Volledige versie bekijken : logje



slijkdabberke
11 September 2005, 22:27
op aanraden van Jurgen V omdat ik met een newdotnet infectie zat

Logfile of HijackThis v1.99.1
Scan saved at 22:23:46, on 11/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\beveiliging en back-up\ewido\security suite\ewidoctrl.exe
D:\BEVEIL~1\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\beveiliging en back-up\norton ghost\GhostStartTrayApp.exe
D:\beveiliging en back-up\ms antispy\gcasServ.exe
D:\beveiliging en back-up\ms antispy\gcasDtServ.exe
D:\beveiliging en back-up\zone alarm\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mshearts.exe
D:\beveiliging en back-up\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://misc.skynet.be/index.html?new_lang=nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://misc.skynet.be/index.html?new_lang=nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\beeld\abdobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\BEVEIL~1\spybot\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [KAVPersonal50] D:\beveiliging en back-up\kaspersky\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\cd+dvd\slysoft\clone-cd\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] D:\beveiliging en back-up\norton ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKLM\..\Run: [gcasServ] "D:\beveiliging en back-up\ms antispy\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\beveiliging en back-up\zone alarm\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "D:\beveiliging en back-up\ccleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\beeld\abdobe\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\ms-office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - D:\download accelator plus\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\download accelator plus\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MS-OFF~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123704859418
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF3D1BBA-43BE-45C5-B047-DB365487C1F4}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: ewido security suite control - ewido networks - D:\beveiliging en back-up\ewido\security suite\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\BEVEIL~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: kavsvc - Kaspersky Lab - D:\beveiliging en back-up\kaspersky\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\tuneup utilities\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Beamerke
12 September 2005, 01:49
Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.Hoe verborgen bestanden en mappen weergeven. (http://users.telenet.be/marcvn/spyware/1117602.htm).

Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe

Klik daarna op "Fix checked" en sluit HijackThis af.

Start de computer in veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm).

Zoek via Windows verkenner naar volgende bestand en het verwijder het indien aanwezig:

C:\WINDOWS\System32\gcasDtServ.exe

Start Ccleaner en klik op de knop "Opschonen".(rechts beneden)

Herstart de computer in normale modus.

Start HijackThis opnieuw, maak een nieuwe log en post deze.

slijkdabberke
12 September 2005, 22:28
heb het vorige gedaan maar geen gcasDtServ.exe gevonden
hier gefixte log

Logfile of HijackThis v1.99.1
Scan saved at 22:24:40, on 12/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\beveiliging en back-up\ewido\security suite\ewidoctrl.exe
D:\BEVEIL~1\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\beveiliging en back-up\norton ghost\GhostStartTrayApp.exe
D:\beveiliging en back-up\ms antispy\gcasServ.exe
D:\beveiliging en back-up\zone alarm\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
D:\beeld\abdobe\Reader\reader_sl.exe
D:\beveiliging en back-up\ms antispy\gcasDtServ.exe
D:\beveiliging en back-up\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://misc.skynet.be/index.html?new_lang=nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://misc.skynet.be/index.html?new_lang=nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\beeld\abdobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\BEVEIL~1\spybot\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [KAVPersonal50] D:\beveiliging en back-up\kaspersky\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\cd+dvd\slysoft\clone-cd\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] D:\beveiliging en back-up\norton ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [gcasServ] "D:\beveiliging en back-up\ms antispy\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\beveiliging en back-up\zone alarm\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "D:\beveiliging en back-up\ccleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Reader Snelle start.lnk = D:\beeld\abdobe\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\ms-office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - D:\download accelator plus\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\download accelator plus\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MS-OFF~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123704859418
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF3D1BBA-43BE-45C5-B047-DB365487C1F4}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: ewido security suite control - ewido networks - D:\beveiliging en back-up\ewido\security suite\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\BEVEIL~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: kavsvc - Kaspersky Lab - D:\beveiliging en back-up\kaspersky\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\tuneup utilities\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Beamerke
13 September 2005, 00:33
Ziet er goed uit hoor (y)

Hoe werkt alles verder?

slijkdabberke
13 September 2005, 20:16
ik heb voor het moment nog geen problemen ondervonden
bedankt
:thx
mag slotje op

Beamerke
13 September 2005, 20:27
Bij deze is dat gebeurd;)