Speciale digitale inbraken

[coldis]

Een tijdje geleden kreeg ik toch een 6-tal nogal plotse en brutale inbraken op deze pc en ik kreeg er telkens ook een of andere onbeschaamde afbeelding van een of andere kerel(s) en later ook 2x heuse online inbraken van anderen erbij en met de daders hun 'tronies' incluis, dus beetje net als Skypen (...).

Ik was dus overduidelijk gehackt, alhoewel ik toch een goeie professionele beveiliging dacht te hebben. Ik begrijp maar niet dat die beveiliging zomaar geneutralizeerd en omzeild kan of kon worden.

Alhoewel deze pc op eerste zicht goed en snel werkt is er toch een blijkbaar steeds terugkerend beveiligingsprobleem. Het euvel is nog altijd niet opgelost ook na diverse gespecialiseerde en routinescans en zit dus diep verborgen.

Vandaag kreeg ik net voor een update van het BIOS gevraagd door HP Assistant (nogmaals) deze ernstige waarschuwing:
'HPBIOSSUPDREC - Zorg er per direct voor dat de firmware wordt bijgewerkt en/of de risicobeperkingen worden genomen.
Ga naar http://www.hp.com/go/intelmanageabilityissue voor meer info'.

Deze pc is een HP Probook 450 i5-6200U 15.6 en staat eigenlijk niet als dusdanig op die vermelde lijst maar de gewone Probook's 450 G0, -450 G1, -450 G2, -450 G3 en -450 G4 staan er wel op met de melding 'not affected'
zie https://www8.hp.com/us/en/intelmanageabilityissue.html
Intel Manageability

Hieronder nog het Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:39:57, on 21/09/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19463)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Users\Kangor73\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 8\ashsnap.exe
C:\Users\Kangor73\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
I:\Diverse Software\Hijackthis\HijackThis2_0_0_4.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - (no file)
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\Kangor73\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 8\ashsnap.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - https://catalog.update.microsoft.com/v7/...2787972242
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard backup service (BsBackup) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBackup.exe
O23 - Service: BullGuard on-access service (BsFileScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe
O23 - Service: BullGuard Helper Service (BsHelper) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardHelper.exe
O23 - Service: BullGuard e-mail monitoring service (BsMailProxy) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe
O23 - Service: BullGuard Main Service (BsMain) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe
O23 - Service: BullGuard firewall service (BsNet) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard Sentry Engine (BsSentry) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxMonSvc - Conexant Systems, Inc - C:\Windows\CxSvc\CxMonSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Windows\CxSvc\CxUtilSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel® TPM Provisioning Service - Intel® Corporation - C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14022 bytes

En hier nog een recent Rkill log
Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2019 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2019 10:22:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

0.0.0.0 incoming.telemetry.mozilla.org

Program finished at: 08/21/2019 10:24:09 PM
Execution time: 0 hours(s), 1 minute(s), and 51 seconds(s)

Ook De standaard scan met Malwarebytes geeft geen fouten of opmerkingen.

Alles lijkt dus ok maar waar zit die toch evidente hackersfout of beveiligingsmanco dan wel? De enige opmerkling is die waarschuwing van HP zelf.
En laten die 'specialisten' hackers annex inbrekers dan helemaal geen sporen na?

[miekiemoes]

Hoi,

Het gebeurt vaak, wanneer je naar bepaalde websites gaat, dat je een gevoel krijgt dat je gehacked bent. Dit is welliswaar fake en enkel om schrik aan te jagen.
Ik zie niets verkeerds in je log. Die melding van HP is legitiem, dus niets om je zorgen over te maken.

Kan je meer info geven ivm die "hacker"?

[coldis]

(22-09-2019 01:29)miekiemoes schreef:  Hoi,

Het gebeurt vaak, wanneer je naar bepaalde websites gaat, dat je een gevoel krijgt dat je gehacked bent. Dit is welliswaar fake en enkel om schrik aan te jagen.
Ik zie niets verkeerds in je log. Die melding van HP is legitiem, dus niets om je zorgen over te maken.

Kan je meer info geven ivm die "hacker"?

Dag miekiemoes,
Dank voor de snelle respons.
We hebben vroeger ook al een paar keer contact gehad i.v.m. computer- en internetproblemen.
Wel, ik was gewoon aan het surfen toen die bruuske en onaangekondigde speciale soort 'digitale inbraken' gebeurden en die waren zeker niet fake en toch beetje intimiderend.
Ik denk dat ik het euvel nu misschien gevonden heb: mijn Skype stond namelijk niet op mijn voorkeurinstelinngen.
Bij Oproep Instellingen (Skype) zet ik normaliter altijd: Alleen Skype oproepen van mijn contacten toestaan om over te gaan op dit apparaat en dat stond dus niet meer AAN maar UIT. En zo kon elke wildvreemde mij oproepen via Skype als ze mijn Skypenaam of ook mobiel telefoonnummer hadden.
•Over die melding van HP: deze laptop is dus een HP Notebook ProBook 450 G3 en inderdaad: 'unaffected' volgens hun lijst