Ga naar inhoud

kan geen software meer installeren

trojan.exe

Door trojan.exe
26 april 2010 in Archief Windows Algemeen

Delen

Aanbevolen berichten

trojan.exe

Groentje

trojan.exe

Geplaatst: 27 april 2010

Auteur

- Delen

Geplaatst: 27 april 2010

bij deze de logbestanden:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Databaseversie: 4041

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

27-4-2010 15:17:44

mbam-log-2010-04-27 (15-17-44).txt

Scantype: Snelle scan

Objecten gescand: 124600

Verstreken tijd: 9 minuut/minuten, 0 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:37:28, on 27-4-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Hyves

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--

End of file - 4894 bytes

Link naar reactie

Delen op andere sites

Grootmeester

kape

Geplaatst: 27 april 2010

- Delen

Geplaatst: 27 april 2010

Dit zier prima uit. Nog even dit als extraatje :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie

Delen op andere sites

trojan.exe

Groentje

trojan.exe

Geplaatst: 27 april 2010

Auteur

- Delen

Geplaatst: 27 april 2010

bij deze weer het logje

ComboFix 10-04-26.04 - MSuser 27-04-2010 17:37:58.1.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.800 [GMT 2:00]

Gestart vanuit: c:\documents and settings\nielzie\Bureaublad\ComboFix.exe

.

ADS - WINDOWS: deleted 0 bytes in 1 streams.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

F:\install.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-27 to 2010-04-27 ))))))))))))))))))))))))))))))

.

2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\documents and settings\MSuser\Application Data\Malwarebytes

2010-04-27 12:00 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-27 12:00 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-26 15:29 . 2008-04-14 20:32 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2010-04-26 15:24 . 2010-04-26 15:24 -------- d-----w- c:\windows\EHome

2010-04-26 13:35 . 2010-04-27 13:38 -------- d-----w- c:\program files\AVI DivX to DVD SVCD VCD Converter

2010-04-26 13:30 . 2010-04-26 13:30 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Badger I.T

2010-04-26 12:10 . 2010-04-26 12:10 -------- d-----w- c:\windows\~nsu.tmp

2010-04-26 07:04 . 2010-04-26 07:04 388096 ----a-r- c:\documents and settings\MSuser\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-04-26 07:04 . 2010-04-26 07:04 -------- d-----w- c:\program files\Trend Micro

2010-04-26 06:27 . 2010-04-26 06:27 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Xenocode

2010-04-26 06:26 . 2010-04-26 06:26 -------- d-----w- c:\program files\BadgerIT

2010-04-25 14:39 . 2010-04-25 14:39 -------- d-----w- c:\program files\microsoft frontpage

2010-04-25 13:12 . 2010-04-25 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus

2010-04-25 13:12 . 2010-04-27 13:38 -------- d-----w- c:\documents and settings\MSuser\Application Data\Azureus

2010-04-25 13:11 . 2010-04-25 13:12 -------- d-----w- c:\program files\Vuze

2010-04-25 13:11 . 2010-04-25 14:44 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Vuze_Remote

2010-04-25 13:11 . 2010-04-25 13:11 -------- d-----w- c:\program files\Vuze_Remote

2010-04-25 13:11 . 2010-04-25 13:11 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Conduit

2010-04-22 19:13 . 2010-04-22 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2010-04-22 19:12 . 2010-04-25 13:06 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-04-21 17:05 . 2010-04-21 17:05 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\LooksBuilder

2010-04-03 10:24 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-27 15:37 . 2004-08-04 12:00 91632 ----a-w- c:\windows\system32\perfc013.dat

2010-04-27 15:37 . 2004-08-04 12:00 511866 ----a-w- c:\windows\system32\perfh013.dat

2010-04-26 15:54 . 2009-11-09 12:28 -------- d-----w- c:\program files\MSN Messenger

2010-04-26 15:35 . 2006-04-03 11:38 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-21 08:50 . 2006-04-09 10:09 37472 -c-ha-w- c:\windows\Fonts\infoview.fon

2010-04-13 21:24 . 2009-11-23 17:51 79488 ----a-w- c:\documents and settings\MSuser\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-04-13 20:44 . 2006-11-04 20:41 -------- d-----w- c:\documents and settings\MSuser\Application Data\U3

2010-03-20 11:35 . 2010-03-20 11:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\TweakNow RegCleaner

2010-03-20 11:19 . 2010-03-20 11:19 45792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-10 06:17 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:20 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 12:09 . 2004-08-04 12:00 2194304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09 . 2004-08-04 00:58 2071168 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:35 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-02-04 16:33 . 2006-04-03 12:45 45792 -c--a-w- c:\documents and settings\MSuser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

------- Sigcheck -------

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2004-08-04 12:00 . 2706E00334C86DD2E5279A47600C916A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave9"=Echo24Wrap.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-03-04 18:19 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"CCALib8"=2 (0x2)

"Bonjour Service"=2 (0x2)

"astcc"=2 (0x2)

"ACDaemon"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"c:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=

"c:\\Program Files\\Secway\\SimpLite-MSN 2.2\\SimpLite-MSN.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12-9-2006 13:18 682232]

S1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [30-11-2001 16:00 103840]

S3 echo24;Gina24 Service;c:\windows\system32\drivers\echo24.sys [21-3-2003 14:07 544384]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CF185561-528F-E669-52CC-A7D98201A809}]

2009-02-13 17:21 102400 -c--a-w- c:\windows\system32\Sys32AoA.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-04-26 c:\windows\Tasks\Install_NSS.job

- c:\program files\Vuze\nssstub.exe [2010-04-25 13:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: 0.0.0.0

Trusted Zone: ziggo.nl\thuishelp

DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKLM-Run-DisplayTrayIcon - (no file)

MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

AddRemove-Titan Poker - c:\windows\Titan Poker setup.exe

AddRemove-TweakNow RegCleaner_is1 - c:\program files\TweakNow RegCleaner\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-04-27 17:43

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(424)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Voltooingstijd: 2010-04-27 17:46:21

ComboFix-quarantined-files.txt 2010-04-27 15:46

Pre-Run: 2.554.019.840 bytes beschikbaar

Post-Run: 3.038.035.968 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - BE53FA15F5194975DED013D9A0765C16

Link naar reactie

Delen op andere sites

Grootmeester

kape

Geplaatst: 28 april 2010

- Delen

Geplaatst: 28 april 2010

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\~nsu.tmp

Folder::

c:\documents and settings\MSuser\Local Settings\Application Data\Conduit

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CF185561-528F-E669-52CC-A7D98201A809}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie

Delen op andere sites

trojan.exe

Groentje

trojan.exe

Geplaatst: 28 april 2010

Auteur

- Delen

Geplaatst: 28 april 2010

top deze hulp zeg!

overigens heb ik geen idee of het relevant is om te zeggen maar ik voer de acties steeds in veilige modus uit omdat in normale modus het vaak niet mogelijk is de software te runnen.

bij deze weer de logjes:

ComboFix 10-04-27.02 - MSuser 28-04-2010 12:44:10.3.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.800 [GMT 2:00]

Gestart vanuit: c:\documents and settings\nielzie\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\nielzie\Bureaublad\CFScript.txt

FILE ::

"c:\windows\~nsu.tmp"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\MSuser\Local Settings\Application Data\Conduit

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-28 to 2010-04-28 ))))))))))))))))))))))))))))))

.

2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\documents and settings\MSuser\Application Data\Malwarebytes

2010-04-27 12:00 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-27 12:00 . 2010-04-27 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-27 12:00 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-26 15:29 . 2008-04-14 20:32 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2010-04-26 15:24 . 2010-04-26 15:24 -------- d-----w- c:\windows\EHome

2010-04-26 13:35 . 2010-04-27 13:38 -------- d-----w- c:\program files\AVI DivX to DVD SVCD VCD Converter

2010-04-26 13:30 . 2010-04-26 13:30 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Badger I.T

2010-04-26 12:10 . 2010-04-26 12:10 -------- d-----w- c:\windows\~nsu.tmp

2010-04-26 07:04 . 2010-04-26 07:04 388096 ----a-r- c:\documents and settings\MSuser\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-04-26 07:04 . 2010-04-26 07:04 -------- d-----w- c:\program files\Trend Micro

2010-04-26 06:27 . 2010-04-26 06:27 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Xenocode

2010-04-26 06:26 . 2010-04-26 06:26 -------- d-----w- c:\program files\BadgerIT

2010-04-25 14:39 . 2010-04-25 14:39 -------- d-----w- c:\program files\microsoft frontpage

2010-04-25 13:12 . 2010-04-25 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus

2010-04-25 13:12 . 2010-04-27 16:15 -------- d-----w- c:\documents and settings\MSuser\Application Data\Azureus

2010-04-25 13:11 . 2010-04-25 13:12 -------- d-----w- c:\program files\Vuze

2010-04-25 13:11 . 2010-04-25 14:44 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\Vuze_Remote

2010-04-25 13:11 . 2010-04-25 13:11 -------- d-----w- c:\program files\Vuze_Remote

2010-04-22 19:13 . 2010-04-22 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2010-04-22 19:12 . 2010-04-25 13:06 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-04-21 17:05 . 2010-04-21 17:05 -------- d-----w- c:\documents and settings\MSuser\Local Settings\Application Data\LooksBuilder

2010-04-03 10:24 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-28 10:45 . 2004-08-04 12:00 511866 ----a-w- c:\windows\system32\perfh013.dat

2010-04-28 10:45 . 2004-08-04 12:00 91632 ----a-w- c:\windows\system32\perfc013.dat

2010-04-26 15:54 . 2009-11-09 12:28 -------- d-----w- c:\program files\MSN Messenger

2010-04-26 15:35 . 2006-04-03 11:38 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-04-21 08:50 . 2006-04-09 10:09 37472 -c-ha-w- c:\windows\Fonts\infoview.fon

2010-04-13 21:24 . 2009-11-23 17:51 79488 ----a-w- c:\documents and settings\MSuser\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-04-13 20:44 . 2006-11-04 20:41 -------- d-----w- c:\documents and settings\MSuser\Application Data\U3

2010-03-20 11:35 . 2010-03-20 11:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\TweakNow RegCleaner

2010-03-20 11:19 . 2010-03-20 11:19 45792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-10 06:17 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:20 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 12:09 . 2004-08-04 12:00 2194304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09 . 2004-08-04 00:58 2071168 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:35 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-02-04 16:33 . 2006-04-03 12:45 45792 -c--a-w- c:\documents and settings\MSuser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

------- Sigcheck -------

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll

[-] 2005-01-28 11:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2004-08-04 12:00 . 2706E00334C86DD2E5279A47600C916A . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-04-27_15.43.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 12:00 . 2008-04-14 20:32 90112 c:\windows\system32\wshext.dll

+ 2004-08-04 12:00 . 2008-05-09 10:56 90112 c:\windows\system32\wshext.dll

+ 2004-08-04 12:00 . 2010-04-28 10:45 71904 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2010-04-27 15:37 71904 c:\windows\system32\perfc009.dat

+ 2008-05-09 10:56 . 2008-05-09 10:56 90112 c:\windows\system32\dllcache\wshext.dll

+ 2004-08-04 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe

- 2004-08-04 12:00 . 2008-04-14 20:33 155648 c:\windows\system32\wscript.exe

+ 2004-08-04 12:00 . 2008-05-09 10:56 172032 c:\windows\system32\scrrun.dll

- 2004-08-04 12:00 . 2008-04-14 20:32 172032 c:\windows\system32\scrrun.dll

- 2004-08-04 12:00 . 2008-04-14 20:32 180224 c:\windows\system32\scrobj.dll

+ 2004-08-04 12:00 . 2008-05-09 10:56 180224 c:\windows\system32\scrobj.dll

+ 2004-08-04 12:00 . 2010-04-28 10:45 444028 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2010-04-27 15:37 444028 c:\windows\system32\perfh009.dat

+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe

+ 2008-05-09 10:56 . 2008-05-09 10:56 172032 c:\windows\system32\dllcache\scrrun.dll

+ 2008-05-09 10:56 . 2008-05-09 10:56 180224 c:\windows\system32\dllcache\scrobj.dll

+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe

+ 2004-08-04 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe

+ 2006-04-03 11:35 . 2009-06-10 07:22 2066432 c:\windows\system32\mstscax.dll

+ 2006-04-03 11:35 . 2009-06-10 07:22 2066432 c:\windows\system32\dllcache\mstscax.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave9"=Echo24Wrap.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-03-04 18:19 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"CCALib8"=2 (0x2)

"Bonjour Service"=2 (0x2)

"astcc"=2 (0x2)

"ACDaemon"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"c:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=

"c:\\Program Files\\Secway\\SimpLite-MSN 2.2\\SimpLite-MSN.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12-9-2006 13:18 682232]

S1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [30-11-2001 16:00 103840]

S3 echo24;Gina24 Service;c:\windows\system32\drivers\echo24.sys [21-3-2003 14:07 544384]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: 0.0.0.0

Trusted Zone: ziggo.nl\thuishelp

DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-04-28 12:51

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(428)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Voltooingstijd: 2010-04-28 12:54:06

ComboFix-quarantined-files.txt 2010-04-28 10:53

ComboFix2.txt 2010-04-27 16:00

ComboFix3.txt 2010-04-27 15:46

Pre-Run: 2.840.088.576 bytes beschikbaar

Post-Run: 2.949.722.112 bytes beschikbaar

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - CB947C4A1EC60148F83A85029A57371B

---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:58:59, on 28-4-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--

End of file - 4255 bytes

Link naar reactie

Delen op andere sites

Grootmeester

kweezie wabbit

Geplaatst: 28 april 2010

- Delen

Geplaatst: 28 april 2010

Ondertussen is er al een heleboel rotzooi opgeruimd hoor. Misschien lukt het nu wel in normale modus.

Probeer eens om een HJT log te maken in normale modus.

Link naar reactie

Delen op andere sites

trojan.exe

Groentje

trojan.exe

Geplaatst: 28 april 2010

Auteur

- Delen

Geplaatst: 28 april 2010

HJT lukt steeds wel maar als ik op bijv combofix.exe druk krijg ik weer dezelfde foutmelding. ook veel andere programma's doen het nog steeds niet

Link naar reactie

Delen op andere sites

Grootmeester

kweezie wabbit

Geplaatst: 28 april 2010

- Delen

Geplaatst: 28 april 2010

Plaats het HJT log dat je in normale modus gemaakt hebt. Misschien kunnen we daar uithalen waarom de rest (nog) niet gaat.

Link naar reactie

Delen op andere sites

trojan.exe

Groentje

trojan.exe

Geplaatst: 28 april 2010

Auteur

- Delen

Geplaatst: 28 april 2010

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:14:53, on 28-4-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--

End of file - 4547 bytes

Link naar reactie

Delen op andere sites

2 maanden later...

Grootmeester

kweezie wabbit

Geplaatst: 10 juli 2010

- Delen

Geplaatst: 10 juli 2010

Sorry maar ik was deze uit het oog verloren

In dit logje zitten geen fouten maar we zijn ondertussen al een tijdje verder.

Heb je nog problemen, plaats dan een nieuw logje; anders mag je het onderwerp afsluiten met de knop "opgelost"

Link naar reactie

Delen op andere sites

Delen

Ga naar topic overzicht

Welkom op PC Helpforum
- 0
  
  Vriendelijk verzoek: whitelist www.pc-helpforum.be in je adblocker.
  
  Sarah · 4 september 2017
- 0
  
  Hoe vind ik mijn geplaatste berichten terug?
  
  Sarah · 9 december 2014
- 1
  
  Hoe stel ik mijn vraag ?
  
  Sarah · 29 mei 2014
- 0
  
  Hoe post ik een antwoord?
  
  Sarah · 31 mei 2014
Leden statistieken
- Aantal leden
  
  40.806
- Meeste online
  
  1.765
  15 januari 2020
Nieuwste lid
nvra
Registratiedatum dinsdag om 11:59

×

×

Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.