even nakijken aub [Archief]

Volledige versie bekijken : even nakijken aub

kevindewachter

3 November 2007, 11:54

Mijn pc opent msn gesprekventsers zonder dat ik er naar vraag. Hij stuurt ook berichtjen naar mijn contactpersonen met een (virus) link in.
Hier is mijn logje

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:51:57, on 3-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\kevin\LOCALS~1\Temp\msnplus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
D:\setup files\programmas\hijacjthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Graphic Update] C:\DOCUME~1\kevin\LOCALS~1\Temp\msnplus.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5579 bytes

Dank bij vorbaat!!!!

Juisterr

3 November 2007, 17:12

Download hier MSNFix by BendeBoy (http://www.bendeboy.nl/misc/MSNFix.exe) (Mirror (http://bendeboy.be.funpic.org/MSNFix.exe)) en sla het op je bureaublad.
Dubbelklik MSNFix.exe, er zal nu een icoontje op je bureaublad verschijnen.

Dubbelklik het icoontje "Start MSNFix"en laat het zijn gang gaan.
(Indien je meldingen krijgt van je scanner e.d. sta dit toe).

Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (C:\MSNFix.txt). Post deze in je volgende reactie.

kevindewachter

4 November 2007, 12:05

Dit is het verslag van msnfix:

---------- BENDEBOYS MSNFIX RAPORT ----------
- Version: 3.6.0.3 - Last Update: 03/11/07
- Scan performed on: zo 04-11-2007 - 11:03:48,54 By kevin
- Bootmode: Normal Mode

((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))

2007-11-04 -10:51:56 - A.S.. "C:\WINDOWS\bootstat.dat"
2007-09-07 -23:43:56 - A.... "C:\WINDOWS\mozver.dat"
2007-09-30 -16:52:30 - A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
2007-09-24 -21:30:28 - A.... "C:\WINDOWS\system32\java.exe"
2007-09-24 -21:30:30 - A.... "C:\WINDOWS\system32\javaw.exe"
2007-09-24 -22:31:42 - A.... "C:\WINDOWS\system32\javaws.exe"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\keystone.exe"
2007-09-28 - 6:19:40 - A.... "C:\WINDOWS\system32\MRT.exe"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nv4_disp.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvapi.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvappbar.exe"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvcod.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvcodins.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvcolor.exe"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvcpl.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvcplui.exe"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvdisps.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvdspsch.exe"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvexpbar.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvgames.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nview.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvmccs.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvmccsrs.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvmccss.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvmctray.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvmobls.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvnt4cpl.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvoglnt.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvshell.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvsvc32.exe"
2007-09-17 - 1:10:36 - A.... "C:\WINDOWS\system32\nvuaudio.exe"
2007-09-17 - 1:10:36 - A.... "C:\WINDOWS\system32\nvudisp.exe"
2007-09-17 - 1:10:36 - A.... "C:\WINDOWS\system32\NVUNINST.EXE"
2007-09-17 - 1:10:36 - A.... "C:\WINDOWS\system32\nvunrm.exe"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvvitvs.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvwddi.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvwdmcpl.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvwimg.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nvwss.dll"
2007-09-17 - 0:07:00 - A.... "C:\WINDOWS\system32\nwiz.exe"
2007-10-28 -10:01:34 - A.... "C:\WINDOWS\system32\perfc009.dat"
2007-10-28 -10:01:34 - A.... "C:\WINDOWS\system32\perfc013.dat"
2007-10-28 -10:01:34 - A.... "C:\WINDOWS\system32\perfh009.dat"
2007-10-28 -10:01:34 - A.... "C:\WINDOWS\system32\perfh013.dat"
2007-09-23 -21:36:56 - A.... "C:\WINDOWS\system32\PnkBstrA.exe"
2007-09-26 -20:36:54 - A.... "C:\WINDOWS\system32\PnkBstrB.exe"
2007-11-04 - 2:13:30 - A.... "C:\Documents and Settings\kevin\NTUSER.DAT"
2007-09-30 -17:37:22 - A..H. "C:\Documents and Settings\kevin\NTUSER.DAT_BAK_89933"

((((((((((((((( FOUND FILES )))))))))))))))

!! BEFORE FIX !!

C:\DOCUME~1\kevin\LOCALS~1\Temp\msnplus.exe

!! AFTER FIX !!

C:\DOCUME~1\kevin\LOCALS~1\Temp\msnplus.exe

((((((((((((((( ShellServiceObjectDelayLoad )))))))))))))))

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

---------- END OF LOG ----------

Dis is een logje van na de msnfix

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:05:25, on 4-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
D:\setup files\programmas\hijacjthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/be/ý
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5322 bytes

Juisterr

5 November 2007, 10:08

En hoe gaat het nu?

kevindewachter

5 November 2007, 19:04

En hoe gaat het nu?

Hij stuurt geen ongewenste berichten meer naar mijn msn contactpersonen.

Bedankt voor de hulp!!!

Juisterr

5 November 2007, 20:41

Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.

- Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
- Zet een vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Windows vraagt of je dat zeker weet.
- Klik "Ja".
- Klik "OK".
- Start de pc opnieuw op.
- Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
- Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
- Klik "Ja".
- Verwijder het vinkje voor "Systeemherstel uitschakelen".
- Klik "Toepassen".
- Klik "OK".
- Start de pc opnieuw op
- Er is nu een nieuw schoon herstel punt aangemaakt

Hier nog wat tips. http://www.jawwi.nl/tips/beveiligen.html (http://%5BURL)

nog meer tips (http://users.telenet.be/bluepatchy/miekiemoes/tragecomputer.html)