Vraag & Antwoord

Beveiliging & privacy

trojaans paard

10 antwoorden
  • Kan iemand me helpen ? Er zit een trojaans paard in de computer op m'n werk. We hebben daar een virusscanner AVAST. Hij waarschuwt altijd dat er een trojaans paard is, en zegt ons dat in de kluis te zetten. We doen wat de virusscanner zegt, MAAR ... na enige tijd verschijnt de waarschuwing terug. Alvast bedankt !!!
  • Geeft avast ook info over welke trojan het precies is? Je zou eens met een andere antivirus kunnen kijken. Of een online scan doen. Trojans zijn vaak ook wel zichtbaar in een hijackthis log. Die zou je dus hier kunnen plaatsen.
  • Alvast bedankt voor je reactie ! De naam van de Trojan is : win32:TratBHO (Trj). Hij verschijnt telkens in een ander bestand. Kan je me vertellen hoe ik zo'n hijackthis log moet maken, dan zet ik het met plezier online. Groetjes! Chris
  • Het is me toch gelukt om zo'n hijackthis log te maken. Hieronder volgt het : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:18:26, on 29/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\WINDOWS\mrofinu572.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\cbxvtss.dll O2 - BHO: (no name) - {D78E2970-1B36-490C-8C5A-73D84D8B1448} - C:\Program Files\Adobe\mesovicuC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: cbxvtss - C:\WINDOWS\SYSTEM32\cbxvtss.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7823 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:ba7527b699] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\cbxvtss.dll O2 - BHO: (no name) - {D78E2970-1B36-490C-8C5A-73D84D8B1448} - C:\Program Files\Adobe\mesovicuC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O20 - Winlogon Notify: cbxvtss - C:\WINDOWS\SYSTEM32\cbxvtss.dll [/b:ba7527b699] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open de verkenner ("Deze Computer") en kies [b:ba7527b699]Extra[/b:ba7527b699] -> [b:ba7527b699]Mapopties...[/b:ba7527b699] Controleer onder [b:ba7527b699]Weergave[/b:ba7527b699] de volgende instellingen: Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen) Uitzetten: Extensies voor bekende bestandstypen verbergen Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP) Selecteer: Verborgen bestanden en mappen weergeven Druk daarna op [b:ba7527b699]Toepassen[/b:ba7527b699] gevolgd door [b:ba7527b699]Ok[/b:ba7527b699]. Verwijder de volgende bestanden: C:\WINDOWS\system32\[b:ba7527b699]cbxvtss.dll[/b:ba7527b699] Download [url=http://java.sun.com/javase/downloads/index.jsp][b:ba7527b699][color=blue:ba7527b699]Java Runtime Environment (JRE) 6u4[/color:ba7527b699][/b:ba7527b699][/url]. [list:ba7527b699][*:ba7527b699]Scroll omlaag naar : "[i:ba7527b699]Java Runtime Environment (JRE) 6u4[/i:ba7527b699]". [*:ba7527b699]Klik op de "[b:ba7527b699]Download[/b:ba7527b699]" knop aan de rechterkant. [*:ba7527b699]In het uitklapmenu rechts naast [b:ba7527b699]Platform[/b:ba7527b699], selecteer [color=blue:ba7527b699][b:ba7527b699]Windows[/b:ba7527b699][/color:ba7527b699] [*:ba7527b699]Vink aan: "[b:ba7527b699]I agree to the Java SE Runtime Environment 6 License Agreement[/b:ba7527b699]", en klik op [b:ba7527b699]Continue[/b:ba7527b699]. [*:ba7527b699]De pagina zal herladen. [*:ba7527b699]Klik op de [b:ba7527b699]jre-6u4-windows-i586-p.exe[/b:ba7527b699] link ONDER [b:ba7527b699]Windows Offline Installation[/b:ba7527b699] en bewaar het naar je Bureaublad. [*:ba7527b699]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:ba7527b699]Ga dan naar [b:ba7527b699]Start[/b:ba7527b699] > [b:ba7527b699]Configuratiescherm[/b:ba7527b699] > [b:ba7527b699]Software[/b:ba7527b699] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:ba7527b699]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:ba7527b699]Klik dan op [b:ba7527b699]Verwijderen[/b:ba7527b699] of op de [b:ba7527b699]Wijzig/Verwijder[/b:ba7527b699] knop. [*:ba7527b699]Herhaal dit tot alle oudere versies verdwenen zijn. [*:ba7527b699]Na het verwijderen van alle oudere versies, [b:ba7527b699]herstart[/b:ba7527b699] je pc. [*:ba7527b699]Dubbelklik vervolgens op [b:ba7527b699]jre-6u4-windows-i586-p.exe[/b:ba7527b699] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:ba7527b699] [b:ba7527b699]Download [/b:ba7527b699][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:ba7527b699]Combofix[/b:ba7527b699][/url] naar je Bureaublad. Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:ba7527b699]download Combofix opnieuw[/b:ba7527b699]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:ba7527b699] Dubbelklik op [b:ba7527b699]Combofix.exe[/b:ba7527b699] Volg de instructies, aanvaard de disclaimer door [b:ba7527b699]1[/b:ba7527b699] (continue) te typen, gevolgd door [b:ba7527b699]ENTER[/b:ba7527b699]. Tijdens het runnen van de fix, [b:ba7527b699]NIET[/b:ba7527b699] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:ba7527b699] Wanneer de fix voltooid is en na herstart, zal de log [b:ba7527b699]combofix.txt[/b:ba7527b699] openen. [i:ba7527b699]Plaats dit log in je volgende post samen met een nieuw HijackThis log.[/i:ba7527b699]
  • Beste Juisterr, Ik heb het eerste gedeelte gedaan van wat je vroeg, maar ik kan het bestand c:\windows\system 32\cbxvtss.dll niet verwijderen. Hij zegt dat het bestand in gebruik is, terwijl alle programma's gesloten zijn. Chris
  • probeer gewoon de rest wel te doen Chris.
  • Beste Juisterr, ik heb verder alles gedaan wat in je lijstje stond, en dit zijn de twee logs : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:42:55, on 29/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\HP\KBD\KBD.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: hpdj3600 - Unknown owner - C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\hpdj3600.exe (file missing) O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7277 bytes ComboFix 08-01-29.3 - HP_Eigenaar 2008-01-29 13:33:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.191 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\HP_Eigenaar\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\cbxvtss.dll D:\Autorun.inf C:\Program Files\Common Files\Yazzle1281OinAdmin.exe C:\Program Files\Temporary C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\b122.exe C:\WINDOWS\b128.exe C:\WINDOWS\mrofinu1000106.exe C:\WINDOWS\mrofinu572.exe C:\WINDOWS\system32\cbxvtss.dll C:\WINDOWS\system32\ddcdbyy.dll C:\WINDOWS\system32\pac.txt D:\Autorun.inf . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))) . 2008-01-29 11:11 . 2007-01-15 09:09 122,463 --a------ C:\WINDOWS\hpdj3600.hi1 2008-01-29 11:11 . 2007-01-15 09:09 7,366 --a------ C:\WINDOWS\hpdj3600.bu1 2008-01-29 10:51 . 2008-01-29 10:51 <DIR> d-------- C:\Program Files\Java 2008-01-29 10:51 . 2008-01-29 10:51 <DIR> d-------- C:\Program Files\Common Files\Java 2008-01-29 10:51 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-29 09:46 . 2008-01-29 09:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-29 08:17 . 2008-01-29 08:17 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-28 15:30 . 2008-01-29 09:55 <DIR> d-------- C:\Documents and Settings\HP_Eigenaar\.housecall6.6 2008-01-28 15:10 . 2008-01-29 08:05 <DIR> d-------- C:\Program Files\NoAdware5.0 2008-01-28 08:11 . 2008-01-28 08:29 <DIR> d-------- C:\Program Files\Dot1XCfg 2008-01-25 10:06 . 2008-01-25 10:06 <DIR> d-------- C:\WINDOWS\system32\uwcee9 2008-01-25 10:05 . 2008-01-25 10:06 <DIR> d-------- C:\WINDOWS\system32\aee1 2008-01-25 10:05 . 2008-01-25 10:05 <DIR> d-------- C:\temp\gTiis19 2008-01-25 10:05 . 2008-01-25 10:05 224,758 --a------ C:\temp\hKKsb1910.exe 2008-01-25 10:05 . 2008-01-25 10:05 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp 2008-01-25 10:04 . 2008-01-25 10:04 <DIR> d-------- C:\WINDOWS\system32\nGpxx01 2008-01-25 10:04 . 2008-01-25 10:04 <DIR> d-------- C:\temp\cXzz9 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-29 10:12 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-28 14:49 --------- d-----w C:\Program Files\Zylom Games 2008-01-20 18:54 --------- d-----w C:\Documents and Settings\HP_Eigenaar\Application Data\U3 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-15 08:27 40,328 ----a-w C:\Documents and Settings\HP_Eigenaar\Application Data\GDIPFONTCACHEV1.DAT 2007-10-01 07:57 516 ----a-w C:\Documents and Settings\HP_Eigenaar\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-04-13 10:25 18576936] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55 155648] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:47 659456] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 13:03 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 13:03 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-09 22:09 286720] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 20:23 4603904] "nwiz"="nwiz.exe" [2004-09-29 20:23 921600 C:\WINDOWS\system32\nwiz.exe] "VTTimer"="VTTimer.exe" [] "SiSPower"="SiSPower.dll" [2004-09-24 09:49 49152 C:\WINDOWS\system32\SiSPower.dll] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54 253952] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-01 13:58 98304] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32 74308] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728] S2 hpdj3600;hpdj3600;C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\hpdj3600.exe -servicerunning=true -uninstall=hp deskjet 3600 series [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed60d06c-02b3-11dc-8146-0011d8ad1941}] \Shell\AutoRun\command - F:\loader.exe *Newly Created Service* - HPDJ3600 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-29 13:37:56 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\HP\KBD\KBD.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2008-01-29 13:41:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-29 12:41:24 . 2008-01-09 10:55:29 --- E O F ---
  • Download en installeer [url=http://www.ccleaner.com/ccdownload.asp]CCleaner[/url] (De CCLeaner Yahoo Toolbar is niet nodig) Start [b:12cafe2a4b]CCleaner[/b:12cafe2a4b] Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden. Kies in ieder geval voor de volgende items: Internet Explorer: - Tijdelijke Internet bestanden Systeem: - Prullenbak leegmaken - Tijdelijke bestanden klik nu in Ccleaner op [b:12cafe2a4b]opschonen[/b:12cafe2a4b] (rechts onderaan). vertel even hoe het nu gaat.
  • Beste Juisterr, ik heb nogmaals gedaan wat je me schreef. Ik heb ccleaner alles laten opschonen. Daarna heb ik nog eens m'n virusscanner Avast gedraaid en die heeft geen geinfecteerde bestanden meer gevonden. 1000xbedankt en als ik je ooit eens tegenkom in je kotje aan de kust in Zuid-Holland, dan gaan we d'er samen één (of meer) drinken ! Chris

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.