Vraag & Antwoord

Beveiliging & privacy

Ik kan natuurlijk niet achterblijven met mijn log

Anoniem
M@rc
8 antwoorden
 • Ik heb het volgende probleem.
  Mijn startpagina (blank) is vervangen door een of andere search-site terwijl in mijn instellingen gewoon blank staat. Verder opent deze site ook een pop-up (vv1.s13.tempx.cc)

  Daarnaast zorgt dit ervoor dat ik noch in mijn inbox van hotmail kan, noch bij enkele andere sites, waaronder microsoft.

  Dit is mijn log.

  Logfile of HijackThis v1.99.0
  Scan saved at 2:20:56 PM, on 25-Jan-05
  Platform: Windows 98 SE (Win9x 4.10.2222A)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\SYSTEM\KERNEL32.DLL
  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  C:\WINDOWS\SYSTEM\MPREXE.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
  C:\WINDOWS\SYSTEM\mmtask.tsk
  C:\WINDOWS\PTSNOOP.EXE
  C:\WINDOWS\SYSTEM\CMMPU.EXE
  C:\WINDOWS\TASKMON.EXE
  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  C:\WINDOWS\LOADQM.EXE
  C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
  C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
  C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
  C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
  C:\WINDOWS\SYSTEM\MSTASK.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
  C:\WINDOWS\WRITE.EXE
  C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
  C:\WINDOWS\SYSTEM\DDHELP.EXE
  C:\WINDOWS\EXPLORER.EXE
  C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
  F1 - win.ini: load=ptsnoop.exe
  F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
  O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: (no name) - {188F2328-6EDA-11D9-A579-0040066FF564} - C:\WINDOWS\SYSTEM\GPMBJCA.DLL
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
  O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
  O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
  O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
  O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
  O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\SUPPORT.COM\BIN\TGCMD.EXE" /server /startmonitor /deaf
  O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
  O4 - HKLM\..\Run: [VirusScanMSC] "C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE" /EMBEDDING
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
  O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
  O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
  O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
  O16 - DPF: MynetSohbet - http://irc.mynet.com/java/cr.cab
  O16 - DPF: ConferenceRoom Java Client - http://66.98.156.64:8000/java/cr.cab
  O16 - DPF: ChatSpace Full Java Client 3.1.0.223 - http://62.216.179.141:8002/Java/cfs31223.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
  O18 - Filter: text/html - {188F2327-6EDA-11D9-A579-004077F06116} - C:\WINDOWS\SYSTEM\GPMBJCA.DLL
  O18 - Filter: text/plain - {188F2327-6EDA-11D9-A579-004077F06116} - C:\WINDOWS\SYSTEM\GPMBJCA.DLL
 • Zouden jullie me hierbij kunnen helpen.

  Ik heb onder andere spyware doctor, spybot, ad-aware en alert spy gebruikt en als laatste spysubstract en cwshredder.
 • Bij Add/Remove programs zie ik ook SearchAssistant Uninstall: ik denk dat dit hier ook niet in thuishoort en verwijderd dient te worden, klopt dat?
 • Kan iemand misschien mijn log even checken?
 • Zorg dat alle verborgen bestanden weergegeven worden.

  Druk op CTRL+ALT+DEL om Windows Taakbeheer te openen. Ga naar het tabblad processen en beëindig de volgende processen:

  Start de computer in veilige modus.

  Sluit alle open vensters, run HijackThis nog een keer en laat volgende items repareren:
  [b:6c1941a7b8]
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

  O2 - BHO: (no name) - {188F2328-6EDA-11D9-A579-0040066FF564} - C:\WINDOWS\SYSTEM\GPMBJCA.DLL

  O18 - Filter: text/html - {188F2327-6EDA-11D9-A579-004077F06116} - C:\WINDOWS\SYSTEM\GPMBJCA.DLL
  O18 - Filter: text/plain - {188F2327-6EDA-11D9-A579-004077F06116} - C:\WINDOWS\SYSTEM\GPMBJCA.DLL
  [/b:6c1941a7b8]

  Verwijder de volgende bestanden indien aanwezig:
  C:\WINDOWS\SYSTEM\GPMBJCA.DLL

  Reboot de computer, run HijackThis opnieuw en post een nieuwe log.


  Laat het bestand C:\WINDOWS\PTSNOOP.EXE even scannen op http://virusscan.jotti.org/
  Meldt het resultaat.
 • Logfile of HijackThis v1.99.0
  Scan saved at 10:59:45 PM, on 26-Jan-05
  Platform: Windows 98 SE (Win9x 4.10.2222A)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\SYSTEM\KERNEL32.DLL
  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
  C:\WINDOWS\SYSTEM\MPREXE.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
  C:\WINDOWS\SYSTEM\mmtask.tsk
  C:\WINDOWS\EXPLORER.EXE
  C:\WINDOWS\PTSNOOP.EXE
  C:\WINDOWS\SYSTEM\CMMPU.EXE
  C:\WINDOWS\TASKMON.EXE
  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
  C:\WINDOWS\LOADQM.EXE
  C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
  C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
  C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
  C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
  C:\WINDOWS\SYSTEM\MSTASK.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
  C:\WINDOWS\SYSTEM\PSTORES.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
  C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
  C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
  F1 - win.ini: load=ptsnoop.exe
  F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
  O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
  O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
  O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
  O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
  O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
  O4 - HKLM\..\Run: [tgcmd] "C:\PROGRA~1\SUPPORT.COM\BIN\TGCMD.EXE" /server /startmonitor /deaf
  O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
  O4 - HKLM\..\Run: [VirusScanMSC] "C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE" /EMBEDDING
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
  O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
  O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
  O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RuLaunch.exe" /STARTMONITOR
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
  O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
  O16 - DPF: MynetSohbet - http://irc.mynet.com/java/cr.cab
  O16 - DPF: ConferenceRoom Java Client - http://66.98.156.64:8000/java/cr.cab
  O16 - DPF: ChatSpace Full Java Client 3.1.0.223 - http://62.216.179.141:8002/Java/cfs31223.cab
  O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

  Ik heb ptsnoop.exe laten checken op virusscan.jotti.org: het resultaat was 'only non-destructive malware has been found'.

  Mij valt overigens dit op. Ik heb spyware doctor onlangs van mijn pc afgehaald maar ik zie wel hetvolgende hierboven
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q

  Alvast bedankt voor je hulp.
 • Post even het volledige resultaat van die scan op Jotti.
 • File: Ptsnoop.exe
  Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain in the ass -, results will not be stored in the database.)
  Packers detected: None

  AntiVir No viruses found (0.14 seconds taken)
  Avast No viruses found (1.54 seconds taken)
  BitDefender No viruses found (0.36 seconds taken)
  ClamAV No viruses found (0.42 seconds taken)
  Dr.Web No viruses found (0.54 seconds taken)
  F-Prot Antivirus No viruses found (0.07 seconds taken)
  Kaspersky Anti-Virus not-a-virus:FalseAlarm.Symantec.Ptsnoop (0.64 seconds taken)
  mks_vir No viruses found (0.21 seconds taken)
  NOD32 No viruses found (0.38 seconds taken)
  Norman Virus Control No viruses found (0.15 seconds taken)


  Statistics
  Last piece of malware found was Win32/Banito.S in undetected.exe, detected by:

  Scanner Malware name Time taken
  AntiVir BDS/Banito.S.2 0.28 seconds
  Avast X 3.01 seconds
  BitDefender Backdoor.Banito.S 0.93 seconds
  ClamAV Trojan.Banito-1 1.17 seconds
  Dr.Web X 2.15 seconds
  F-Prot Antivirus X 0.69 seconds
  Kaspersky Anti-Virus Backdoor.Win32.Banito.s 2.22 seconds
  mks_vir Trojan.Banito.S 0.92 seconds
  NOD32 Win32/Banito.S 1.60 seconds
  Norman Virus Control X 2.62 seconds

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.