Volledige versie bekijken : WSN probleem?
Huka 2 October 2005, 22:12 Hallo,
Jurgen heeft mij aangeraden om eens een log te plaatsen.
Wat is er aan de hand?
Ik heb de sygate personal firewall. Deze vraagt altijd "toestemming" voordat een prgramma contact met mijn pc mag maken. Nu heeft zich dus WSN.exe gemeld. Che wist mij al te vertellen dat dit een trojan is. Ik wil deze natuurlijk kwijt.
En Jurgen, hier is dus mijn log. Misschien kun jij (of iemand anders) hier iets mee?
Vast bedankt. Groet, Huka
Logfile of HijackThis v1.99.1
Scan saved at 22:07:06, on 2-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\eDonkey\eDonkey2005\edonkey2000.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kvhafykaelq.us/WAeHXWNb4g_9RvmPiuHfaQMJAJZQgPLDAarJdsG51TbJoDQHbc vZ1Oq3LzVIYNoj.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.piiwpiuwoavqdnpyugcznee.com/WAeHXWNb4g/KGgIMCkH6GRTHMRKT/RNpEw9tzHQSBzc.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Janine's Documenten\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A044574-20CE-CECD-3F93-5E6FE9306742} - C:\DOCUME~1\Janine\APPLIC~1\KEEPAM~1\poll free.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D1C7B0D2-BD10-CA95-69AA-45892DE5FF8E} - C:\DOCUME~1\Ada\APPLIC~1\KEEPAM~1\Dvd up.exe (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Janine's Documenten\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\eDonkey\eDonkey2005\edonkey2000.exe" -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SendNewAudioAxis] C:\Documents and Settings\All Users\Application Data\flawvcsendnew\delete city.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Axis link] C:\DOCUME~1\Ada\APPLIC~1\idolplus\face acid.exe
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Snelle start.lnk = E:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2994e09258ec9d8fca17/netzip/RdxIE601.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4561/mcfscan.cab
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
jurgenv 2 October 2005, 22:31 er is trouwens nog meer aan de hand..je hebt messenger plus met sponsers geïnstalleerd, ok doe het volgende en sla niks over!
* ik zie dat je twwe antivirussen tesamen in rel-time beveiliging hebt staan, namelijk NOD32 en McAfee, ik raad je ten strengste aan 1 van de twee uit te schakelen of te verwijderen, dus in je volgende log mag ik maat 1 AV in real-time zien of AV zien staan
* ga naar start==>configuratiescherm==>software en de-installeer het volgende:
messenger plus
* open hijackthis en vink volgende regels aan:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kvhafykaelq.us/WAeHXWNb4g_9RvmPiuHfaQMJAJZQgPLDAarJdsG51TbJoDQHbc vZ1Oq3LzVIYNoj.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.piiwpiuwoavqdnpyugcznee.c...w9tzHQSBzc.php
O2 - BHO: (no name) - {8A044574-20CE-CECD-3F93-5E6FE9306742} - C:\DOCUME~1\Janine\APPLIC~1\KEEPAM~1\poll free.exe
O2 - BHO: (no name) - {D1C7B0D2-BD10-CA95-69AA-45892DE5FF8E} - C:\DOCUME~1\Ada\APPLIC~1\KEEPAM~1\Dvd up.exe (file missing)
O4 - HKLM\..\Run: [SendNewAudioAxis] C:\Documents and Settings\All Users\Application Data\flawvcsendnew\delete city.exe
O4 - HKCU\..\Run: [Axis link] C:\DOCUME~1\Ada\APPLIC~1\idolplus\face acid.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2994e092...p/RdxIE601.cab
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)
* Maak verborgen mappen en bestanden zichtbaar:
Start -> configuratiescherm -> mapopties -> weergave
dan het vinkje weghalen bij "beveiligde systeembesturingsbestanden verbergen"
onderaan dit lijstje plaats je een vinkje bij "verborgen bestanden en mappen weergeven" en je sluit af met OK te klikken.
* verwijder volgende mappen:
C:\Documents and Settings\Janine\Application Data\KEEPAM~1 <== de map die begint met de letters 'KEEPAM'
C:\Documents and Settings\All Users\Application Data\flawvcsendnew
C:\Documents and Settings\Ada\Application Data\idolplus
* start je pc weer normaal
* Kopieer onderstaande tekst in kladblok en sla het op op je bureaublad als findjobs.bat met als type "alle bestanden".
dir %Windir%\tasks /a h > jobs.txt
notepad jobs.txt
* Dubbelklik op findjobs.bat op je bureaublad en plaats hier de inhoud van het tekstbestandje die je verkrijgt hier met een nieuw hijackthis logje
Huka 5 October 2005, 23:35 Logfile of HijackThis v1.99.1
Scan saved at 22:31:38, on 5-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\eDonkey\eDonkey2005\edonkey2000.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Skype\Phone\Skype.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
c:\progra~1\mcafee.com\person~1\mpftray.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uugetowiinlsipieddu.com/74XcWgOlcEVpR_BET4_Ef7V5vpBzM4YVtStzPJDnLKECFdKukE 8x0BMPbcx0Egc3.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zonnet.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Janine's Documenten\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D1C7B0D2-BD10-CA95-69AA-45892DE5FF8E} - C:\DOCUME~1\Ada\APPLIC~1\KEEPAM~1\Dvd up.exe (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Janine's Documenten\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\eDonkey\eDonkey2005\edonkey2000.exe" -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Snelle start.lnk = E:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2994e09258ec9d8fca17/netzip/RdxIE601.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4561/mcfscan.cab
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
De regels die er niet meer opstaan zijn:
02-bha (no name) - {8AO44574 - 20CE etc.
04 - hklm\..\Run: [send neweaudioaxis] etc.
04 - HKCU\..\ Run: [Axis link] C:\docume~1\ADA\applc~etc.
Wat nu?
jurgenv 6 October 2005, 10:05 * open hijackthis en vink volgende regels aan:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uugetowiinlsipieddu.com/74XcWgOlcEVpR_BET4_Ef7V5vpBzM4YVtStzPJDnLKECFdKukE 8x0BMPbcx0Egc3.jsp (http://uugetowiinlsipieddu.com/74XcWgOlcEVpR_BET4_Ef7V5vpBzM4YVtStzPJDnLKECFdKukE 8x0BMPbcx0Egc3.jsp)
O2 - BHO: (no name) - {D1C7B0D2-BD10-CA95-69AA-45892DE5FF8E} - C:\DOCUME~1\Ada\APPLIC~1\KEEPAM~1\Dvd up.exe (file missing)
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* je hebt niet alles uitgevoerd.... kan ik het resultaat van findjobs.bat nog zien? post die tesamen met een nieuw hijackthis logje
Huka 7 October 2005, 22:08 Hieronder het resultaat van aanmaken van findjobs.bat. Vervolgens daarin het hijacklogje gezet. De naam veranderde toen in jobs.txt.
Deze staat hieronder vermeld.
Het volume in station C heeft geen naam.
Het volumenummer is 9403-24B4
Map van C:\WINDOWS\tasks
07-10-2005 18:27 <DIR> .
07-10-2005 18:27 <DIR> ..
07-10-2005 22:00 220 A6768B1791BD3EEB.job
07-10-2005 22:00 258 A9EF32BD942CA6C9.job
07-10-2005 22:00 258 AC6EED85918567C9.job
07-10-2005 22:00 246 B10CEC4E913B9F8A.job
07-09-2001 14:00 65 desktop.ini
07-10-2005 18:27 472 McAfee.com Update Check (ADA-PC-Ada).job
07-10-2005 22:03 478 McAfee.com Update Check (ADA-PC-Janine).job
07-10-2005 21:49 6 SA.DAT
8 bestand(en) 2.003 bytes
Map van C:\Documents and Settings\Ada\Bureaublad
Logfile of HijackThis v1.99.1
Scan saved at 22:05:52, on 7-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\eDonkey\eDonkey2005\edonkey2000.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
E:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Janine's Documenten\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Janine's Documenten\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\eDonkey\eDonkey2005\edonkey2000.exe" -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2994e09258ec9d8fca17/netzip/RdxIE601.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4561/mcfscan.cab
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
jurgenv 7 October 2005, 22:55 * Open kladblok en kopieer en plak het volgende erin:
%systemdrive%
cd %WinDir%\Tasks
attrib -r -s -h A6768B1791BD3EEB.job
del A6768B1791BD3EEB.job
attrib -r -s -h A9EF32BD942CA6C9.job
del A9EF32BD942CA6C9.job
attrib -r -s -h AC6EED85918567C9.job
del AC6EED85918567C9.job
attrib -r -s -h B10CEC4E913B9F8A.job
del B10CEC4E913B9F8A.job
* Sla dit op als remjobs.bat , kies voor opslaan als alle bestanden en plaats het op je bureaublad.
Dubbelklik op remjobs.bat. Een dosvenster zal vlug openen en sluiten. Dit is normaal.
* open hijackthis en vink volgende regel aan:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2994e092...p/RdxIE601.cab
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* Download, installeer en update de free trial versie van Ewido Security Suite (http://www.ewido.net/en/download/)
Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
Als je Ewido voor de eerste keer runt, zal je een foutmelding krijgen "Database could not be found!". Klik dan op OK. Dit is normaal.
In het hoofdscherm van Ewido, klik je op update in het linker menu, en vervolgens op de Start update knop.
Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
Sluit Ewido. Laat het nog niet scannen
* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)
* Open Ewido Security Suite
klik op Scanner
Klik op complete system scan
Laat het programma je pc scannen
Tijdens de scan zal je gevraagd worden of je gevonden bestanden wil verwijderen. Klik dan op OK
Als de scan beëindigd is, zal je een knop zienBewaar rapport
Klik op Bewaar rapport
Sla het rapport op op je bureaublad
Sluit Ewido af
* start je pc weer normaal
* Dubbelklik opnieuw op findjobs.bat en plaats daarvan een nieuw logje tesamen met een nieuw hijackthis logje + het rapport van EWIDO
Huka 8 October 2005, 00:45 Aanwijzingen weer opgevolgd.
Logs staan hieronder
Het volume in station C heeft geen naam.
Het volumenummer is 9403-24B4
Map van C:\WINDOWS\tasks
07-10-2005 23:30 <DIR> .
07-10-2005 23:30 <DIR> ..
07-09-2001 14:00 65 desktop.ini
07-10-2005 23:11 472 McAfee.com Update Check (ADA-PC-Ada).job
08-10-2005 00:43 478 McAfee.com Update Check (ADA-PC-Janine).job
08-10-2005 00:36 6 SA.DAT
4 bestand(en) 1.021 bytes
Map van C:\Documents and Settings\Ada\Bureaublad
Logfile of HijackThis v1.99.1
Scan saved at 0:44:35, on 8-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
E:\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\eDonkey\eDonkey2005\edonkey2000.exe
C:\Program Files\QuickTime\qttask.exe
E:\panda\pavsrv51.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\panda\AVENGINE.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\panda\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Skype\Phone\Skype.exe
E:\Janine's Documenten\real player\RealPlay.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
E:\panda\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
E:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Janine's Documenten\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Janine's Documenten\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\eDonkey\eDonkey2005\edonkey2000.exe" -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SCANINICIO] "E:\panda\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "E:\panda\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4561/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - E:\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\panda\pavsrv51.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
---------------------------------------------------------
ewido security suite - Scan rapport
---------------------------------------------------------
+ Gemaakt op: 0:34:26, 8-10-2005
+ Rapport samenvatting: 34E1FC8A
+ Scan resultaten:
C:\Documents and Settings\Ada\Cookies\ada@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@com[1].txt -> Spyware.Cookie.Com : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wfk4knczwaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wfk4qoazido.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wfkyqicjifq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wfliamcjmep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wfmieiazgdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wjk4olc5kgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wjkoaicjeao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wjl4wndpkeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wjliegc5olp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wjlyoocpmhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wjlyqidzwgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wjlysgczohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@e-2dj6wjny-1gcpsd.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@oewabox[1].txt -> Spyware.Cookie.Oewabox : Schoongemaakt met een backup
C:\Documents and Settings\Ada\Cookies\ada@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@ad.adition[1].txt -> Spyware.Cookie.Adition : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@burstnet[2].txt -> Spyware.Cookie.Burstnet : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wfkisoc5iao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wfliamcjmep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wflikndzklp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wgkyokdzshp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjkyqld5kgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjkywld5eeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjl4whazkhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjliagczwfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjliamd5kdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@e-2dj6wjlyokc5ilq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Schoongemaakt met een backup
C:\Documents and Settings\Janine\Cookies\janine@statcounter[1].txt -> Spyware.Cookie.Statcounter : Schoongemaakt met een backup
C:\MsgPlus-254.exe/sponsor.exe -> TrojanDownloader.Swizzor.ag : Schoongemaakt met een backup
C:\Program Files\C2Media\Setup.exe -> Spyware.Lop : Schoongemaakt met een backup
::Einde rapport
Groet, Huka
jurgenv 8 October 2005, 12:17 ziet er goed uit, krijg je nog steeds die melding van sygate?
Huka 9 October 2005, 23:57 Heb geen melding meer gehad sinds ik die vraag hier gesteld heb. Hij kwam destijds ook nog voor in de scan van hitman.pro.
Daarom heb ik nog maar eens opnieuw hitman.pro gedraaid. Ook hier kwam hij niet meer voor.
Wel was er blijkbaar sprake vam een trojan downloader.
Hieronder volgt de log van hitman.pro
<TABLE><TBODY><TR><TD width="100%">Hitman Pro 2.2.1 - Rapport
09-10-2005 22:49
</TD><TD width=362>file:///C:/Program%20Files/Hitman%20Pro/logs/hitmanpro.jpg
</TD></TR></TBODY></TABLE>
<HR color=#e0e0e0 SIZE=1>Installatiebestanden externe beschermings- en inspectiecomponenten
<TABLE><TBODY><TR><TD width=150>OMSCHRIJVING ("]STATUS[/URL]</TD><TD width=320>GROOTTE[/SIZE] ("]VERSIE</TD><TD width=150>Updates[/B]
<TABLE><TBODY><TR><TD width=150>OMSCHRIJVING ("]STATUS</TD><TD width=320>GROOTTE[/SIZE] ("]</TD><TD width=150>Bijgewerkt[/FONT] ("]Bijgewerkt</TD><TD width=320>SurfRight Helper</TD><TD width=100></TD><TD width=150>275705 bytes</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD width=150>Actueel</TD><TD width=320>SurfRight Policy</TD><TD width=100></TD><TD width=150>1220 bytes</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD width=150>Actueel</TD><TD width=320>Spyware Block List</TD><TD width=100></TD><TD width=150>348614 bytes</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD width=150>In bepaalde omstandigheden kan door misbruik van een data source object (DSO) ongevraagd onbetrouwbare software in Internet Explorer worden uitgevoerd. Met andere woorden, het is een potentieel gat in Internet Explorer waar hackers misbruik van kunnen maken om toegang tot uw systeem te krijgen. Echter, als u de nieuwste versie van Internet Explorer en de nodige updates voor Windows heeft geïnstalleerd, dan is uw systeem niet bevattelijk voor DSO misbruik.[/SIZE] ("]Bijgewerkt</TD><TD width=320>Ad-Aware SE definitions</TD><TD width=100></TD><TD width=150>530649 bytes</TD></TR></TBODY></TABLE>
<HR color=#e0e0e0 SIZE=1>Beschermingsmiddelen
<TABLE><TBODY><TR><TD>Systeem is beschermd tegen DSO misbruik
Met Installatie op afroep ingeschakeld kunnen webonderdelen automatisch gedownload en geïnstalleerd worden. Installatie op afroep kan door websites worden misbruikt om spyware te installeren.[/SIZE] ("]De Messenger service kan misbruikt worden om reclame en spam naar machines op een netwerk te sturen. Daarnaast heeft Microsoft in het verleden beveiligingsupdates moeten uitbrengen om kwetsbaarheden in de Messenger service te verhelpen. Zo waren aanvallers in staat om met de Messenger service kwaadwillende code uit te voeren op onbeveiligde systemen. De Messenger service heeft niets te maken met MSN Messenger en Windows Messenger.</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>Installatie op afroep uitgeschakeld
Deze bescherming verhindert de installatie van op ActiveX-gebaseerde spyware, adware, browserkapers, dialers, en ander potentieel ongewenste inhoud. Verder blokkeert het spyware/traceercookies in Internet Explorer en Mozilla/Firefox en beperkt het de acties van mogelijk gevaarlijke websites in Internet Explorer.[/SIZE] ("]Het beveiligingsniveau van de Internet-zone hoort ten minste op Normaal ingesteld te staan. Voor het downloaden van mogelijk onveilige inhoud wordt dan eerst toestemming gevraagd en niet ondertekende ActiveX-besturingselementen worden niet gedownload.</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>SpywareBlaster-bescherming aangebracht
http://www.javacoolsoftware.com/spywareblaster.html[/SIZE] ("]SpywareBlaster is freeware voor persoonlijk en onderwijsgebruik. Voor meer informatie zie Spyware Block List is gratis voor persoonlijk en niet-commercieel gebruik. Voor meer informatie zie [/SIZE] ("]Deze bescherming verhindert dat dubieuze ActiveX-besturingselementen worden uitgevoerd in Internet Explorer. Het is een aanvulling op de SpywareBlaster-bescherming.
http://www.spywareguide.com/blockfile.php[/SIZE] (http://www.spywareguide.com/blockfile.php)</TD></TR></TBODY></TABLE>
<HR color=#e0e0e0 SIZE=1><TABLE cellSpacing=0 cellPadding=0 width="100%"><TBODY><TR><TD width=*>NOD32 AntiThreat On-Demand scanner 2.50.32.0</TD><TD align=right>NOD32 vertegenwoordigt de nieuwste antivirus technologie. NOD32 heeft 7 achtereenvolgende jaren in de top gestaan van de onafhankelijke tests van Virus Bulletin, met een record aantal VB100% awards omdat NOD32 nog nooit een 'in-The-Wild' virus heeft gemist en de hoogste scansnelheden heeft. ("]00:19:45</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>Versie 1.1238 (20050930) NT</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>C:\System Volume Information\_restore{7FDE064A-F632-436A-A8F4-DF501A216363}\RP395\A0053278.exeIN GEHEUGEN[/SIZE] ("]NAAM</TD><TD width=100>BESTANDEN[/SIZE] ("]IN REGISTER</TD><TD width=100>[/SIZE]</TD><TD>Win32/Downloader.Swizzor</TD><TD>0</TD><TD>0</TD><TD>2</TD></TR><TR><TD></TD><TD>TOTAAL</TD><TD>0</TD><TD>0</TD><TD>2</TD></TR></TBODY></TABLE>
<HR color=#e0e0e0 SIZE=1><TABLE cellSpacing=0 cellPadding=0 width="100%"><TBODY><TR><TD>Ad-Aware SE Personal, free for private use.</TD><TD align=right>Ad-Aware inspecteert het geheugen, register en uw bestanden op de lokale harde schijf op advertentiesoftware, traditionele Tojaanse paarden, dialers, browser hijackers en traceercomponenten (cookies). ("]00:15:37</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>Versie 1.06r1 en definitiebestand SE1R69 05.10.2005</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>[/SIZE]</TD><TD width=320>IN GEHEUGEN ("]NAAM</TD><TD width=100>BESTANDEN[/SIZE] ("]IN REGISTER</TD><TD width=100>[/SIZE]</TD><TD>Tracking Cookie</TD><TD>0</TD><TD>0</TD><TD>4</TD></TR><TR><TD></TD><TD>TOTAAL</TD><TD>0</TD><TD>0</TD><TD>6</TD></TR></TBODY></TABLE>
<HR color=#e0e0e0 SIZE=1><TABLE cellSpacing=0 cellPadding=0 width="100%"><TBODY><TR><TD>Spybot - Search & Destroy 1.4.0.3</TD><TD align=right>Spybot Search & Destroy inspecteert (net als Ad-Aware en Spy Sweeper) het geheugen, register en uw bestanden op advertentiesoftware, dialers, browser hijackers en traceercomponenten. Daarnaast heeft Spybot S&D een immuniseer functie (een aanvulling op SpywareBlaster) als preventieve maatregel tegen spyware. ("]00:08:15</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>IN GEHEUGEN[/SIZE] ("]NAAM</TD><TD width=100>BESTANDEN[/SIZE] ("]IN REGISTER</TD><TD width=100>[/SIZE]</TD><TD>Windows Security Center.FirewallDisableNotify</TD><TD>0</TD><TD>1</TD><TD>0</TD></TR><TR><TD></TD><TD>Windows Security Center.AntiVirusDisableNotify</TD><TD>0</TD><TD>1</TD><TD>0</TD></TR><TR><TD></TD><TD>TOTAAL</TD><TD>0</TD><TD>2</TD><TD>6</TD></TR></TBODY></TABLE>
<HR color=#e0e0e0 SIZE=1>Webroot Spy Sweeper 3.5.0.189 <TABLE><TBODY><TR><TD>De proefperiode is verlopen.
("]Spy Sweeper is een programma dat op effectieve en veilige wijze spyware op uw computer vindt en verwijdert en u zo beschermt tegen identiteitsdiefstal, browser-hijackers, hackers, keyloggers en Trojans.</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>Hitman Pro AntiSpyware 1.7.4[/B]
<TABLE><TBODY><TR><TD>Legenda: ("]Deze aanvullende (maar beperkte) inspectie zoekt naar spyware, virussen, wormen en Trojaanse paarden die (nog) niet door de externe componenten wordt gevonden of verwijderd.</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD>gevonden met heuristiek [/COLOR] ("]bekend als spyware </TD><TD><LI class=g_heuristic>C:\DOCUME~1\Ada\LOCALS~1\Temp\yqaneibs.exe[/FONT] ("]verwijzing naar spyware </TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><LI class=g_heuristic>C:\WINDOWS\Temp\mcu48.tmp\McAppIns.exe[/FONT] ("] is gewist</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><LI class=g_heuristic>C:\WINDOWS\Temp\mcu49.tmp\McAppIns.exe[/FONT] ("] is gewist</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><LI class=g_heuristic>C:\WINDOWS\Temp\mcu4A.tmp\McAppIns.exe[/FONT] ("] is gewist</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><LI class=g_heuristic>C:\WINDOWS\Temp\mcu4B.tmp\McAppIns.exe[/FONT] ("] is gewist</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><LI class=g_heuristic>C:\WINDOWS\Temp\mcu4C.tmp\McAppIns.exe[/FONT] ("] is gewist</TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><LI class=g_heuristic>NAAM[/SIZE] ("] is gewist</TD></TR></TBODY></TABLE>Ontbrekende instellingen voor de zoekopties van Internet Explorer zijn hersteld
<TABLE><TBODY><TR><TD width=150></TD><TD width=320>IN REGISTER[/SIZE] ("]IN GEHEUGEN</TD><TD width=100>Dit rapport is samengesteld door Hitman Pro, gemaakt door Mark Loman[/FONT] ("]BESTANDEN</TD></TR><TR><TD></TD><TD>Suspicious File</TD><TD>0</TD><TD>0</TD><TD>6</TD></TR><TR><TD></TD><TD>C2Media</TD><TD>0</TD><TD>0</TD><TD>1</TD></TR><TR><TD></TD><TD>TOTAAL</TD><TD>0</TD><TD>2</TD><TD>13</TD></TR></TBODY></TABLE>
<HR color=#e0e0e0 SIZE=1>Upload statistieken naar de Hitman Pro server
<TABLE><TBODY><TR><TD>Statistieken zijn naar de Hitman Pro server gestuurd</TD></TR></TBODY></TABLE>
<HR color=#e0e0e0 SIZE=1>[URL=")
<A class=warning>Steun het verzet tegen spyware en doe een donatie; zie de knop Donatie op de website www.hitmanpro.nl (http://www.hitmanpro.nl/)
<A class=warning>Voor ondersteuning kun je terecht op het officiële Hitman Pro supportforum (http://www.antispywareoffensief.nl/forum/forumdisplay.php?f=65)<A class=warning> van het Anti Spyware Offensief (http://www.antispywareoffensief.nl/)
jurgenv 10 October 2005, 18:08 tja, mag ik opnieuw een nieuw hijackthis logje zien?
Huka 10 October 2005, 18:58 In deze staat ook weer NOD32 omdat die automatisch door hitman.pro geinstalleerd wordt. Heb ook (op advies) panda en ewido geinstalleerd.
Logfile of HijackThis v1.99.1
Scan saved at 18:57:44, on 10-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
E:\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
E:\panda\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
E:\panda\AVENGINE.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\eDonkey\eDonkey2005\edonkey2000.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\panda\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
E:\Janine's Documenten\real player\RealPlay.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
E:\panda\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Janine's Documenten\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Janine's Documenten\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\eDonkey\eDonkey2005\edonkey2000.exe" -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SCANINICIO] "E:\panda\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "E:\panda\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4561/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - E:\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\panda\pavsrv51.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
jurgenv 11 October 2005, 16:13 ziet er goed uit, hoe werkt alles verder?
Huka 15 October 2005, 11:32 Logfile of HijackThis v1.99.1
Scan saved at 11:35:05, on 15-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
E:\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\eDonkey\eDonkey2005\edonkey2000.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\panda\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\panda\pavsrv51.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
E:\panda\AVENGINE.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
E:\panda\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Janine's Documenten\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A044574-20CE-CECD-3F93-5E6FE9306742} - C:\DOCUME~1\Janine\APPLIC~1\KEEPAM~1\poll free.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Janine's Documenten\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\eDonkey\eDonkey2005\edonkey2000.exe" -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SCANINICIO] "E:\panda\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "E:\panda\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SendNewAudioAxis] C:\Documents and Settings\All Users\Application Data\flawvcsendnew\NounTool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4561/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - E:\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\panda\pavsrv51.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Huka 15 October 2005, 11:37 Het lukt me op de een of andere manier steeds niet om dit te posten. Zal het nog eens proberen met een recente log
Logfile of HijackThis v1.99.1
Scan saved at 11:35:05, on 15-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
E:\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\eDonkey\eDonkey2005\edonkey2000.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\panda\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\panda\pavsrv51.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
E:\panda\AVENGINE.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
E:\panda\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Janine's Documenten\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A044574-20CE-CECD-3F93-5E6FE9306742} - C:\DOCUME~1\Janine\APPLIC~1\KEEPAM~1\poll free.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Janine's Documenten\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [eDonkey2000] "D:\eDonkey\eDonkey2005\edonkey2000.exe" -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SCANINICIO] "E:\panda\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "E:\panda\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SendNewAudioAxis] C:\Documents and Settings\All Users\Application Data\flawvcsendnew\NounTool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4561/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - E:\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\panda\pavsrv51.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
jurgenv 15 October 2005, 11:59 * ga naar start==>configuratiescherm==>software en de-installeer:
messenger plus <== de-installeer hem volledig
* open hijackthis en vink volgende regels aan:
O2 - BHO: (no name) - {8A044574-20CE-CECD-3F93-5E6FE9306742} - C:\DOCUME~1\Janine\APPLIC~1\KEEPAM~1\poll free.exe
O4 - HKLM\..\Run: [SendNewAudioAxis] C:\Documents and Settings\All Users\Application Data\flawvcsendnew\NounTool.exe
* sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
* start je pc in veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm)
* maak verborgen mappen en bestanden zichtbaar (http://users.pandora.be/marcvn/spyware/1117602.htm)
* verwijder volgende map:
C:\Documents and Settings\All Users\Application Data\flawvcsendnew
C:\Documents and Settings\Janine\Application Data\KEEPAM~1 <== de map die begint met de letters 'KEEPAM'
* start je pc weer normaal
* Kopieer onderstaande vetgedrukte tekst in kladblok en sla het op op je bureaublad als findjobs.bat met als type "alle bestanden".
dir %Windir%\tasks /a:h > jobs.txt
notepad jobs.txt
* Dubbelklik op findjobs.bat op je bureaublad en plaats hier even de tekst die je krijgt met een nieuw hijackthis logje
|
|