mooos

ComboFix 10-11-16.05 - Administrator 17-11-2010 11:25:05.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.3326.2908 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Mijn documenten\Downloads\ComboFix.exe FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66} . (((((((((((((((((((( Bestanden Gemaakt van 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))) . 2010-11-17 10:18 . 2010-11-17 10:18 -------- d-----w- c:\program files\Microsoft Silverlight 2010-11-17 09:21 . 2010-11-17 09:21 -------- d-----w- c:\program files\Common Files\Alias Shared 2010-11-17 09:21 . 2010-11-17 09:21 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-11-17 09:20 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2010-11-17 09:20 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-11-17 09:14 . 2010-11-17 09:15 -------- d-----w- c:\program files\After Effects 5.0 2010-11-17 08:30 . 2010-11-17 08:35 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-11-17 08:28 . 2010-11-17 08:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-11-16 19:57 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe 2010-11-16 19:57 . 2010-11-17 08:29 -------- d--h--w- c:\windows\$hf_mig$ 2010-11-16 15:57 . 2010-11-16 15:57 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-16 15:57 . 2010-11-16 15:57 -------- d-----w- c:\program files\Trend Micro 2010-11-16 15:42 . 2010-11-16 15:42 -------- d-----w- C:\$AVG 2010-11-16 15:23 . 2010-11-16 15:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple 2010-11-16 15:23 . 2010-11-16 15:23 -------- d-----w- c:\program files\Apple Software Update 2010-11-16 15:23 . 2010-11-16 15:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2010-11-16 15:23 . 2010-09-28 14:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-11-16 15:23 . 2010-09-28 14:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-11-16 15:23 . 2010-11-16 15:23 -------- d-----w- c:\program files\Bonjour 2010-11-16 15:23 . 2010-11-16 15:24 -------- d-----w- c:\program files\Common Files\Apple 2010-11-16 15:23 . 2010-11-16 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-11-16 15:23 . 2010-11-16 15:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2010-11-16 15:17 . 2001-09-06 20:27 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-11-16 15:17 . 2004-08-04 00:03 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-11-16 15:17 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-11-16 15:17 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-11-16 15:15 . 2010-11-16 15:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10 2010-11-16 15:14 . 2010-11-16 15:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-11-16 15:14 . 2010-11-17 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2010-11-16 15:12 . 2010-11-16 15:12 -------- d-----w- c:\program files\AVG 2010-11-16 15:07 . 2010-11-16 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2010-11-16 15:04 . 2010-11-16 15:04 -------- d-s---w- c:\documents and settings\Administrator\UserData . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" [2006-10-03 711272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-30 8523776] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [15-7-2010 11:18 4408616] R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [15-7-2010 11:18 112936] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [15-7-2010 11:18 15656] . Inhoud van de 'Gedeelde Taken' map 2010-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ysk2z4no.default\ FF - prefs.js: network.proxy.type - 0 ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-nwiz - nwiz.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-17 11:26 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(1440) c:\windows\system32\msi.dll . Voltooingstijd: 2010-11-17 11:27:12 ComboFix-quarantined-files.txt 2010-11-17 10:27 Pre-Run: 118.184.824.832 bytes beschikbaar Post-Run: 121.031.233.536 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - AC2DD4804F0D972898C3950EE0340D9A

probeerde ComboFix te downloaden maar kreeg een melding van avg terwijl ik in resident shield actief had uitgezet "Malware";"Malware.gen";"C:\32788R22FWJFW\CMD.CFXXE";"N/A";"17-11-2010, 9:50:52" "Malware";"Malware.gen";"C:\32788R22FWJFW\CMD.CFXXE";"N/A";"17-11-2010, 9:45:47" moet ik deze melding negeren en doorgaan met installatie?

ja met avg internet security.Heb ze verwijderd en hersteld. C:\Documents and Settings\Administrator\Bureaublad\Adobe Suite Portable.exe:\AutoPlay\Docs\Adobe InDesign CS3 - Portable.rar:\Adobe InDesign CS3 - Portable\InDesign.exe";"Trojaans paard Agent2.QQJ";"Object is niet toegankelijk." "";"C:\Documents and Settings\Administrator\Bureaublad\Adobe Suite Portable.exe:\AutoPlay\Docs\Adobe InDesign CS3 - Portable.rar";"Trojaans paard Agent2.QQJ";"Object is niet toegankelijk." "";"C:\Documents and Settings\Administrator\Bureaublad\Adobe Suite Portable.exe";"Trojaans paard Agent2.QQJ";"Object is niet toegankelijk." toen ik daarna photoshop opende kreeg ik opnieuw een melding: "16-11-2010, 17:30:10";"NT AUTHORITY\SYSTEM";"IDP";"Proces SVCHOST.EXE is gedetecteerd." heb dit in quarantaine gezet en verwijderd. Maar ben bang dat er nog wat 'rondsluimerd'.

hallo ik ben bang dat ik een trojaan op mijn computer heb.Kan iemand mij daar bij helpen?groeten mooos Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:59:42, on 16-11-2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WTouch\WTouchService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG10\avgfws.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgam.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\WTouch\WTouchUser.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files\AVG\AVG10\avgui.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe C:\Program Files\AVG\AVG10\avgscanx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe -- End of file - 5696 bytes