antivirus.startpagina.nl

Trojan

  • Anonymous avatar

    Marcel Jacobs

    Ik krijg een melding tijdens het opstarten na het verwijderen van een trojan. Deze melding houdt in dat hij een bepaald bestand niet kan vinden, hierna sluit de computer zich zelf af.

    Onderstaande is de logfile van HijackThis.

    Advies is erg welkom!

    Logfile of HijackThis v1.97.7

    Scan saved at 15:42:51, on 25-10-2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    C:\Program Files\Network Associates\VirusScan\Mcshield.exe

    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    C:\Program Files\Spyware Doctor\sdhelp.exe

    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\WINDOWS\system32\UAService7.exe

    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

    C:\WINDOWS\system32\atwtusb.exe

    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Winamp\winampa.exe

    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\MSN Messenger\msnmsgr.exe

    C:\Program Files\MD40323\ICON.EXE

    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\WINDOWS\system32\TBLMOUSE.EXE

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\System32\HPZipm12.exe

    C:\Documents and Settings\Marcel Jacobs\Mijn documenten\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.volkskrant.nl/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.volkskrant.nl/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {468EE850-6E40-412A-981A-2BFD9C76E335} - C:\WINDOWS\system32\dhtmcore.dll

    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll

    O4 - HKLM\..\Run: “C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe”

    O4 - HKLM\..\Run: atwtusb.exe beta

    O4 - HKLM\..\Run: “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon

    O4 - HKLM\..\Run: “C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE” /STANDALONE

    O4 - HKLM\..\Run: “C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe”

    O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime

    O4 - HKLM\..\Run: C:\Program Files\Winamp\winampa.exe

    O4 - HKLM\..\Run: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

    O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    O4 - HKLM\..\Run: C:\Windows\Drivers.bat

    O4 - HKLM\..\Run: C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe

    O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\msnmsgr.exe” /background

    O4 - Global Startup: 2Mega Camera Manager Monitor.lnk = ?

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: hp psc 1000 series.lnk = ?

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

    O9 - Extra ‘Tools’ menuitem: Sun Java Console (HKLM)

    O9 - Extra button: Messenger (HKLM)

    O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab

    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  • Anonymous avatar

    Piet

    Alle stappen uit “lees dit eerst”al gedaan?

  • Anonymous avatar

    marcel

    Yep!

  • Anonymous avatar

    pavlov

    Hoi Marcel,

    Weet je toevallig ook welke trojan?

    En welk bestand kan hij niet vinden bij het opstarten?

    Plaats svp even een logje gemaakt met de nieuwste versie van Hijack This. ;)

    Die jij gebruikt is antiek. :+

    Susanne. :)