Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
pandora
Hallo iedereen,
Mijn vaders laptop is op dit moment geinfecteerd met een behoorlijk hardnekkige versie van system security
Heb al eens eerder met dit virus van doen gehad. Het doet zich voor als virusscanner die allerhande verzonnen waarschuwingen gooit om je te overtuigen de volle versie te kopen.
De eerdere versies waren simpel te verwijderen met malwarebytes anti malware maar deze versie houd practisch mijn vaders complete laptop gegijzeld.
Het blokkerd eigenijk alle executabels onder de zogenaamde notie dat ze geinfecteerd zijn en zelfs de taskmanager wordt een seconde na opstarten weer afgesloten.
Het is me uiteindelijk wel gelukt een hijackthis log te maken door de executable van hijackthis te hernoemen.
(Jammer genoeg werkt die strategie voor andere programma's minder goed)
Als iemand deze log zou willen doorkijken en mij zou kunnen vertellen welke dingen in wel en niet mag fixen dan zou ik dat heel erg op prijs stellen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:58, on 6-6-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\services.exe
C:\WINDOWS\lsass.exe
C:\Documents and Settings\All Users\Application Data\12145314\12145314.exe
C:\Documents and Settings\All Users\Application Data\92155306\92155306.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\maertkd\Bureaublad\123.abc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gateds.com/gatevc.php?pn=srch0p9total7s2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: “C:\Norman\Npm\bin\ZLH.EXE” /LOAD /SPLASH
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM\..\Run: “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: CHDAudPropShortcut.exe
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”
O4 - HKLM\..\Run: %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: C:\WINDOWS\services.exe
O4 - HKLM\..\Run: C:\WINDOWS\odb.exe
O4 - HKLM\..\Run: C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\12145314\12145314.exe
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\92155306\92155306.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\ahuij.exe
O4 - HKLM\..\Run: C:\WINDOWS\wdmon.exe
O4 - HKLM\..\Run: C:\WINDOWS\vlc.exe
O4 - HKLM\..\Run: C:\WINDOWS\svx.exe
O4 - HKLM\..\Run: C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: C:\WINDOWS\amoumain.exe
O4 - HKLM\..\Run: C:\WINDOWS\servicelayer.exe
O4 - HKLM\..\Run: C:\WINDOWS\ctfmon.exe
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: C:\WINDOWS\system32\ahuij.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: C:\WINDOWS\services.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ahuij.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: C:\Program Files\PCenter\agent.exe
O4 - HKCU\..\RunServices: C:\WINDOWS\system32\ahuij.exe
O4 - HKLM\..\Policies\Explorer\Run: C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: c:\hCJEmI.exe
O4 - HKCU\..\Policies\Explorer\Run: c:\hCJEmI.exe
O4 - HKCU\..\Policies\Explorer\Run: c:\hCJEmI.exe
O4 - HKCU\..\Policies\Explorer\Run: c:\hCJEmI.exe
O4 - HKCU\..\Policies\Explorer\Run: c:\hCJEmI.exe
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\Run: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\ntos.exe (User ‘Default user’)
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493acf15-5cd9-4474-82a6-91670c3dd66e} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164788911375
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = folietechniek.local
O17 - HKLM\Software\..\Telephony: DomainName = folietechniek.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = folietechniek.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = folietechniek.local
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 9909 bytes
