Goedeavond,
op de pc van mijn dochter is er de avast virusscanner.
Deze geeft steeds de melding dat er een trojaan gevonden is
met de benaming
C:/Windows/system32/totour.exe
Ik heb gescand met trojan hunter en de cleaner maar kan niet verwijderd worden.Avast zegt steeds te verplaatsen naar de kluis ,maar het komt telkens terug.
Is het mogelijk hier even naar te kijken en mij wat info terug te geven.
In ieder geval thanx.
Zie hier mijn log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:09, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Audio Device Manager] winfp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zandalieke.spaces.msn.com//Ph...d/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9157 bytes
Weergegeven resultaten: 1 t/m 10 van 19
Discussie: trojaan
-
12 October 2007, 20:29 #1Gevorderd
- Geregistreerd
- 2 June 2005
- Locatie
- omg scherpenheuvel
- Berichten
- 106
- Bedankjes
- 6
- Bedankt
- 1 keer in 1 post
trojaan
-
13 October 2007, 11:57 #2Geband
- Geregistreerd
- 24 December 2006
- Locatie
- Groningen, Nederland
- Berichten
- 403
- Bedankjes
- 15
- Bedankt
- 97 keer in 89 posts
Hallo,
Ik zal je logje nakijken en zo snel mogelijk een fix plaatsen
Eventjes geduld aub.
- Daniël
-
De volgende gebruiker bedankt BendeBoy voor deze nuttige post:
joske1 (13 October 2007)
-
13 October 2007, 18:25 #3Geband
- Geregistreerd
- 24 December 2006
- Locatie
- Groningen, Nederland
- Berichten
- 403
- Bedankjes
- 15
- Bedankt
- 97 keer in 89 posts
Hallo Joske1,
Download hier MSNFix by BendeBoy
En sla het op je bureaublad op en pak het vervolgens uit naar een eigen map.
Sla eerst al uw documenten en werkjes etc. op omdat er een kans is dat de Tool de PC spontaan laat heropstarten. Dit is normaal als een bestand zich hardnekkig heeft vast gezet.
Open de map van MSNFix en dubbelklik MSNFix.cmd.
Het bestand gaat zijn taken uitvoeren, je hoeft ondertussen niets te doen. Zodra het klaar is en eventueel na herstart zal het een rapport openen (MSNFix.txt). Post deze in je volgende reactie met een nieuw logje van HijackThis ter controle.
- Daniël
-
14 October 2007, 12:55 #4Gevorderd
- Geregistreerd
- 2 June 2005
- Locatie
- omg scherpenheuvel
- Berichten
- 106
- Bedankjes
- 6
- Bedankt
- 1 keer in 1 post
Zie hier het msn fix rapport
---------- BENDEBOYS MSNFIX RAPORT ----------
- Version: 3.5.0.13 - Last Update: 02/10/07
- Scan performed on: zo 14/10/2007 - 12:51:40,98 By xp
- Bootmode: Normal Mode
((((((((((((((( CREATED FILES LAST MONTH )))))))))))))))
2007-10-07 -14:27:14 - A.... "C:\WINDOWS\system32\imon.dll"
2007-09-24 -22:30:28 - A.... "C:\WINDOWS\system32\java.exe"
2007-09-24 -22:30:30 - A.... "C:\WINDOWS\system32\javaw.exe"
2007-09-24 -23:31:42 - A.... "C:\WINDOWS\system32\javaws.exe"
2007-09-28 - 7:19:40 - A.... "C:\WINDOWS\system32\MRT.exe"
2007-10-11 -19:27:04 - ....R "C:\WINDOWS\system32\streamhlp.dll"
2007-09-23 -22:03:32 - A.... "C:\WINDOWS\system32\xtbaksm.dll"
((((((((((((((( FOUND FILES )))))))))))))))
»»» Nothing Found.
»»» HOSTS-file has been cleaned.
((((((((((((((( ShellServiceObjectDelayLoad )))))))))))))))
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
---------- END OF LOG ----------
-
14 October 2007, 13:00 #5Gevorderd
- Geregistreerd
- 2 June 2005
- Locatie
- omg scherpenheuvel
- Berichten
- 106
- Bedankjes
- 6
- Bedankt
- 1 keer in 1 post
Zie hier mijn logje.
trojaan zit er nog steeds,juist in kluis gezet,maar komt telkens terug.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:20, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zandalieke.spaces.msn.com//Ph...d/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9059 bytes
-
14 October 2007, 22:50 #6Geband
- Geregistreerd
- 24 December 2006
- Locatie
- Groningen, Nederland
- Berichten
- 403
- Bedankjes
- 15
- Bedankt
- 97 keer in 89 posts
Ik zie dat je gebruik maak van HitmanPro, ben je er ook van bewust dat HitmanPro een anti-virusscanner (NOD32) installeert? Je maakt al gebruik van een anti-virus, daarom raad ik je aan deze via HitmanPro uit te schakelen. Twee scanners werken elkaar tegen.
Persoonlijk ben ik niet zo'n voorstander van HitmanPro en raadt ik aan deze helemaal te verwijderen.
Maar die keuze is aan jezelf
Mag ik eens een logje van ComboFix zien?
Download Combofix en sla het op je bureaublad op.
Open Combofix.exe en volg de instructies, aanvaard de disclaimer door '1' te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Het is mogelijk dat de PC zichzelf automatisch opnieuw opstart. Wanneer de fix is gedaan en na mogelijk herstart zal een log (combofix.txt) openen. Plaats de inhoud van dit bericht in je volgende reactie samen met een nieuw logje van HijackThis.
- Daniël
-
15 October 2007, 17:28 #7Gevorderd
- Geregistreerd
- 2 June 2005
- Locatie
- omg scherpenheuvel
- Berichten
- 106
- Bedankjes
- 6
- Bedankt
- 1 keer in 1 post
Ik heb eerst hitman pro verwijderd van de pc
zie hier het logje van combo fix
ComboFix 07-10-12.4 - xp 2007-10-15 17:18:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.93 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\xp\Local Settings\Temporary Internet Files\Content.IE5\OEGBRQM5\ComboFix[1].exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\winupdates
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\8_exception.nls
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FWDRV.SYS
-------\LEGACY_RUNTIME
-------\fwdrv.sys
-------\qqd.sys
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))
.
2007-10-15 17:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 12:51 <DIR> d-------- C:\BendeBoy
2007-10-14 12:51 32 --a------ C:\BendeBoy.del.bat
2007-10-12 20:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 19:28 <DIR> d-------- C:\Documents and Settings\xp\Application Data\TrojanHunter
2007-10-11 19:26 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 Build 950 [first person]
2007-10-11 19:26 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-10 18:53 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2007-10-10 18:52 <DIR> d-------- C:\Program Files\The Cleaner Free
2007-10-10 12:35 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-10-10 12:32 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 20:14 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-07 20:14 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-07 14:41 164 --a------ C:\install.dat
2007-10-07 14:40 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-07 14:40 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-07 14:40 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-07 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-09-26 18:55 18,052 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-09-26 18:54 <DIR> d-------- C:\Program Files\Picasa2
2007-09-23 22:05 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-23 22:04 <DIR> d-------- C:\Program Files\IObit
2007-09-23 22:03 <DIR> d-------- C:\WINDOWS\system32\xtupdate
2007-09-23 22:03 221,184 --a------ C:\WINDOWS\system32\xtbaksm.dll
2007-09-23 22:03 221,184 --a------ C:\WINDOWS\system32\xtbaksm.dat
2007-09-23 22:01 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-09-23 22:01 41 -rah----- C:\WINDOWS\system32\bn.dll
2007-09-23 14:26 <DIR> d-------- C:\WINDOWS\system32\nl-nl
2007-09-23 14:21 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-09-23 09:42 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-22 08:06 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-09-22 08:06 <DIR> d-------- C:\Program Files\MSECACHE
2007-09-21 22:21 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-21 22:21 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-21 22:21 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-21 22:21 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-21 22:21 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-21 22:21 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-21 22:21 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-21 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-21 22:09 <DIR> dr-h----- C:\Documents and Settings\xp\Onlangs geopend
2007-09-19 12:32 <DIR> d-------- C:\Documents and Settings\xp\Application Data\Registry Booster
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-15 15:15 --------- d-----w C:\Program Files\Hitman Pro
2007-10-15 15:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-15 15:13 --------- d-----w C:\Program Files\Lavasoft
2007-10-15 15:13 --------- d-----w C:\Documents and Settings\xp\Application Data\Lavasoft
2007-10-08 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-07 12:16 --------- d-----w C:\Program Files\Java
2007-09-07 14:34 --------- d-----w C:\Program Files\Infogrames
2006-03-13 18:12 1,247,306 ----a-w C:\Program Files\wrar342nl.exe
2006-03-13 17:36 1,059,939 ----a-w C:\Program Files\GrandTheftAutoViceCityv1.0NoCDFixedexeEng.ra r
2006-01-05 17:43 291,814 ----a-w C:\Program Files\wmffix_hexblog14.exe
2003-06-20 11:52 13,834 ----a-w C:\Program Files\ReadMe.txt
2003-06-19 11:35 231,985,152 ----a-w C:\Program Files\assets_p.dat
2003-05-27 15:13 545,269,760 ----a-w C:\Program Files\streams_pc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2006-01-12 17:40]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 10:03 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-01-29 10:45 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 10:03 C:\WINDOWS\system32\rundll32.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb09.exe" [2003-09-01 13:42]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-14 14:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-09-06 12:06]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-10-11 19:28]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2004-09-10 16:32:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Translator]
C:\Program Files\Babylon\Babylon.exe
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\vias raid.sys
R2 ROB_A;Pinnacle WDM PCTV Audio Capture;C:\WINDOWS\system32\DRIVERS\rob_a.sys
R2 ROB_V;Pinnacle WDM PCTV Video Capture;C:\WINDOWS\system32\drivers\rob_v.sys
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvb i.sys
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.s ys
*Newly Created Service* - HTTPFILTER
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-14 10:03:58 C:\WINDOWS\Tasks\TrojanHunter LiveUpdate.job"
.
************************************************** ************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 17:24:27
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-10-15 17:25:35 - machine was rebooted
-
15 October 2007, 17:31 #8Gevorderd
- Geregistreerd
- 2 June 2005
- Locatie
- omg scherpenheuvel
- Berichten
- 106
- Bedankjes
- 6
- Bedankt
- 1 keer in 1 post
Zie hier het hjack logje.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:01, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zandalieke.spaces.msn.com//Ph...d/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8611 bytes
-
17 October 2007, 13:16 #9Geband
- Geregistreerd
- 24 December 2006
- Locatie
- Groningen, Nederland
- Berichten
- 403
- Bedankjes
- 15
- Bedankt
- 97 keer in 89 posts
Ik zie nog steeds onderdelen van HitmanPro aanwezig, heb je wel alle onderdelen ook verwijderd? En ComboFix is gestart vanuit een Tijdelijke map, volg de onderstaande instructies en plaats deze keer ComboFix op je bureaublad
Ga eerst naar Start -> Configuratiescherm -> Software
Verwijder/De-installeer hier (indien aanwezig): The Cleaner Free
Download Combofix en sla deze op je bureaublad op.
Open vervolgens een nieuw kladblok bestand.
Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
Sla het vervolgens op je bureaublad op als CFScript.txt.
Folder::
C:\Program Files\The Cleaner Free
Driver::
qqd.sys
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.
Vermeld ook hoe de problemen ervoor staan
- Daniël
-
28 October 2007, 18:00 #10Gevorderd
- Geregistreerd
- 2 June 2005
- Locatie
- omg scherpenheuvel
- Berichten
- 106
- Bedankjes
- 6
- Bedankt
- 1 keer in 1 post
ComboFix 07-10-28.2 - xp 2007-10-28 16:52:09.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.186 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\xp\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\xp\Bureaublad\CFScript.txt..lnk
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))
.
2007-10-17 17:39 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-10-17 17:38 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-15 16:58 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-15 16:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 11:51 <DIR> d-------- C:\BendeBoy
2007-10-14 11:51 32 --a------ C:\BendeBoy.del.bat
2007-10-12 19:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 18:28 <DIR> d-------- C:\Documents and Settings\xp\Application Data\TrojanHunter
2007-10-11 18:26 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 Build 950 [first person]
2007-10-11 18:26 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-10 17:53 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2007-10-10 17:52 <DIR> d-------- C:\Program Files\The Cleaner Free
2007-10-10 11:35 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-10-10 11:32 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 19:14 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-07 19:14 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-07 13:41 164 --a------ C:\install.dat
2007-10-07 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-25 16:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 16:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 16:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 16:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 15:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 15:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-25 15:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-10-17 19:29 --------- d-----w C:\Program Files\Macrogaming
2007-10-15 15:15 --------- d-----w C:\Program Files\Hitman Pro
2007-10-15 15:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-15 15:13 --------- d-----w C:\Program Files\Lavasoft
2007-10-15 15:13 --------- d-----w C:\Documents and Settings\xp\Application Data\Lavasoft
2007-10-08 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-07 18:15 --------- d-----w C:\Program Files\Picasa2
2007-10-07 12:16 --------- d-----w C:\Program Files\Java
2007-09-23 20:05 --------- d-----w C:\Program Files\MSN Messenger
2007-09-23 20:04 --------- d-----w C:\Program Files\IObit
2007-09-23 20:03 221,184 ----a-w C:\WINDOWS\system32\xtbaksm.dll
2007-09-22 06:06 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-09-22 06:06 --------- d-----w C:\Program Files\MSECACHE
2007-09-21 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-19 10:39 --------- d-----w C:\Documents and Settings\xp\Application Data\Registry Booster
2007-09-12 10:18 244,448 ----a-w C:\WINDOWS\system32\16f3f9d8.sys
2007-09-12 05:43 244,448 ----a-w C:\WINDOWS\system32\64e43149.sys
2007-09-11 19:59 244,448 ----a-w C:\WINDOWS\system32\b12c84e6.sys
2007-09-11 19:20 244,448 ----a-w C:\WINDOWS\system32\1c24599b.sys
2007-09-11 19:20 2,277,098 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2007-09-11 19:20 2,154,346 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2007-09-07 14:34 --------- d-----w C:\Program Files\Infogrames
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2006-03-13 18:12 1,247,306 ----a-w C:\Program Files\wrar342nl.exe
2006-03-13 17:36 1,059,939 ----a-w C:\Program Files\GrandTheftAutoViceCityv1.0NoCDFixedexeEng.ra r
2006-01-05 17:43 291,814 ----a-w C:\Program Files\wmffix_hexblog14.exe
2003-07-31 09:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
2003-06-20 11:52 13,834 ----a-w C:\Program Files\ReadMe.txt
2003-06-19 11:35 231,985,152 ----a-w C:\Program Files\assets_p.dat
2003-05-27 15:13 545,269,760 ----a-w C:\Program Files\streams_pc.dat
.
((((((((((((((((((((((((((((( snapshot@2007-10-15_17.25.02.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-28 07:06:08 135,168 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-26 08:51:17 136,192 ----a-w C:\WINDOWS\catchme.exe
- 2007-10-07 12:51:46 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 15:02:53 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-07 12:51:46 53,418 ----a-w C:\WINDOWS\system32\perfc013.dat
+ 2007-10-28 15:02:53 53,418 ----a-w C:\WINDOWS\system32\perfc013.dat
- 2007-10-07 12:51:46 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 15:02:53 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-07 12:51:46 364,330 ----a-w C:\WINDOWS\system32\perfh013.dat
+ 2007-10-28 15:02:53 364,330 ----a-w C:\WINDOWS\system32\perfh013.dat
- 2007-10-05 08:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-10-28 15:18:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2006-01-12 16:40]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-01-29 09:45 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 09:03 C:\WINDOWS\system32\rundll32.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86 \3\hpztsb09.exe" [2003-09-01 12:42]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-14 13:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-10-25 16:20]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-10-11 18:28]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-10-17 18:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2004-09-10 15:32:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Translator]
C:\Program Files\Babylon\Babylon.exe
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\vias raid.sys
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvb i.sys
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.s ys
.
Inhoud van de 'Gedeelde Taken' map
"2007-10-28 15:01:13 C:\WINDOWS\Tasks\TrojanHunter LiveUpdate.job"
.
************************************************** ************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 16:53:21
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
Voltooingstijd: 2007-10-28 16:54:06
C:\ComboFix2.txt ... 2007-10-28 16:41
C:\ComboFix3.txt ... 2007-10-28 16:30
.
--- E O F ---
Met citaat reagerenDiscussie informatie
Users Browsing this Thread
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Soortgelijke discussies
-
trojaan heeft verschillende namen
Door parasiet in forum MalwareReacties: 0Laatste bericht: 4 February 2007, 10:06 -
last van trojaan...
Door PorkyFrost in forum HijackThisReacties: 34Laatste bericht: 24 June 2006, 17:32
Regels voor berichten
- Copyright © 2004 - 2019, Minatica.be
-
Powered by vBulletin®, versie 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. - Design door Gert Bangels
Favorieten/bladwijzers