trojan horse

**rap** · 20 June 2007, 20:15

Dear all,

Sinds vorige week volgend probleem. Telkens als ik op internet ga en vervolgens meerdere schermen open, blokkeerd hij volledig.
De geopende schermen gaan over elkaar heen en geen enkel scherm reageert. Zelfs al gebruik ik mijn taskmanager kan ik geen enkel scherm/program sluiten. Alternatief pc gewoon afzetten.
Heb gescand met G-data, geen resultaat.
Met repair 1 click, 2 problems gevonden en gerepareerd.
Met Spybot, geen resultaat.
Met Pc tools volgende trojan gevonden:
"Trojan .PWS.Tanspy"
Mededeling naar verder onderzoek: Trojan.PWS.Tanspy will install itself on to an infected computer as a Browser Helper Object (BHO). This trojan will then be activated each time an instance of internet Explorer is launced and will attempt to steal passwords.
Also known as: Adware-BHO.dr (McAfee) Spy-Agent.ba Infostealer. Bzup.

Ook opgemerkt dat ik vele trackingcookies heb die ik niet kan verwijderen.

Men verteld mij dat ik gewoon IE7 moet verwijderen, adware laten lopen, daarna G-data en vervolgens terug IE7 installeren. Klopt dit of zijn er andere mogelijkheden? Trojan remover kan ik niet meer gebruiken daar de trialversie al opgebruikt is. Iemand een ideetje?

Thanks voor de moeite.

Grtz

rap

Logfile of HijackThis v1.99.1
Scan saved at 20:08:05, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntiVirusKit 2006\AVKTray\AVKTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\AntiVirusKit 2006\AVKService.exe
C:\Program Files\AntiVirusKit 2006\AVKWCtl.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\HP_Administrator\Mijn documenten\Nieuwe map\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Mozilla Firefox\MegaIEMn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AntiVirusKit 2006\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168370684140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168375315937
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirusKit 2006\AVKService.exe
O23 - Service: AVK-bewaker (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirusKit 2006\AVKWCtl.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Dank bij voorbaat.

Grtz

rap

**rap** · 21 June 2007, 22:25

Dear all,

Iemand al tijd gehad?

Dank bij voorbaat.

Grtz

rap

**jurgenv** · 21 June 2007, 22:29

Onze excuses, uw logje is wss over het hoofd gezien.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**rap** · 22 June 2007, 07:30

Hey JurgenV,

Hier komt ie dan:

ComboFix 07-06-21.3 - C:\Documents and Settings\HP_Administrator\Mijn documenten\ComboFix.exe
"HP_Administrator" - 2007-06-22 7:24:45 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\msxml3a.dll

((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))

2007-06-22 00:29 <DIR> dr-h----- C:\DOCUME~1\HP_ADM~1\Onlangs geopend
2007-06-21 23:04 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-06-21 22:30 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 20:15 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-06-21 20:15 <DIR> d-------- C:\Program Files\Trojan Remover
2007-06-21 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-06-19 21:12 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\RegistrySmart
2007-06-19 20:56 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-06-19 20:56 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WholeSecurity
2007-06-19 20:17 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-28 13:04 <DIR> d-------- C:\Program Files\Nero
2007-05-28 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-05-28 11:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-05-28 10:09 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-05-28 10:00 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Contacts
2007-05-28 09:56 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-05-28 09:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-05-28 09:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-28 09:55 <DIR> d-------- C:\Program Files\MSN Messenger

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-06-17 14:58:15 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-13 18:40:28 -------- d-----w C:\Program Files\Yahoo!
2007-06-12 16:01:47 3,536 ----a-w C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat
2007-06-05 05:34:13 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-05-30 17:57:24 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Ahead
2007-05-28 11:05:32 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-28 07:56:48 -------- d-----w C:\Program Files\Real
2007-05-28 07:16:58 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
2007-05-28 07:16:53 -------- d-----w C:\Program Files\DVDFab Platinum 3
2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 15:54:26 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Alien Skin
2007-05-09 16:50:21 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-02 05:35:45 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus
2007-05-02 05:27:04 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-28 17:42:42 29,704 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-03-25 09:21:15 90,062 ----a-w C:\WINDOWS\system32\perfc013.dat
2007-03-25 09:21:15 505,082 ----a-w C:\WINDOWS\system32\perfh013.dat
2007-03-23 04:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 04:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 18:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2006-11-30 21:10:34 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 03:04]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 21:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-01-31 22:29]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 01:56]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Mozilla Firefox\MegaIEMn.dll [2006-12-11 18:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 08:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 18:56 C:\WINDOWS\RTHDCPL.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 19:59]
"nwiz"="nwiz.exe" [2006-06-20 19:06 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 02:05]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 15:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 23:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-27 20:36]
"AVKTray"="C:\Program Files\AntiVirusKit 2006\AVKTray\AVKTray.exe" [2005-10-05 15:10]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 02:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 15:19]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 16:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-01-31 22:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-31 15:52]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 16:09]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-06-15 17:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-01-27 22:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 06:00]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp

Contents of the 'Scheduled Tasks' folder
2007-06-21 22:16:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-06-08 15:16:56 C:\WINDOWS\tasks\Maintenance en 1 clic.job
2007-06-22 05:23:24 C:\WINDOWS\tasks\MP Scheduled Scan.job
************************************************** ************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 07:25:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-06-22 7:26:09
C:\ComboFix-quarantined-files.txt ... 2007-06-22 07:26
--- E O F ---

Thanks.

Grtz

rap

**jurgenv** · 22 June 2007, 11:58

Ziet er goed uit, hoe wertk alles verder?

**rap** · 22 June 2007, 12:41

Hey JurgenV,

Met combo fix is nu alles in orde?
Zonder iets aan te passen? Vind ik toch strange.

wat met Trojan.PWS.Tanspy will install itself on to an infected computer as a Browser Helper Object (BHO). This trojan will then be activated each time an instance of internet Explorer is launced and will attempt to steal passwords.
Also known as: Adware-BHO.dr (McAfee) Spy-Agent.ba Infostealer. Bzup.

Wat moet ik hiermee?

Deze nacht nog problemen gehad dat opeens al mijn vensters sloten en pc volledig afsloot automatisch.
Over en out. Heb hem opnieuw gestart en wat later probleem met de vensters zoals in het begin van mijn topicje.

Tevens wat met die trackingcookies?

Er moet toch iets zijn wat die vind ik toch niet normaal, vind je niet?

Grtz

rap

**jurgenv** · 22 June 2007, 12:55

Die cookies zin onschadelijk, kan je me even de locatie van de geïnfecteerde bestand(en) posten die PC tools meld?

**rap** · 22 June 2007, 14:56

Hey JuregenV,

Zal trachten die vanavond te posten. Ik zit hier nog op het werk tot 18.00hr.

Zoniet zal het zeker morgen zijn.

Thanks for your time

Grtz

rap

**rap** · 22 June 2007, 22:39

Hey JurgenV,

Het ondenkbare is toch gebeurt.

VOLLEDIGE CRASH. Alles kwijt. Geen herstel mogelijk.
Een groot geluk dat ik in het begin, bij aankoop, herstel op cd heb gezet.

Alles geprobeert en niets lukte. Met 'het herstelcdtje' heb alles opnieuw kunnen installeren, alleen alles ben ik kwijt. Hopelijk ben ik nu verlost van die trojanhorse en al de rest.

Doeme toch, alle foto's,werkjes, muziek, bestanden enz ben ik helaas kwijt. 4 maanden van gegevens.

Zal alvast kunnen herbeginnen met een schone lei.

Grtz

rap

**jurgenv** · 22 June 2007, 22:44

Ok, welke melding kreeg je ofzo voor hij crashtte?

Discussie: trojan horse

Discussietools

Discussie doorzoeken

Weergave

trojan horse

De volgende gebruiker bedankt jurgenv voor deze nuttige post:

reply trojan horse

big problems

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

trojan horse

Trojan Horse

trojan horse

trojan horse

trojan horse

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten