Hoi, ik heb het stappenplan uitgevoerd nadat ik van Antivir een melding van een Trojan Horse kreeg...
Zou je ff willen kijken of alles ok is hiermee?
Alvast Bedankt,
Hier is het logje:
Logfile of HijackThis v1.99.1
Scan saved at 17:14:44, on 2-7-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Antivirus\Antivir\AVWUPSRV.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ANTISP~1\WINPAT~1\winpatrol.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Antivirus\Antivir\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Antispyware\SpywareGuard\sgmain.exe
C:\Program Files\Antispyware\SpywareGuard\sgbhp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Antivirus\Antivir\AVGUARD.EXE
C:\Program Files\Antivirus\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Willem\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\AntiSpyware\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [WinPatrol] c:\PROGRA~1\ANTISP~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\Antivirus\Antivir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Antivirus\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Antispyware\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93A01488-D56B-4705-81A8-AF475EFE9AC1}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{93A01488-D56B-4705-81A8-AF475EFE9AC1}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{93A01488-D56B-4705-81A8-AF475EFE9AC1}: NameServer = 195.238.2.21,195.238.2.22
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\Antivirus\Antivir\AVGUARD.EXE
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\Antivirus\Antivir\AVWUPSRV.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Weergegeven resultaten: 1 t/m 9 van 9
Discussie: zou je ff checken aub
-
2 July 2005, 17:35 #1Up-to-date
- Geregistreerd
- 10 May 2005
- Berichten
- 49
- Bedankjes
- 0
- Bedankt
- 0 keer in 0 posts
zou je ff checken aub
-
2 July 2005, 17:40 #2Erelid
- Geregistreerd
- 10 May 2005
- Locatie
- West-Vlaanderen
- Berichten
- 5.887
- Bedankjes
- 100
- Bedankt
- 901 keer in 829 posts
Re: zou je ff checken aub
* open hijackthis en vink volgende regels aan:
O17 - HKLM\System\CCS\Services\Tcpip\..\{93A01488-D56B-4705-81A8-AF475EFE9AC1}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{93A01488-D56B-4705-81A8-AF475EFE9AC1}: NameServer = 195.238.2.21,195.238.2.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{93A01488-D56B-4705-81A8-AF475EFE9AC1}: NameServer = 195.238.2.21,195.238.2.22
* sluit u alle vensters behalve hijackthis en klik op 'fixed checked'
*post een nieuw logje
Member of ASAP
-
2 July 2005, 17:43 #3Up-to-date
- Geregistreerd
- 10 May 2005
- Berichten
- 49
- Bedankjes
- 0
- Bedankt
- 0 keer in 0 posts
Re: zou je ff checken aub
Bedankt voor het checken, hier is het nieuwe logje:
Logfile of HijackThis v1.99.1
Scan saved at 17:29:00, on 2-7-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Antivirus\Antivir\AVWUPSRV.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\ANTISP~1\WINPAT~1\winpatrol.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Antivirus\Antivir\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Antispyware\SpywareGuard\sgmain.exe
C:\Program Files\Antispyware\SpywareGuard\sgbhp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Antivirus\Antivir\AVGUARD.EXE
C:\Program Files\Antivirus\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Willem\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\AntiSpyware\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [WinPatrol] c:\PROGRA~1\ANTISP~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\Antivirus\Antivir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Antivirus\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Antispyware\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...94/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\Antivirus\Antivir\AVGUARD.EXE
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\Antivirus\Antivir\AVWUPSRV.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
2 July 2005, 17:49 #4Erelid
- Geregistreerd
- 10 May 2005
- Locatie
- West-Vlaanderen
- Berichten
- 5.887
- Bedankjes
- 100
- Bedankt
- 901 keer in 829 posts
Re: zou je ff checken aub
ziet er goed uit, update nu asjeblief naar sp2
Member of ASAP
-
2 July 2005, 17:58 #5Up-to-date
- Geregistreerd
- 10 May 2005
- Berichten
- 49
- Bedankjes
- 0
- Bedankt
- 0 keer in 0 posts
Re: zou je ff checken aub
heb me er al eens aan gewaagd, maar dan heb ik mijn pc moeten formatteren, hij blokkeerde de hele tijd
(crash) (crash) (crash) (crash)
daarom doe ik het nu liever niet meer
-
2 July 2005, 18:09 #6Erelid
- Geregistreerd
- 10 May 2005
- Locatie
- West-Vlaanderen
- Berichten
- 5.887
- Bedankjes
- 100
- Bedankt
- 901 keer in 829 posts
Re: zou je ff checken aub
en weet je hoe dat kwam? omdat je pc'ke toen niet proper was en dus in conflict kwan met de aanwezige malware, nu je geformateerd hebt en hjt logje hebt gepost is de malware nu verdwenen dus update nu maar eens, bevat essentiële updates voor windows, of anders is het dweilen met de kraan open
Member of ASAP
-
2 July 2005, 21:53 #7Up-to-date
- Geregistreerd
- 10 May 2005
- Berichten
- 49
- Bedankjes
- 0
- Bedankt
- 0 keer in 0 posts
Re: zou je ff checken aub
mmm misschien, maar ik heb altijd mijn pc wekelijks gescand op spyware...
-
2 July 2005, 21:58 #8Erelid
- Geregistreerd
- 10 May 2005
- Locatie
- West-Vlaanderen
- Berichten
- 5.887
- Bedankjes
- 100
- Bedankt
- 901 keer in 829 posts
Re: zou je ff checken aub
update nu maar eens naar sp2
die scanner waren blijkbaar niet genoeg, trouwens sp2 is een must
Member of ASAP
-
2 July 2005, 22:10 #9Up-to-date
- Geregistreerd
- 10 May 2005
- Berichten
- 49
- Bedankjes
- 0
- Bedankt
- 0 keer in 0 posts
Re: zou je ff checken aub
ok kga het doen!
Discussie informatie
Users Browsing this Thread
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Soortgelijke discussies
-
ff checken
Door slicky in forum HijackThisReacties: 2Laatste bericht: 3 February 2006, 17:10 -
even checken aub
Door Kokki in forum HijackThisReacties: 7Laatste bericht: 26 November 2005, 22:16 -
Even checken aub?
Door Luka in forum HijackThisReacties: 4Laatste bericht: 9 October 2005, 18:17 -
wil je even checken
Door silvio in forum HijackThisReacties: 7Laatste bericht: 5 October 2005, 15:40 -
wil eens checken aub
Door Rosty in forum HijackThisReacties: 5Laatste bericht: 20 June 2005, 20:41
Regels voor berichten
- Copyright © 2004 - 2019, Minatica.be
-
Powered by vBulletin®, versie 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. - Design door Gert Bangels
Favorieten/bladwijzers