Mededeling

Collapse
No announcement yet.

js psyme

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • js psyme

    Hallo,

    Sinds een paar dagen heb ik een JS Psyme trojan. Ik heb AVG gerunt, CCleaner en Supercleaner maar niet cleant hetgeen wat gedetecteerd wordt. De JSPSyme removal programma's zijn commercieel... en waarschijnlijk zelf degene die het programma hebben ontwikkeld..
    Iemand suggesties voordat ik allerlei spywareprogrs ga downloaden en runnen?

    Thanks

    Simon4s

  • #2
    Download Hijackthis-setup naar je Bureaublad.

    Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
    Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
    Kies nu voor 'Do a system scan and save a logfile'.
    Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal (ctrl-A), kopieer (ctrl C) en plak deze tekst in je volgende bericht.
    Groet,
    Pimmerd

    Comment


    • #3
      log

      Hierbij de log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:58:54, on 12/02/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16575)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\ATK0100\HControl.exe
      C:\Windows\sm56hlpr.exe
      C:\Windows\RTHDCPL.exe
      C:\Program Files\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\ATK0100\ATKOSD.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [HControl] C:\Windows\ATK0100\HControl.exe
      O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')
      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O13 - Gopher Prefix:
      O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - C:\Users\VANBEU~1\AppData\Local\Temp\f5tmp\cachecleaner.cab
      O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\VANBEU~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

      --
      End of file - 5407 bytes

      Kun je hier iets mee?

      thanks
      gr

      Simon

      Comment


      • #4
        Download Combofix naar je bureaublad

        Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

        OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

        Dubbelklik op combofix.exe
        Kies voor "Continue" door 1 te typen gevolgd door ENTER.
        Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

        Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
        Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
        Groet,
        Pimmerd

        Comment


        • #5
          combofix log

          Hierbij het log

          ComboFix 08-02-13.2 - Van Beuden Miriam 2008-02-13 9:31:41.1 - NTFSx86
          Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.276 [GMT 1:00]
          Gestart vanuit: C:\Users\Van Beuden Miriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WG6Y70T7\ComboFix[1].exe
          * Nieuw herstelpunt werd aangemaakt
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))
          .

          2008-02-12 11:58 . 2008-02-12 11:58 <DIR> d-------- C:\Program Files\Trend Micro
          2008-02-11 21:18 . 2008-02-11 21:18 <DIR> d-------- C:\Program Files\CCleaner
          2008-02-09 20:10 . 2008-02-09 20:10 <DIR> d-------- C:\Program Files\SuperCleaner

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-02-13 07:11 --------- d-----w C:\ProgramData\Google Updater
          2008-02-13 07:00 --------- d-----w C:\Users\Van Beuden Miriam\AppData\Roaming\AVG7
          2008-01-10 18:48 --------- d-----w C:\Program Files\Windows Mail
          2008-01-10 18:43 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
          2008-01-10 18:43 24,064 ----a-w C:\Windows\System32\netcfg.exe
          2008-01-10 18:43 22,016 ----a-w C:\Windows\System32\netiougc.exe
          2008-01-10 18:43 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
          2008-01-10 18:43 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
          2008-01-10 18:41 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
          2008-01-10 18:41 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
          2008-01-10 18:41 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
          2008-01-10 18:41 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
          2008-01-10 18:41 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
          2008-01-10 18:41 1,686,016 ----a-w C:\Windows\System32\gameux.dll
          2008-01-09 17:19 --------- d-----w C:\Program Files\Windows Sidebar
          2008-01-09 17:13 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
          2008-01-09 17:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
          2008-01-09 17:13 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
          2008-01-09 17:13 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
          2008-01-09 17:13 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
          2008-01-09 17:13 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
          2008-01-09 17:13 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
          2008-01-09 17:12 11,776 ----a-w C:\Windows\System32\sbunattend.exe
          2007-12-21 08:28 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
          2007-12-13 09:54 1,327,104 ----a-w C:\Windows\System32\quartz.dll
          2007-12-13 09:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
          2007-12-13 09:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL
          2007-12-13 09:52 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
          2007-12-13 09:52 824,832 ----a-w C:\Windows\System32\wininet.dll
          2007-12-13 09:52 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
          2007-12-13 09:52 56,320 ----a-w C:\Windows\System32\iesetup.dll
          2007-12-13 09:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
          2007-12-13 09:52 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
          2007-12-13 09:52 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
          2007-12-13 09:52 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
          2007-12-13 09:50 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
          2007-12-13 09:50 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
          2007-11-14 08:59 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
          2007-11-14 08:59 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
          2007-11-14 08:59 542,720 ----a-w C:\Windows\System32\sysmain.dll
          2007-11-14 08:59 502,784 ----a-w C:\Windows\System32\wlansvc.dll
          2007-11-14 08:59 47,104 ----a-w C:\Windows\System32\wlanapi.dll
          2007-11-14 08:59 297,984 ----a-w C:\Windows\System32\wlansec.dll
          2007-11-14 08:59 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
          2007-11-14 08:59 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
          2007-11-14 08:59 2,923,520 ----a-w C:\Windows\explorer.exe
          2007-11-14 08:59 2,027,008 ----a-w C:\Windows\System32\win32k.sys
          2007-11-14 08:58 8,704 ----a-w C:\Windows\System32\hcrstco.dll
          2007-11-14 08:58 8,704 ----a-w C:\Windows\System32\hccoin.dll
          2007-08-31 07:36 174 --sha-w C:\Program Files\desktop.ini
          2007-10-19 20:09 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.da t
          2007-10-19 20:09 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
          2007-10-19 20:09 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
          .

          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-15 11:36 1006264]
          "HControl"="C:\Windows\ATK0100\HControl.exe" [2006-04-17 10:24 110592]
          "SMSERIAL"="sm56hlpr.exe" [2005-05-26 17:12 544768 C:\Windows\sm56hlpr.exe]
          "RTHDCPL"="RTHDCPL.EXE" [2006-03-14 10:01 16010752 C:\Windows\RTHDCPL.exe]
          "SoundMan"="SOUNDMAN.EXE" [2006-02-20 10:00 86016 C:\Windows\SoundMan.exe]
          "AlcWzrd"="ALCWZRD.EXE" [2006-03-14 08:45 2809344 C:\Windows\alcwzrd.exe]
          "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-10 14:12 1836544]
          "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:28 579072]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
          "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 08:50 219136]

          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
          Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-30 19:34:31 126136]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
          avgwlntf.dll 2007-05-05 17:19 9216 C:\Windows\System32\avgwlntf.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
          "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

          R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-21 09:28]
          R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
          R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 08:30]
          R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [2006-03-27 16:53]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-02-13 09:33:46
          Windows 6.0.6000 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-02-13 9:34:39
          .
          2008-02-09 00:23:43 --- E O F ---

          Groeten

          Simon4s

          Comment


          • #6
            Je logjes zien er goed uit.
            Kan je eens zeggen WAAR de trojan precies gevonden wordt?
            Groet,
            Pimmerd

            Comment


            • #7
              Ik krijg nu geen meldingen meer. Kan dan denk ik aannemen dat het verdwenen is??

              Comment


              • #8
                In princiepe is er niks verwijderd, maar het zou kunnen hoor

                Deinstalleer Combofix
                Ga naar start --> uitvoeren en typ daar: Combofix /u

                Mochten er verder weer problemen voordoen, stuur mij dan een PM, dan heropen ik dit topic. Voor zover zet ik de status van dit topic op opgelost.
                Groet,
                Pimmerd

                Comment


                • #9
                  Hallo Pimmerd,
                  Bedankt voor je hulp.

                  Groeten

                  SImon

                  Comment


                  • #10
                    Graag gedaan
                    Groet,
                    Pimmerd

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X