Vraag & Antwoord

Beveiliging & privacy

NIEUW::: HiJackThis logfile!! HELP!

Anoniem
steggel
3 antwoorden
 • Hallo mensen,

  Ik heb een trojan gevonden genaamd agent.cs
  Deze zit verstopt in het bestand c:\windows\appspatch\raslib.dll

  Van alles heb ik al geprobeerd.
  Hitmanpro 2
  Norman anti virus
  CCleaner

  voor dit alles natuurlijk veilige modus, geen netwerk verbindingen.
  Maar alle programma's geven aan dat het bestand niet verwijdert kan worden omdat het in gebruik is of geblokkeerd is van verwijderen.

  HijackThis kan ik niet downloaden om een of andere vage reden.
  Graag enkele hulp!!

  Mvg

  Hans
 • Probeer hijackthis te downloaden van deze mirror

  Sjaak
 • hierbij het HiJack LOG!!
  Bedankt voor de mirror:


  Logfile of HijackThis v1.99.1
  Scan saved at 14:54:48, on 10-6-2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
  C:\Norman\bin\ZANDA.EXE
  C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
  C:\WINDOWS\system32\wdfmgr.exe
  C:\Norman\Nvc\bin\nvcoas.exe
  C:\Norman\Nvc\BIN\NVCSCHED.EXE
  C:\Norman\Nvc\BIN\nipsvc.exe
  C:\Norman\bin\NJEEVES.EXE
  C:\WINDOWS\System32\alg.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\00THotkey.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
  C:\Program Files\Apoint2K\Apoint.exe
  C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
  C:\WINDOWS\AGRSMMSG.exe
  C:\WINDOWS\system32\TFNF5.exe
  C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  C:\WINDOWS\system32\TPSMain.exe
  C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
  C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
  C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
  C:\Norman\bin\ZLH.EXE
  C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
  C:\WINDOWS\system32\dla\tfswctrl.exe
  C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
  C:\Norman\Nvc\BIN\NIP.EXE
  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  C:\Program Files\Apoint2K\Apntex.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
  C:\Norman\Nvc\bin\cclaw.exe
  C:\WINDOWS\system32\TPSBattM.exe
  C:\Palm\HOTSYNC.EXE
  C:\Program Files\WinZip\WZQKPICK.EXE
  C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
  C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
  C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
  C:\WINDOWS\system32\WISPTIS.EXE
  C:\PROGRA~1\WINZIP\winzip32.exe
  C:\Documents and Settings\Huub\Mijn documenten\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\AppPatch\raslib.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
  O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 audiostuurprogramma's\stacmon.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
  O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
  O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe
  O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
  O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
  O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
  O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
  O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
  O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
  O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
  O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
  O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{9B1ED6E8-65F5-4597-A322-ED11F1F7A06B}: NameServer = 172.16.1.100
  O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
  O20 - Winlogon Notify: raslib - C:\WINDOWS\AppPatch\raslib.dll
  O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
  O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
  O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
  O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
  O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
  O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.