Firefox", plaats een vinkje bij Select All. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit verwijdert het vinkje bij "Firefox saved passwords") Klik op de knop Empty Selected. Gebruik je ook [b:7aa93973ba]Opera[/b:7aa93973ba] als browser: Klik op tabblad "Opera", plaats een vinkje bij Select All. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop Empty Selected. Ga naar het tabblad "Main" en klik op de knop [b:7aa93973ba]Exit[/b:7aa93973ba] om het programma af te sluiten. Schakel systeemherstel uit, herstart je computer en schakel systeemherstel weer in: http://users.telenet.be/marcvn/spyware/1852808.htm Hiermee verwijder je eventuele resten van de infectie uit je systeemherstel. Lees ook deze beveiligingstips eens door: http://users.telenet.be/marcvn/spyware/1564073.htm Pim :)
  • Hee Pim, Heel erg bedankt voor het helpen. :) Hopelijk is het nu over! Mvg Guido.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.