Archief - Ernstig virus/trjojan

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
s

sparco

Legacy Member
Hey, sinds gisteren ben ik het slachtoffer geworden van een hardnekkig virus. Ik was aan het surfen op het internet (laatse versie van Firefox), toen er ineens een melding opkwam: Security tool installed. Uiteraard een trojan, en hij begon direct tientallen meldingen te geven van trojaanse paarden en heel die zooi. AVG gaf ook plots aan dat er 3 'bedreigingen' waren, maar hij kon ze niet verwijderen.

Zelfs taskmanager kon ik niet meer openen door die 'security tool'!
Het programma zelf noemt 165415884.exe, ofzo, altijd een andere cijfercombinatie. Vanaf je dit process kan sluiten lijkt er niets meer aan de hand.
Dus ik heb dat process uitgevinkt zodat het normaal niet meer vanzelf opstart, maar toch doet hij het. Ik heb die exe file ook verwijderd in application data, maar hij komt gewoon terug.
Ik heb sindsdien ook last van spontane reboots..
Iemand die er raad mee weet? Ik gebruik windows xp, AVG anti virus, en firefox.

Mijn log:


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:47:11, on 25/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\WINDOWS\system32\Rundll32.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\VMware\VMware Player\hqtray.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\ISP Monitor\isp.exe
F:\WINDOWS\system32\taskmgr.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\AskBarDis\bar\bin\AskService.exe
F:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\FsUsbExService.Exe
F:\Program Files\ISP Monitor\ISPMonitorSrv.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\WINDOWS\system32\lkcitdl.exe
E:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
F:\WINDOWS\system32\nisvcloc.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
F:\WINDOWS\system32\vmnat.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\VMware\VMware Player\vmware-authd.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\vmnetdhcp.exe
F:\WINDOWS\system32\lkads.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\system32\MsiExec.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Hijack\TrendMicro\HiJackThis\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welkom aan de K.H.Kempen:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - F:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - F:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] F:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [nwiz] F:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VMware hqtray] "E:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [08197025] F:\DOCUME~1\ALLUSE~1\APPLIC~1\08197025\08197025.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] F:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: syspck32.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254068697593
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\System32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - F:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - F:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - F:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - F:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - F:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - F:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - F:\WINDOWS\system32\lktsrv.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - E:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - F:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - F:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - F:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - F:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - F:\WINDOWS\system32\vmnat.exe

--
End of file - 11888 bytes
J

Juisterr

Legacy Member
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - F:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - F:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [08197025] F:\DOCUME~1\ALLUSE~1\APPLIC~1\08197025\08197025.ex e
O4 - Startup: syspck32.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O23 - Service: ASKService - Unknown owner - F:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - F:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.



Download LopSD naar je Bureaublad
  • Kies Optie N en Enter
  • Klik OK bij het informatie venter
  • Kies Optie 2 (Fix + Hosts), en Enter
  • Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord
Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren”
Note:LopSD wordt door sommige virusscanners als virus gezien,deactiveer daarom je scanner

plaats dus deze uitslag samen met een nieuw HijackThis logje aub.
s

sparco

Legacy Member
Gedaan wat je zei, rebooted, programma is er nog steeds. Kan zelfs hijackthis niet meer openen, die trojan zegt constant dat er een virus inzit.
Notepad idem dito, ik open het, blijft 1 seconde open, en springt dan af wegens een virus erin.
Ik heb wel de log daarvan snel kunnen copy pasten:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz )
BIOS : BIOS Date: 07/14/06 16:31:37 Ver: 08.00.12
USER : Dennis VD ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:73 Go)
D:\ (Local Disk) - NTFS - Total:14 Go (Free:13 Go)
E:\ (Local Disk) - NTFS - Total:71 Go (Free:61 Go)
F:\ (Local Disk) - NTFS - Total:48 Go (Free:24 Go)
G:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

"F:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( vr 26/03/2010|18:20 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL

Verwijderd ! - F:\DOCUME~1\DENNIS~1\LOCALS~1\Temp\Statica M1_Opl1.doc
Verwijderd ! - F:\DOCUME~1\DENNIS~1\LOCALS~1\Temp\Statica M2_Opl-1.doc
Verwijderd ! - F:\DOCUME~1\DENNIS~1\LOCALS~1\Temp\Statica M2_Opl-2.doc
Verwijderd ! - F:\DOCUME~1\DENNIS~1\LOCALS~1\Temp\Statica M2_Opl-4.doc
Verwijderd ! - F:\DOCUME~1\DENNIS~1\LOCALS~1\Temp\Statica M2_Opl.doc

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Beschrijving van mappen in APPLIC~1

[02/10/2009|14:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[25/03/2010|10:33] F:\DOCUME~1\ALLUSE~1\APPLIC~1\08197025
[24/03/2010|17:13] F:\DOCUME~1\ALLUSE~1\APPLIC~1\10674725
[26/03/2010|18:08] F:\DOCUME~1\ALLUSE~1\APPLIC~1\49143728
[26/03/2010|18:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\55670023
[19/11/2009|13:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
[22/11/2009|19:14] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/10/2009|14:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[02/10/2009|14:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/03/2010|15:16] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[27/09/2009|18:50] F:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
[27/09/2009|18:50] F:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[27/09/2009|18:10] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[29/09/2009|21:30] F:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[09/03/2010|15:14] F:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[10/03/2010|19:08] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/03/2010|10:44] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[01/03/2010|22:26] F:\DOCUME~1\ALLUSE~1\APPLIC~1\MiKTeX
[30/09/2009|15:52] F:\DOCUME~1\ALLUSE~1\APPLIC~1\National Instruments
[27/09/2009|17:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation
[21/10/2009|19:12] F:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[10/03/2010|19:05] F:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
[26/03/2010|18:11] F:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
[27/09/2009|18:03] F:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|bestand(en)] F:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[26|map(pen)] F:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar

[17/10/2009|15:57] F:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[11/03/2010|23:50] F:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|bestand(en)] F:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[4|map(pen)] F:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar

[19/11/2009|13:30] F:\DOCUME~1\DENNIS~1\APPLIC~1\Ableton
[08/03/2010|16:15] F:\DOCUME~1\DENNIS~1\APPLIC~1\Adobe
[07/10/2009|16:26] F:\DOCUME~1\DENNIS~1\APPLIC~1\Apple Computer
[19/11/2009|22:56] F:\DOCUME~1\DENNIS~1\APPLIC~1\Ariane Software
[09/03/2010|15:16] F:\DOCUME~1\DENNIS~1\APPLIC~1\Autodesk
[27/09/2009|18:21] F:\DOCUME~1\DENNIS~1\APPLIC~1\AVG8
[22/03/2010|22:44] F:\DOCUME~1\DENNIS~1\APPLIC~1\Azureus
[04/12/2009|23:49] F:\DOCUME~1\DENNIS~1\APPLIC~1\Canon
[06/12/2009|17:36] F:\DOCUME~1\DENNIS~1\APPLIC~1\dvdcss
[23/03/2010|21:40] F:\DOCUME~1\DENNIS~1\APPLIC~1\Help
[27/09/2009|16:43] F:\DOCUME~1\DENNIS~1\APPLIC~1\Identities
[25/02/2010|11:15] F:\DOCUME~1\DENNIS~1\APPLIC~1\ISP Monitor
[27/09/2009|17:14] F:\DOCUME~1\DENNIS~1\APPLIC~1\Macromedia
[21/03/2010|01:00] F:\DOCUME~1\DENNIS~1\APPLIC~1\ManyCam
[25/03/2010|10:45] F:\DOCUME~1\DENNIS~1\APPLIC~1\Microsoft
[27/09/2009|17:07] F:\DOCUME~1\DENNIS~1\APPLIC~1\Mozilla
[30/09/2009|15:56] F:\DOCUME~1\DENNIS~1\APPLIC~1\National Instruments
[21/10/2009|19:12] F:\DOCUME~1\DENNIS~1\APPLIC~1\PC Suite
[21/10/2009|19:08] F:\DOCUME~1\DENNIS~1\APPLIC~1\Samsung
[17/10/2009|15:57] F:\DOCUME~1\DENNIS~1\APPLIC~1\Stocktwits.8986D6B7D178AAC41A95020D78F34B5073F31DBB.1
[13/10/2009|21:33] F:\DOCUME~1\DENNIS~1\APPLIC~1\Sun
[02/03/2010|15:18] F:\DOCUME~1\DENNIS~1\APPLIC~1\U3
[08/03/2010|16:03] F:\DOCUME~1\DENNIS~1\APPLIC~1\uTorrent
[25/03/2010|19:56] F:\DOCUME~1\DENNIS~1\APPLIC~1\vlc
[13/01/2010|16:39] F:\DOCUME~1\DENNIS~1\APPLIC~1\VMware
[04/10/2009|13:29] F:\DOCUME~1\DENNIS~1\APPLIC~1\WinRAR
[09/02/2010|21:03] F:\DOCUME~1\DENNIS~1\APPLIC~1\XMind
[0|bestand(en)] F:\DOCUME~1\DENNIS~1\APPLIC~1\bytes
[29|map(pen)] F:\DOCUME~1\DENNIS~1\APPLIC~1\bytes beschikbaar

[27/09/2009|16:26] F:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/03/2010|18:27] F:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
[0|bestand(en)] F:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[4|map(pen)] F:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar

[10/03/2010|19:15] F:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[26/03/2010|18:11] F:\DOCUME~1\NETWOR~1\APPLIC~1\VMware
[0|bestand(en)] F:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[4|map(pen)] F:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar

--------------------\\ Geplande Taken gelocaliseerd in F:\WINDOWS\Tasks

[26/03/2010 18:11][--ah-----] F:\WINDOWS\tasks\SA.DAT
[11/09/2002 13:00][-r-h-----] F:\WINDOWS\tasks\desktop.ini

--------------------\\ Beschrijving van mappen in F:\Program Files

[21/11/2009|11:37] F:\Program Files\Adobe
[21/11/2009|11:40] F:\Program Files\Adobe Media Player
[27/09/2009|16:49] F:\Program Files\Analog Devices
[02/10/2009|14:29] F:\Program Files\Apple Software Update
[27/09/2009|18:10] F:\Program Files\AskBarDis
[09/03/2010|15:10] F:\Program Files\Autodesk
[27/09/2009|18:50] F:\Program Files\AVG
[24/12/2009|16:17] F:\Program Files\Bonjour
[10/03/2010|19:16] F:\Program Files\Business Objects
[29/09/2009|21:30] F:\Program Files\CanonBJ
[10/03/2010|19:01] F:\Program Files\CE Remote Tools
[09/03/2010|15:08] F:\Program Files\Common Files
[27/09/2009|16:25] F:\Program Files\ComPlus Applications
[27/09/2009|18:00] F:\Program Files\Creative
[21/10/2009|19:08] F:\Program Files\DIFX
[16/10/2009|14:16] F:\Program Files\Google
[30/09/2009|15:52] F:\Program Files\HI-TECH Software
[10/03/2010|19:03] F:\Program Files\HTML Help Workshop
[21/10/2009|19:08] F:\Program Files\InstallShield Installation Information
[27/09/2009|16:44] F:\Program Files\Intel
[26/03/2010|18:08] F:\Program Files\Internet Explorer
[02/10/2009|14:30] F:\Program Files\iPod
[22/02/2010|15:06] F:\Program Files\ISP Monitor
[26/10/2009|18:26] F:\Program Files\Java
[24/03/2010|17:15] F:\Program Files\jv16 PowerTools 2009
[07/11/2009|01:45] F:\Program Files\Lame for Audacity
[21/10/2009|19:08] F:\Program Files\MarkAny
[28/09/2009|17:35] F:\Program Files\Messenger
[27/12/2009|21:55] F:\Program Files\Microsoft
[27/12/2009|21:58] F:\Program Files\Microsoft ASP.NET
[10/03/2010|19:12] F:\Program Files\Microsoft Device Emulator
[27/09/2009|16:27] F:\Program Files\microsoft frontpage
[27/09/2009|19:49] F:\Program Files\Microsoft Office
[24/12/2009|16:25] F:\Program Files\Microsoft SDKs
[21/01/2010|09:45] F:\Program Files\Microsoft Silverlight
[10/03/2010|19:16] F:\Program Files\Microsoft SQL Server
[10/03/2010|19:10] F:\Program Files\Microsoft SQL Server Compact Edition
[10/03/2010|19:10] F:\Program Files\Microsoft Synchronization Services
[27/09/2009|19:49] F:\Program Files\Microsoft Visual Studio
[24/12/2009|16:35] F:\Program Files\Microsoft Web Designer Tools
[28/09/2009|17:31] F:\Program Files\Microsoft Works
[10/03/2010|19:15] F:\Program Files\Microsoft.NET
[11/03/2010|11:12] F:\Program Files\Movie Maker
[24/03/2010|19:06] F:\Program Files\Mozilla Firefox
[10/03/2010|19:03] F:\Program Files\MSBuild
[27/09/2009|16:24] F:\Program Files\MSN
[27/09/2009|16:24] F:\Program Files\MSN Gaming Zone
[23/10/2009|14:05] F:\Program Files\MSXML 4.0
[24/12/2009|16:15] F:\Program Files\MSXML 6.0
[27/09/2009|18:09] F:\Program Files\NetMeeting
[27/09/2009|17:11] F:\Program Files\NVIDIA Corporation
[27/09/2009|16:24] F:\Program Files\Online Services
[28/09/2009|17:29] F:\Program Files\Outlook Express
[21/10/2009|19:08] F:\Program Files\PC Connectivity Solution
[02/10/2009|14:29] F:\Program Files\QuickTime
[27/09/2009|17:01] F:\Program Files\Realtek
[24/12/2009|16:17] F:\Program Files\Reference Assemblies
[21/10/2009|19:08] F:\Program Files\Samsung
[27/09/2009|16:43] F:\Program Files\Uninstall Information
[13/11/2009|16:51] F:\Program Files\VideoLAN
[22/03/2010|22:44] F:\Program Files\Vuze
[27/09/2009|18:27] F:\Program Files\Windows Live
[19/02/2010|13:44] F:\Program Files\Windows Live Safety Center
[27/09/2009|18:27] F:\Program Files\Windows Live SkyDrive
[27/09/2009|18:24] F:\Program Files\Windows Media Player
[10/03/2010|19:11] F:\Program Files\Windows Mobile 5.0 SDK R2
[27/09/2009|18:09] F:\Program Files\Windows NT
[27/09/2009|17:29] F:\Program Files\WindowsUpdate
[27/09/2009|16:27] F:\Program Files\xerox
[0|bestand(en)] F:\Program Files\bytes
[71|map(pen)] F:\Program Files\bytes beschikbaar

--------------------\\ Beschrijving van mappen in F:\Program Files\Common Files

[22/11/2009|19:13] F:\Program Files\Common Files\Adobe
[17/10/2009|15:57] F:\Program Files\Common Files\Adobe AIR
[26/03/2010|18:12] F:\Program Files\Common Files\Akamai
[02/10/2009|14:30] F:\Program Files\Common Files\Apple
[09/03/2010|15:09] F:\Program Files\Common Files\Autodesk Shared
[22/12/2009|15:09] F:\Program Files\Common Files\Blizzard Entertainment
[27/09/2009|19:49] F:\Program Files\Common Files\DESIGNER
[27/09/2009|18:10] F:\Program Files\Common Files\i4j_jres
[04/03/2010|17:13] F:\Program Files\Common Files\InstallShield
[21/11/2009|11:35] F:\Program Files\Common Files\Macrovision Shared
[11/03/2010|23:48] F:\Program Files\Common Files\Merge Modules
[10/03/2010|19:15] F:\Program Files\Common Files\Microsoft Shared
[27/09/2009|16:25] F:\Program Files\Common Files\MSSoap
[27/09/2009|18:20] F:\Program Files\Common Files\ODBC
[27/09/2009|16:25] F:\Program Files\Common Files\Services
[27/09/2009|18:20] F:\Program Files\Common Files\SpeechEngines
[28/09/2009|17:30] F:\Program Files\Common Files\System
[05/10/2009|21:03] F:\Program Files\Common Files\VMware
[27/09/2009|18:21] F:\Program Files\Common Files\Windows Live
[0|bestand(en)] F:\Program Files\Common Files\bytes
[21|map(pen)] F:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 50 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE


--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-03-26 18:21:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Zoeken naar andere infecties

--------------------\\ Cracks & Keygens ..

F:\DOCUME~1\DENNIS~1\Application Data\uTorrent\Microsoft Office 2007 SP2 Activation Crack [ChattChitto RG].torrent
F:\DOCUME~1\DENNIS~1\Application Data\uTorrent\Office 2007 Activation Crack 2.0.EXE.torrent


[F:3899][D:377]-> F:\DOCUME~1\DENNIS~1\LOCALS~1\Temp
[F:101][D:0]-> F:\DOCUME~1\DENNIS~1\Cookies
[F:1422][D:4]-> F:\DOCUME~1\DENNIS~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "F:\Lop SD\LopR_1.txt" - vr 26/03/2010|18:22 - Option : [2]

--------------------\\ Scan voltooid om 18:22:36
s

sparco

Legacy Member
Wel, het probleem is dus dat ik hijhackthis eigenlijk niet kan openen..
Als mijn pc opstart, en ik ben snel, dan kan ik taskmngr openen en veeel processen afsluiten. Met wat geluk komt die "security tool' er dan niet op. Zo kan ik hijackthis wél openen, maarja..

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:35:06, on 27/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\WINDOWS\system32\Rundll32.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\VMware\VMware Player\hqtray.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\ISP Monitor\isp.exe
F:\WINDOWS\system32\taskmgr.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\WINDOWS\system32\lkcitdl.exe
E:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
F:\WINDOWS\system32\nisvcloc.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
F:\WINDOWS\system32\vmnat.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\VMware\VMware Player\vmware-authd.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\AskBarDis\bar\bin\AskService.exe
F:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Microsoft Office\Office12\EXCEL.EXE
F:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hijack\TrendMicro\HiJackThis\HiJackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welkom aan de K.H.Kempen:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - F:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - F:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] F:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [nwiz] F:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VMware hqtray] "E:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [08197025] F:\DOCUME~1\ALLUSE~1\APPLIC~1\08197025\08197025.exe
O4 - HKLM\..\Run: [55670023] F:\Documents and Settings\All Users\Application Data\55670023\55670023.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISPMonitor] F:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: syspck32.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - F:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254068697593
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\System32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - F:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - F:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - F:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - F:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - F:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - F:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - F:\WINDOWS\system32\lktsrv.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - E:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - E:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - F:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - F:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - F:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - F:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - F:\WINDOWS\system32\vmnat.exe

--
End of file - 11802 bytes
J

Juisterr

Legacy Member
Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"C:\Documents and Settings\user\Start Menu\Programs\Startup\syspck32.exe"
"C:\Documents and Settings\Wiebe\start menu\programs\startup\Syspck32.exe") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted successfully>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt
DEL %0

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.
s

sparco

Legacy Member
Deleting files
"C:\Documents and Settings\user\Start Menu\Programs\Startup\syspck32.exe" not found
"C:\Documents and Settings\Wiebe\start menu\programs\startup\Syspck32.exe" not found
J

Juisterr

Legacy Member
Lijkt me dus niet aanwezig.

Download Combofix

naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.
s

sparco

Legacy Member
Thread uit het oog verloren, ik vertrok op skireis. Het rare is dat, toen ik terugkwam, ik geen hinder meer had van reboots of andere rare gebeurtenissen. Maar blijkbaar heb ik er nog altijd last van, want sinds een paar dagen heb ik last van een abnormaal hoge upload elke keer ik mijn pc opzet. (700-1500kbs) En als ik kijk via netlimiter, zie ik niets abnormaals.

Ik heb gescanned met hitman pro, hij vond een trojaans paard maar kan het niet verwijderen..
J

Juisterr

Legacy Member
Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan