Vraag & Antwoord

Beveiliging & privacy

cp1041.NLS

8 antwoorden
  • Beste, Ik sukkel al een tijdje met PC problemen. Aangezien ik geen computertechneut ben, ben ik er nu pas achtergekomen dat ik besmet ben met een virus/malware die "Win32:Trojan-gen. {other}" noemt. Deze heeft ook een bestandje "cp1041.nls" onder mijn root c:\ geplaatst. Als gevolg van de besmetting kan ik geen nieuwe programma's meer installeren en reboot mijn PC willekeurig... Is er iemand die al gelijkaardige problemen ondervond en mij eventueel kan helpen om dit op te lossen? Wanneer ik cp1041.nls gewoon verwijder, geeft mijn PC geen teken van leven meer... Alvast bedankt op voorhand Stijn styndedecker@hotmail.com
  • Plaats even een Hijackthis logje, dan zullen we eens kijken: http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=115358 succes! Pim
  • Thx voor je snelly reply Pim! Hieronder de HijackThis log (sounds like Chinese) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20:33, on 18/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nslsvice.exe C:\WINDOWS\system32\nsl.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\Dit.exe C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe C:\Program Files\PDF Printer\vspdfprsrv.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\WINDOWS\vsnpstd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\Telenet EasyCare\bin\mpbtn.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\PDF Printer\vspdfprsrv.exe --background O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\Stijn\Local Settings\Temporary Internet Files\Content.IE5\CXMV052F\RemoveWGA.exe -startup O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://secure.pwc.be/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab,DanaInfo=be-citrix10+ O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133989010109 O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://vpn.ontexinternational.com/termservices/msrdp.cab,DanaInfo=homer+ O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://secure.pwc.be/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5029/mcfscan.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8651 bytes
  • 1. Start Hijackthis, kies voor [i:29bd693cf4]'Do a system scan only'[/i:29bd693cf4] en vink onderstaande regels aan: [b:29bd693cf4] R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\Stijn\Local Settings\Temporary Internet Files\Content.IE5\CXMV052F\RemoveWGA.exe -startup [/b:29bd693cf4] Sluit nu [u:29bd693cf4]alle[/u:29bd693cf4] openstaande vensters, behalve Hijackthis en klik op [b:29bd693cf4]Fix Checked[/b:29bd693cf4]. 2. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:29bd693cf4]bureaublad[/b:29bd693cf4] Dubbelklik op [u:29bd693cf4]combofix.exe[/u:29bd693cf4] Volg de instructies, aanvaard de disclaimer door y of Y te typen. Tijdens het runnen van de fix, [b:29bd693cf4]NIET[/b:29bd693cf4] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:29bd693cf4]combofix.txt[/b:29bd693cf4] openen. Bewaar dit logje. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Plaats in je volgende antwoord het logje van combofix ([i:29bd693cf4]combofix.txt[/i:29bd693cf4]) tesamen met een vers Hijackthis log. Succes! Pim
  • hi Pim, Hieronder een kopie van het ComboFix log en het Hijackthis log. Alvast bedankt voor je moeite en tijd!!! mvg, Stijn ComboFix 07-08-14.4 - "Stijn" 2007-08-18 18:49:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.216 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) [color=blue:038b2626ba]Infected copy of C:\WINDOWS\system32\drivers\ndis.sys was found & disinfected C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\winsub.xml Restored copy from - c:\WINDOWS\ServicePackFiles\i386\ndis.sys[/color:038b2626ba] ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NTLDR.SYS -------\ntldr.sys ((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 ))))))))))))))))))))))))))))))) 2007-08-18 18:48 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-17 16:44 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2007-08-17 16:44 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-08-17 16:44 54,272 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-08-17 16:44 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-08-17 16:44 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-08-17 16:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-08-17 16:43 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll 2007-08-17 16:43 53,248 --a------ C:\WINDOWS\amcap.exe 2007-08-17 16:43 40,960 --a------ C:\WINDOWS\vsnpstd2.exe 2007-08-17 16:42 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll 2007-08-17 16:42 40,960 --a------ C:\WINDOWS\system32\rsnpstd2.dll 2007-08-17 16:42 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll 2007-08-17 16:42 302,720 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys 2007-08-17 16:42 20,480 --a------ C:\WINDOWS\usnpstd2.exe 2007-08-17 16:42 <DIR> d-------- C:\Program Files\Common Files\snpstd2 2007-08-16 11:54 <DIR> d-------- C:\Program Files\SLD Codec Pack 2007-08-15 11:36 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-04 14:49 <DIR> d-------- C:\DVDs 2007-08-01 16:20 <DIR> d-------- C:\Program Files\DVDFab Decrypter 3 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-18 16:46 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-08-17 16:42 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-17 00:55 --------- d-------- C:\Program Files\TomTom HOME 2007-07-16 15:03 --------- d-------- C:\DOCUME~1\Stijn\APPLIC~1\InstallShield 2007-07-16 15:01 --------- d-------- C:\Program Files\TomTom DesktopSuite 2007-07-15 10:06 --------- d-------- C:\Program Files\Spyware Doctor 2007-07-08 10:30 --------- d-------- C:\Program Files\Outlook Express Backup Restore 2007-06-26 16:15 662016 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-26 15:58 851968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:10 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:33 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-16 07:50 716800 --a------ C:\WINDOWS\iun6002ev.exe 2007-06-14 20:11 96768 -----c--- C:\WINDOWS\system32\dllcache\inseng.dll 2007-06-14 20:11 616960 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-14 20:11 55808 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-14 20:11 532480 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-14 20:11 474624 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-06-14 20:11 449024 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-14 20:11 39424 -----c--- C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-06-14 20:11 357888 -----c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-06-14 20:11 3079680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-06-14 20:11 251392 -----c--- C:\WINDOWS\system32\dllcache\iepeers.dll 2007-06-14 20:11 205312 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-06-14 20:11 16384 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-14 20:11 151552 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll 2007-06-14 20:11 1494528 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-06-14 20:11 146432 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-14 20:11 1057280 -----c--- C:\WINDOWS\system32\dllcache\danim.dll 2007-06-14 20:11 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll 2007-06-14 16:07 18432 -----c--- C:\WINDOWS\system32\dllcache\iedw.exe 2007-06-13 15:24 1036800 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:24 1036800 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe 2007-05-26 23:27 2864 --a--c--- C:\WINDOWS\system32\dllcache\winsock.dll 2007-05-26 23:27 2864 --a------ C:\WINDOWS\system32\winsock.dll 2002-07-26 17:02 153088 --a------ C:\Program Files\UNWISE.EXE ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 02:07] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 13:01] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42] "Dit"="Dit.exe" [2004-09-22 19:53 C:\WINDOWS\Dit.exe] "Motive SmartBridge"="C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe" [2004-04-07 10:05] "vspdfprsrv.exe"="C:\Program Files\PDF Printer\vspdfprsrv.exe" [2005-02-20 17:53] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-30 20:13] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-28 11:06] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52] "SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 18:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-27 20:25] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-09-16 18:41] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] Systeemvak van ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 02:07:30] Telenet EasyCare.lnk - C:\Program Files\Telenet EasyCare\bin\matcli.exe [2005-12-07 21:54:09] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R1 NEOFLTR_500_8897;Juniper Networks TDI Filter Driver (NEOFLTR_500_8897);\??\C:\WINDOWS\system32\Drivers\NEOFLTR_500_8897.SYS R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS R3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-18 18:56:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-18 18:59:33 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-18 18:59 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:52:59, on 18/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nslsvice.exe C:\WINDOWS\system32\nsl.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\Dit.exe C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe C:\Program Files\PDF Printer\vspdfprsrv.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\WINDOWS\vsnpstd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Telenet EasyCare\bin\mpbtn.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELENE~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\PDF Printer\vspdfprsrv.exe --background O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Telenet EasyCare.lnk = C:\Program Files\Telenet EasyCare\bin\matcli.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://secure.pwc.be/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab,DanaInfo=be-citrix10+ O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133989010109 O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://vpn.ontexinternational.com/termservices/msrdp.cab,DanaInfo=homer+ O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://secure.pwc.be/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5029/mcfscan.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 8467 bytes
  • Hi Pim, Ik ondervind geen negatieve gevolgen meer van het virus, ik veronderstel dat je em al te pakken hebt! Avast is nog volop bezig met scannen, maar ik heb er vertrouwen in. Nogmaals hartelijk dank!!! mvg, Stijn
  • Hoi Stijn, Ik vind geen rare dingen meer in je logfile, laat even weten hoe het gaat:) Pim
  • Hi Pim, Nogmaals bedankt, PC loopt prima alsof er nooit iets aan de hand is geweest... Respect man ;-) merci, Stijn

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.