Mededeling

Collapse
No announcement yet.

Virus Win32:Small-JMH [Trj]

Collapse
This topic is closed.
X
X
 
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus Win32:Small-JMH [Trj]

    Hallo
    ik heb via MSN een virus besmetting opgelopen heb toen direct MSN verwijderd en een virusscan uitgevoerd met mijn virusscanner (AVAST) heeft toen ongeveer
    28 bestanden in de kluis geplaatst heb gescand in de veilige modus en daarna met Spybot en Ad-Aware gescand maar als ik de pc opstart dan geeft mijn scanner steeds twee berichten dat er noch een gedeelte van het Win32:Small-JMH [Trj] is gevonden.
    Heb hierop gescand met AVG Anti Spayware maar ook dit helpt niet ,verder werkt alles gewoon goed.
    Heb na het opstarten een logfile gemaakt met Hijackthis Maar ik ben niet zo bekwaam dat ik hier een conclusie uit kan trekken.
    Ik hoop dat er iemand mij kan helpen om van die troep af te komen.
    Gr schijndel100

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:21:29, on 2/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Support.com\bin\tgcmd.exe
    D:\program files hans\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    D:\program files hans\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\program files hans\AVG Anti-Spyware 7.5\guard.exe
    D:\program files hans\KeePass Password Safe\KeePass.exe
    D:\program files hans\PrintScreen\PrintScreen.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    D:\program files hans\MSGTAG\MSGTAG.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    D:\program files hans\birthday\Birthday.exe
    D:\program files hans\PopTray 3.03\PopTray.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\program files hans\Hijack This\HiJackThis_v2.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kliknieuws.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.kliknieuws.nl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.e xe
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KPN SMS mail] "D:\program files hans\KPN SMS mail\eSMS Executive Windows.exe Silent"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\program files hans\Adobe\Acrobat 8.1.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\program files hans\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\hans\LOCALS~1\Temp\vaanéé£'£'%''msn'è%'fix''.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\program files hans\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\program files hans\Nokia div\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [KeePass Password Safe] D:\program files hans\KeePass Password Safe\KeePass.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\program files hans\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSGTAG] "D:\program files hans\MSGTAG\MSGTAG.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Birthday.lnk = D:\program files hans\birthday\Birthday.exe
    O4 - Startup: PopTray.lnk = D:\program files hans\PopTray 3.03\PopTray.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - D:\program files hans\De Telefoongids Zoekbalk\PhoneShell.dll
    O15 - Trusted Zone: http://public.service.citroen.com
    O15 - Trusted Zone: http://service.citroen.com
    O15 - Trusted Zone: http://estim.citroen.inetpsa.com
    O15 - Trusted Zone: http://estim.peugeot.inetpsa.com
    O15 - Trusted Zone: http://networkservice.citroen.inetpsa.com
    O15 - Trusted Zone: http://public.service.citroen.inetpsa.com
    O15 - Trusted Zone: http://public.servicebox.peugeot.inetpsa.com
    O15 - Trusted Zone: http://service.citroen.inetpsa.com
    O15 - Trusted Zone: http://servicebox.peugeot.inetpsa.com
    O15 - Trusted Zone: http://public.servicebox.peugeot.com
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://krasje1946.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161974450496
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129998810056
    O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.pagedive.com/pagedive5811/PageDive5.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4881/mcfscan.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\program files hans\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\program files hans\Bluetoot-infrarood adapter\BTNtService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 12047 bytes


    -------------------------------------------------------------------------------


    naar ik hoop voldoende informatie

    Gr. schijndel100

  • #2
    zoals smeenk zegt.
    Last edited by Juisterr; 02-04-08, 19:30.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Je logje was hier al in behandeling:


      Deze gaat op slot

      Comment

      Working...
      X