Trojan

• 

  Ro

  14-07-2009 10:36

  Zou iemand aub voor mij naar deze log willen kijken? Gisteren vond AVG 2 trojans op mijn computer.

  Alvast bedankt.

  Logfile of Trend Micro HijackThis v2.0.2

  Scan saved at 10:29:42, on 14-7-2009

  Platform: Windows XP SP3 (WinNT 5.01.2600)

  MSIE: Internet Explorer v8.00 (8.00.6001.18702)

  Boot mode: Normal

  Running processes:

  C:\WINDOWS\System32\smss.exe

  C:\WINDOWS\system32\winlogon.exe

  C:\WINDOWS\system32\services.exe

  C:\WINDOWS\system32\lsass.exe

  C:\WINDOWS\system32\svchost.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\Explorer.EXE

  C:\WINDOWS\system32\spoolsv.exe

  C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

  C:\WINDOWS\AGRSMMSG.exe

  C:\Program Files\Apoint2K\Apoint.exe

  C:\WINDOWS\system32\igfxtray.exe

  C:\WINDOWS\system32\hkcmd.exe

  C:\Program Files\QuickTime\qttask.exe

  C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

  C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

  C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

  C:\Program Files\Apoint2K\Apntex.exe

  C:\PROGRA~1\AVG\AVG8\avgtray.exe

  C:\WINDOWS\system32\ctfmon.exe

  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

  C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  C:\WINDOWS\system32\svchost.exe

  C:\PROGRA~1\AVG\AVG8\avgrsx.exe

  C:\Program Files\HPQ\shared\hpqwmi.exe

  C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

  C:\PROGRA~1\AVG\AVG8\avgnsx.exe

  C:\Program Files\Internet Explorer\IEXPLORE.EXE

  C:\Program Files\Internet Explorer\IEXPLORE.EXE

  C:\Program Files\Internet Explorer\IEXPLORE.EXE

  C:\Program Files\Internet Explorer\IEXPLORE.EXE

  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=Q405&bd=pavilion&pf=laptop

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

  R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

  R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

  O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

  O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

  O4 - HKLM\..\Run: “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32

  O4 - HKLM\..\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

  O4 - HKLM\..\Run: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

  O4 - HKLM\..\Run: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

  O4 - HKLM\..\Run: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

  O4 - HKLM\..\Run: AGRSMMSG.exe

  O4 - HKLM\..\Run: C:\Program Files\Apoint2K\Apoint.exe

  O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe

  O4 - HKLM\..\Run: C:\WINDOWS\system32\hkcmd.exe

  O4 - HKLM\..\Run: C:\Program Files\HPQ\Default Settings\cpqset.exe

  O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime

  O4 - HKLM\..\Run: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

  O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

  O4 - HKLM\..\Run: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

  O4 - HKLM\..\Run: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

  O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG8\avgtray.exe

  O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

  O4 - Global Startup: BTTray.lnk = ?

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

  O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

  O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

  O15 - Trusted Zone: http://*.mcafee.com

  O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5605/mcfscan.cab

  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

  O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

  O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe

  O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  –

  End of file - 6700 bytes

  Rapporteren
• 

  Ben

  14-07-2009 11:42

  Beste Ro

  Waar is stap 7,

  Ben:)

  Rapporteren
• 

  Ro

  14-07-2009 20:30

  Hoi Ben,

  stap 7 gaf geen fouten, niets geïnfecteerd.

  AVG gaf gisteren 2maal Trojaan backdoor ircbot jao aan ,'1 in c\system volume information en 1 in c\windows system 32\igfxzoom.exe en een hele lange code?

  Deze staan nu in quarantaine, kunnen zij dan nog kwaad?

  Ro

  Rapporteren
• 

  Argus

  14-07-2009 20:45

  Je hebt de mogelijkheid om c\windows system 32\igfxzoom.exe weer uit de Virusfault te halen,zet het bestand dus terug

  Dit is de zoveelste fout(false positive) van AVG

  

  http://www.liutilities.com/products/wintaskspro/processlibrary/igfxzoom/

  Rapporteren