Mededeling

Collapse
No announcement yet.

Blijvend probleem:Trojan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Blijvend probleem:Trojan

    heb enkele dagen last gehad van een Trojan-dropper.win32.agent.dgo.

    Lijkt in orde maar nu krijg ik : trojan.win32.zapchast.dt

    heb laptop al opgeschoond met de hier aangewezen programma's.(combofix,ATFcleaner,trojanremover,AVG antispyware,crapcleaner,...)

    F-secure laat het ook afweten...

    Heb gisteren Hijacktis logje gemaakt:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:36:22, on 26/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jibtmody.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tieke0.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://tieke0.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp04.photoprintit.de/microsite/defaults/activex/XUpload.ocx
    O20 - Winlogon Notify: jibtmody - C:\WINDOWS\SYSTEM32\jibtmody.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8322 bytes


    Al op voorhand bedankt...

  • #2
    Hallo Sickboy,

    Ik ben 'Begeleid helper' en ik ga (o.l.v. een Qualified Helper) je log bekijken. - Ik post z.s.m. een antwoord.
    Spyware op je pc? Post een HijackThis log.
    Houd je Java software up-to-date!


    Comment


    • #3
      Hallo Sickboy,

      Je bent geïnfecteerd met een VirtuMonde, ook wel Vundo genoemd. - Laten we eens kijken...

      1. Start HijackThis en kies voor 'Do a system scan only'.
      Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan, indien aanwezig:
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
      Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
      Er zal een vraag komen over backups. Antwoord hierop met 'Ja', en sluit hierna HijackThis.

      2. Download Combofix en sla het op je bureaublad op.

      Open Combofix.exe en volg de instructies, aanvaard de disclaimer door '1' te typen.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

      Het is mogelijk dat de PC zichzelf automatisch opnieuw opstart. Wanneer de fix is gedaan en na mogelijk herstart zal een log (combofix.txt) openen. Plaats de inhoud van dit bericht in je volgende reactie samen met een nieuw logje van HijackThis.

      Succes!
      - Niek
      Spyware op je pc? Post een HijackThis log.
      Houd je Java software up-to-date!


      Comment


      • #4
        Heb file verwijderd zoals aangegeven.

        Nieuws logjes:

        ComboFix 08-01-30.6 - Giovanni 2008-02-03 18:50:12.5 - NTFSx86
        Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.56 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\Giovanni\Bureaublad\ComboFix.exe

        WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
        .

        (((((((((((((((((((( Bestanden Gemaakt van 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))
        .

        2008-02-03 18:43 . 2008-02-03 18:45 <DIR> dr-h----- C:\Documents and Settings\Giovanni\Onlangs geopend
        2008-01-27 16:30 . 2008-01-27 16:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
        2008-01-27 16:30 . 2008-01-27 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
        2008-01-26 20:35 . 2008-01-26 20:35 <DIR> d-------- C:\Program Files\Trend Micro
        2008-01-26 17:55 . 2008-01-26 17:55 <DIR> d-------- C:\Documents and Settings\Giovanni\Application Data\Grisoft
        2008-01-26 17:53 . 2008-01-26 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
        2008-01-26 17:53 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
        2008-01-25 09:57 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8
        2008-01-24 22:20 . 2008-01-26 19:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
        2008-01-24 22:19 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
        2008-01-24 22:19 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
        2008-01-24 22:19 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
        2008-01-24 22:19 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
        2008-01-24 22:18 . 2008-02-01 21:27 <DIR> d-------- C:\Program Files\Trojan Remover
        2008-01-24 22:18 . 2008-01-24 22:18 <DIR> d-------- C:\Documents and Settings\Giovanni\Application Data\Simply Super Software
        2008-01-24 22:18 . 2008-01-24 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
        2008-01-24 22:18 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
        2008-01-24 22:05 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
        2008-01-24 22:02 . 2008-01-24 22:02 <DIR> d-------- C:\Program Files\Common Files\Java
        2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
        2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-01-26 15:34 --------- d-----w C:\Program Files\hbinst
        2008-01-24 21:04 --------- d-----w C:\Program Files\Java
        2007-12-19 17:36 --------- d-----w C:\Program Files\QuickTime
        2007-12-19 17:36 --------- d-----w C:\Program Files\iTunes
        2007-12-19 17:30 --------- d-----w C:\Program Files\Zylom Games
        2007-12-19 17:30 --------- d-----w C:\Program Files\Yahoo!
        2007-12-19 17:30 --------- d-----w C:\Program Files\Oberon Media
        2007-12-19 17:30 --------- d-----w C:\Program Files\Need2Find
        2007-12-19 17:30 --------- d-----w C:\Program Files\BearShare
        2007-12-04 15:51 --------- d-----w C:\Program Files\MSXML 4.0
        2007-12-04 15:50 --------- d-----w C:\Program Files\IncrediMail
        2007-12-04 15:49 --------- d-----w C:\Program Files\BoontyGames
        2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
        2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
        2007-11-07 09:30 727,040 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
        "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-01-03 17:11 737872]
        "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

        C:\Documents and Settings\Giovanni\Menu Start\Programma's\Opstarten\
        ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2004-11-02 00:53:24 36864]

        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
        F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-01-20 22:11:29 32807]
        Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2004-11-05 19:49:12 24576]

        R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-06-21 16:32]
        R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-01-20 22:11]
        R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
        R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-02-16 16:49]
        R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2004-12-17 10:34]
        R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]
        R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
        S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
        S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-03-20 21:33]

        .
        Inhoud van de 'Gedeelde Taken' map
        "2007-07-05 08:27:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
        - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
        "2008-02-03 16:04:12 C:\WINDOWS\Tasks\Scheduled scanning task.job"
        - C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt
        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-02-03 18:54:57
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        Voltooingstijd: 2008-02-03 18:57:03
        ComboFix-quarantined-files.txt 2008-02-03 17:56:56
        ComboFix2.txt 2008-01-30 11:53:06
        ComboFix3.txt 2008-01-26 19:04:15
        ComboFix4.txt 2008-01-24 20:25:07
        .
        2008-01-26 20:00:56 --- E O F ---



        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 18:45:04, on 3/02/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
        C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
        C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
        C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
        O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
        O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
        O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
        O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
        O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
        O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
        O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
        O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tieke0.spaces.live.com//PhotoUpload/MsnPUpld.cab
        O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
        O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://tieke0.spaces.live.com/PhotoUpload/MsnPUpld.cab
        O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
        O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
        O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp04.photoprintit.de/microsite/defaults/activex/XUpload.ocx
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
        O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

        --
        End of file - 8030 bytes


        Alvast bedankt!!!

        Comment


        • #5
          Hallo Sickboy,

          Gebruik je het programma 'Boonty Games'?

          1. Open een nieuw kladblok bestand.

          Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
          Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.
          Folder::
          C:\Program Files\hbinst
          C:\Program Files\Need2Find

          Driver::
          Boonty Games

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:



          Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
          Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis.

          - Niek
          Spyware op je pc? Post een HijackThis log.
          Houd je Java software up-to-date!


          Comment


          • #6
            Actie uitgevoerd!

            En hier de logjes:

            ComboFix 08-01-30.6 - Giovanni 2008-02-04 13:45:06.6 - NTFSx86
            Gestart vanuit: C:\Documents and Settings\Giovanni\Bureaublad\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Giovanni\Bureaublad\CFScript.txt
            * Nieuw herstelpunt werd aangemaakt

            WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\Program Files\hbinst
            C:\Program Files\Need2Find

            .
            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

            .
            -------\LEGACY_BOONTY_GAMES
            -------\Boonty Games


            (((((((((((((((((((( Bestanden Gemaakt van 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))
            .

            2008-02-03 18:43 . 2008-02-04 13:41 <DIR> dr-h----- C:\Documents and Settings\Giovanni\Onlangs geopend
            2008-01-27 16:30 . 2008-01-27 16:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
            2008-01-27 16:30 . 2008-01-27 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
            2008-01-26 20:35 . 2008-01-26 20:35 <DIR> d-------- C:\Program Files\Trend Micro
            2008-01-26 17:55 . 2008-01-26 17:55 <DIR> d-------- C:\Documents and Settings\Giovanni\Application Data\Grisoft
            2008-01-26 17:53 . 2008-01-26 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
            2008-01-26 17:53 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
            2008-01-25 09:57 . 2008-01-26 15:51 <DIR> d-------- C:\WINDOWS\BDOSCAN8
            2008-01-24 22:20 . 2008-01-26 19:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
            2008-01-24 22:19 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
            2008-01-24 22:19 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
            2008-01-24 22:19 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
            2008-01-24 22:19 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
            2008-01-24 22:18 . 2008-02-04 13:57 <DIR> d-------- C:\Program Files\Trojan Remover
            2008-01-24 22:18 . 2008-01-24 22:18 <DIR> d-------- C:\Documents and Settings\Giovanni\Application Data\Simply Super Software
            2008-01-24 22:18 . 2008-01-24 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
            2008-01-24 22:18 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
            2008-01-24 22:05 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
            2008-01-24 22:02 . 2008-01-24 22:02 <DIR> d-------- C:\Program Files\Common Files\Java
            2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
            2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2008-01-24 21:04 --------- d-----w C:\Program Files\Java
            2007-12-19 17:36 --------- d-----w C:\Program Files\QuickTime
            2007-12-19 17:36 --------- d-----w C:\Program Files\iTunes
            2007-12-19 17:30 --------- d-----w C:\Program Files\Zylom Games
            2007-12-19 17:30 --------- d-----w C:\Program Files\Yahoo!
            2007-12-19 17:30 --------- d-----w C:\Program Files\Oberon Media
            2007-12-19 17:30 --------- d-----w C:\Program Files\BearShare
            2007-12-04 15:51 --------- d-----w C:\Program Files\MSXML 4.0
            2007-12-04 15:50 --------- d-----w C:\Program Files\IncrediMail
            2007-12-04 15:49 --------- d-----w C:\Program Files\BoontyGames
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
            "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-01-03 17:11 737872]
            "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

            C:\Documents and Settings\Giovanni\Menu Start\Programma's\Opstarten\
            ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2004-11-02 00:53:24 36864]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
            F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-01-20 22:11:29 32807]
            Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2004-11-05 19:49:12 24576]

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
            "DisableRegistryTools"= 0 (0x0)

            R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-06-21 16:32]
            R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-01-20 22:11]
            R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
            R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-02-16 16:49]
            R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2004-12-17 10:34]
            R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]
            R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
            S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]

            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-07-05 08:27:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
            "2008-02-04 11:23:36 C:\WINDOWS\Tasks\Scheduled scanning task.job"
            - C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt
            .
            **************************************************************************

            catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2008-02-04 13:57:08
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            ------------------------ Other Running Processes ------------------------
            .
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
            C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
            C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
            C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
            C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
            C:\Program Files\F-Secure\Common\FSMA32.EXE
            C:\Program Files\F-Secure\Common\FSMB32.EXE
            C:\Program Files\F-Secure\Common\FCH32.EXE
            C:\Program Files\F-Secure\Common\FAMEH32.EXE
            C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
            C:\WINDOWS\system32\wdfmgr.exe
            C:\Program Files\F-Secure\Common\FNRB32.EXE
            C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
            C:\Program Files\F-Secure\Common\FIH32.EXE
            C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
            C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
            C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
            C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
            C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
            C:\WINDOWS\System32\rundll32.exe
            .
            **************************************************************************
            .
            Voltooingstijd: 2008-02-04 14:09:22 - machine was rebooted
            ComboFix-quarantined-files.txt 2008-02-04 13:09:13
            ComboFix2.txt 2008-02-03 17:57:04
            ComboFix3.txt 2008-01-30 11:53:06
            ComboFix4.txt 2008-01-26 19:04:15
            ComboFix5.txt 2008-01-24 20:25:07
            .
            2008-01-26 20:00:56 --- E O F ---



            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 14:29:21, on 4/02/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
            C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
            C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
            C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
            C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
            C:\Program Files\F-Secure\Common\FSMA32.EXE
            C:\Program Files\F-Secure\Common\FSMB32.EXE
            C:\Program Files\F-Secure\Common\FCH32.EXE
            C:\Program Files\F-Secure\Common\FAMEH32.EXE
            C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\F-Secure\Common\FNRB32.EXE
            C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
            C:\Program Files\F-Secure\Common\FIH32.EXE
            C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
            C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
            C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
            C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
            C:\WINDOWS\system32\notepad.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
            O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
            O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
            O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
            O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
            O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
            O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
            O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
            O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
            O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
            O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
            O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
            O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tieke0.spaces.live.com//PhotoUpload/MsnPUpld.cab
            O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
            O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://tieke0.spaces.live.com/PhotoUpload/MsnPUpld.cab
            O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
            O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
            O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner_nl/ErrorSafeScannerInstallNL.cab
            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
            O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp04.photoprintit.de/microsite/defaults/activex/XUpload.ocx
            O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
            O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
            O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
            O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
            O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
            O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
            O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
            O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

            --
            End of file - 7951 bytes


            Computer werkt in ieder geval een pak beter.

            Manueel starten van een scan met f-secure werkt echter nog steeds niet...

            Alvast bedankt!!Puik werk!!

            Comment


            • #7
              Hallo Sickboy,

              Je logjes zien er weer goed uit.

              Gebruik je het programma 'Boonty Games'?
              Kan je die vraag ook even beantwoorden?

              Manueel starten van een scan met f-secure werkt echter nog steeds niet...
              Dat ligt (in dit geval) niet aan malware. Neem eens contact op met F-Secure.

              Ga naar Start -- Uitvoeren. Typ daar vervolgens het volgende (dikgedrukte) in:
              Combofix /U

              Ondervind je nog problemen?

              - Niek
              Spyware op je pc? Post een HijackThis log.
              Houd je Java software up-to-date!


              Comment


              • #8
                Ik gebruik boontygames niet...

                Vriendin misschien...maar denk het niet.


                Petankt!!

                Comment


                • #9
                  Hallo Sickboy,

                  Dan raad ik je aan Boonty Games te verwijderen.

                  Verwijder via Start > Configuratiescherm > Software, het volgende programma (indien aanwezig):
                  Boonty Games

                  Dan is alles weer in orde. - Wil je de status van dit topic op 'opgelost' zetten?

                  - Niek
                  Spyware op je pc? Post een HijackThis log.
                  Houd je Java software up-to-date!


                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X