Vraag & Antwoord
virus Win32/PrivacySet.B trojan
8 antwoorden
- http://62.4.83.200/kb713501.exe?&uid=B40E0E12309511DDBE5F154094CFFFFF&rid=mm2&guid=42A06380302F41D2908B112AC7D63048&affid=154094 Win32/PrivacySet.B trojan
Bovenstaand zijn de kenmerken van wat NOD32 steeds meld als virus, heb hitmanpro al gedraait en spydoctor maar blijf het houden, het lijkt van buiten te komen. Kan ik die http://62.XXXXXXX niet gewoon blokkeren of zijn er andere manieren om hier af te komen???
(gebruik Windows Vista, firewall staat aan). - * Download [b:580a4bc7c3]Trend Micro Hijack This™[/b:580a4bc7c3]
Dubbelklik [b:580a4bc7c3]HJTInstall.exe[/b:580a4bc7c3] om HijackThis te installeren.
Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de [b:580a4bc7c3]Scan[/b:580a4bc7c3] knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post. - Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:13, on 4-6-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wwSecure.exe
C:\Windows\system32\Rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.55.133.9 handybackup.com www.handybackup.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2325AA63-5B50-43E4-B3E9-E4E3C7FD89D4} - C:\Windows\system32\rqrSjKdB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Visual Subst] "C:\Program Files\Visual Subst\VSubst.exe" /startup
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - HKCU\..\Run: [BM334c9bd4] Rundll32.exe "C:\Windows\system32\chxktgym.dll",s
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Gmail - {3CD12856-7A7B-4e4c-B53E-92DFDD44AFDE} - https://gmail.google.com (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/interim/ractrl.cab?lmi=100
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\Windows\system32\wwSecure.exe
–
End of file - 7835 bytes
Kunnen jullie er naar kijken, heb gisteravond nog hitmanpro gedraaid dus kunnen wat opstartitems hier van bij staan. - Hitmanprul draaien tot je een ons weegt heeft geen enkele zin.
Verwijder HMP via software en start opnieuw op. - Je hebt ook al met vundofix zitten spelen , die kan je ook verwijderen.
[b:d099249e08]Schakel tijdelijk Windows Defender uit[/b:d099249e08]
Want deze kan voor stoorzender spelen bij het fixen met HJT (de fix terug ongedaan maken)
* Open Windows Defender > Klik [b:d099249e08]Tools[/b:d099249e08]
* Klik [b:d099249e08]"General Settings"[/b:d099249e08] of [b:d099249e08]Options[/b:d099249e08]
* Scroll naar [b:d099249e08]"Real Time Protection Options"[/b:d099249e08]
* Haal het vinkje weg bij [b:d099249e08]"Turn on Real Time Protection (recommended)"[/b:d099249e08] > Klik [b:d099249e08]"Save"[/b:d099249e08]
* Sluit Windows Defender
(als de problemen over zijn, logje weer schoon verklaard is, kan je 'm weer aanzetten)
Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:d099249e08]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 216.55.133.9 handybackup.com www.handybackup.com
O2 - BHO: (no name) - {2325AA63-5B50-43E4-B3E9-E4E3C7FD89D4} - C:\Windows\system32\rqrSjKdB.dll
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - HKCU\..\Run: [BM334c9bd4] Rundll32.exe "C:\Windows\system32\chxktgym.dll",s
O9 - Extra button: Gmail - {3CD12856-7A7B-4e4c-B53E-92DFDD44AFDE} - https://gmail.google.com (file missing)
[/b:d099249e08]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download Malwarebytes' Anti-Malware via [b:d099249e08]hier[/b:d099249e08] of [b:d099249e08]hier[/b:d099249e08].
Dubbelklik mbam-setup.exe om het programma te installeren.[list:d099249e08]
[*:d099249e08]Zorg ervoor dat er een vinkje geplaatst is voor [b:d099249e08]Update Malwarebytes' Anti-Malware[/b:d099249e08] en [b:d099249e08]Launch Malwarebytes' Anti-Malware[/b:d099249e08], Klik daarna op "finish".
[*:d099249e08]Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
[*:d099249e08]Wanneer het programma volledig up to date is, selecteer "[b:d099249e08]Perform Quick Scan[/b:d099249e08]", daarna klik [b:d099249e08]Scan[/b:d099249e08].
[*:d099249e08]Het scannen kan een tijdje duren, dus wees geduldig.
[*:d099249e08]Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
[*:d099249e08]Zorg ervoor dat daar [b:d099249e08]alles aangevinkt is[/b:d099249e08], daarna klik: [b:d099249e08]Remove Selected[/b:d099249e08].
[*:d099249e08]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
[*:d099249e08]De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
[*:d099249e08]Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
[/list:u:d099249e08]
Extra opmerking:
[b:d099249e08]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:d099249e08]
Herstart de computer en plaats ook een nieuw HJT logje - Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:11, on 5-6-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {BC349F70-BA9D-4A31-8A21-278BCB4D4069} - C:\Windows\system32\rqrSjKdB.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Visual Subst] "C:\Program Files\Visual Subst\VSubst.exe" /startup
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "michel"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/interim/ractrl.cab?lmi=100
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\Windows\system32\wwSecure.exe
–
End of file - 5656 bytes
Heb al je aanwijzigingen opgevolgd, wil je het bekijken?
vragen:
1) zal ik Windows Defender wil inschakelen?
2) wat kan ik volgens jou het beste doen om mijn systeem redelijk schoon te houden, gebruik NOD32 als AV.
Groet en superbedankt tot nu toe!! - Nee hoor , je hebt niet gedaan wat ik vroeg of toch iig iets vergeten. Waar is de uitslag van Mbam ??
Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
Kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:0da9516f3f]
O2 - BHO: (no name) - {BC349F70-BA9D-4A31-8A21-278BCB4D4069} - C:\Windows\system32\rqrSjKdB.dll
[/b:0da9516f3f]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen. - MBAM LOG
Malwarebytes' Anti-Malware 1.14
Database versie: 827
19:54:02 5-6-2008
mbam-log-6-5-2008 (19-54-02).txt
Scan type: Snelle Scan
Objecten gescand: 32870
Verstreken tijd: 3 minute(s), 24 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 7
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 9
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\Windows\System32\rqrSjKdB.dll (Trojan.Vundo) -> Unloaded module successfully.
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{bc349f70-ba9d-4a31-8a21-278bcb4d4069} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc349f70-ba9d-4a31-8a21-278bcb4d4069} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e707216f-6aff-4bd4-962d-ec5cdba812a1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e707216f-6aff-4bd4-962d-ec5cdba812a1} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrsjkdb -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\Windows\System32\rqrSjKdB.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\qoMcBrPg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rqRJBTMG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyxUkjG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\michel\NortonGhost_Softpedia.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\System32\nnnkLdCt.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\iifgFYsq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJccDVm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljjhHxxW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:23, on 5-6-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Visual Subst] "C:\Program Files\Visual Subst\VSubst.exe" /startup
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "michel"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/interim/ractrl.cab?lmi=100
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\Windows\system32\wwSecure.exe
–
End of file - 5751 bytes
Was inderdaad die ene regel vergeten, dom dom!!
Is die zo weer schoon denk je?
Groet,
Michel
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.