[OPGELOST] Pc is helemaal naar de ***** door trojan. Heb écht zsm hulp nodig :( :(

Xeno · 22 mei 2008

Hoi Rustic,

Neem maar XP Home Editions, maar is geen must, is enkel verstandig indien je geen XP CD hebt, omdat de recovery console voor analisten veel kan herstellen tot de boot MBR.

Dus heb je een XP CD (legaal), mag je deze procedure overslaan, en post maar een log van Combo voor in te zien.

Groetjes,

Xeno

ruskic · 23 mei 2008

Hallo Xeno, ik heb de cd niet in huis liggen. Mijn versie is overigens legaal via internet geregistreerd.

Hier het logje van RVAXO:

---RVAXO.exe Updated: 2008-05-21---first run---

Uninstallers:

Files found:

C:\WINDOWS\BM47406f4e.txt

C:\WINDOWS\system32\clkcnt.txt

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Not deleted items:

--------------RVAXO.exe finished----------------

Het CF logje;

ComboFix 08-05-21.3 - Drago 2008-05-23 15:23:51.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.372 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\Drago\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

* Resident AV is active

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\tjgkhooj.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))

.

2008-05-22 22:34 . 2008-05-23 15:14 <DIR> d-------- C:\RVAXO

2008-05-22 22:31 . 2008-05-21 12:16 826,539 --a------ C:\WINDOWS\system32\RVAXO.bat

2008-05-22 22:31 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe

2008-05-22 22:28 . 2008-05-22 22:29 <DIR> d-------- C:\12345

2008-05-22 22:28 . 2008-04-25 20:50 582 --a------ C:\WINDOWS\win.tmp

2008-05-22 22:28 . 2008-05-23 15:29 227 --a------ C:\WINDOWS\system.tmp

2008-05-19 19:48 . 2008-05-19 19:48 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Malwarebytes

2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-19 19:47 . 2008-05-19 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-19 19:47 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-19 19:47 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-19 18:31 . 2008-05-23 15:23 <DIR> d-------- C:\quarantine

2008-05-18 16:45 . 2008-05-18 16:45 <DIR> d-------- C:\WINDOWS\ERUNT

2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Uniblue

2008-05-18 11:49 . 2008-05-18 11:49 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-18 05:26 . 2008-05-18 05:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-05-18 05:10 . 2008-05-19 21:56 5,016 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-18 05:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-05-18 05:07 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-05-18 05:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-05-18 05:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-05-18 04:06 . 2008-05-22 22:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-18 03:36 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys

2008-05-18 03:36 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys

2008-05-18 03:35 . 2008-05-18 04:03 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-05-18 03:35 . 2008-05-18 03:35 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Tools

2008-05-18 01:40 . 2008-05-18 01:40 16,128 --a------ C:\WINDOWS\rundll32.vbe

2008-05-18 01:20 . 2004-09-02 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\PC Suite

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\Nokia

2008-05-14 13:12 . 2008-05-14 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-05-14 13:11 . 2008-05-14 13:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-05-14 13:11 . 2008-05-14 13:12 <DIR> d-------- C:\Program Files\Nokia

2008-05-14 13:11 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-05-14 13:11 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-05-14 13:10 . 2008-05-14 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-05-13 12:48 . 2008-05-13 12:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-04-26 09:10 . 2008-04-26 09:10 <DIR> d-------- C:\Program Files\LimeWire

2008-04-26 09:10 . 2008-05-08 06:30 <DIR> d-------- C:\Documents and Settings\Drago\Application Data\LimeWire

2008-04-25 20:00 . 2008-04-25 20:00 <DIR> d-------- C:\Program Files\Microsoft Works

2008-04-25 19:59 . 2008-04-25 19:59 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-04-25 19:55 . 2008-04-25 19:59 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-25 19:55 . 2008-04-25 19:55 <DIR> dr-h----- C:\MSOCache

2008-04-25 19:55 . 2008-05-15 06:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-04-24 08:15 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-24 08:15 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-21 20:37 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-18 02:40 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-17 23:18 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-14 11:11 --------- d-----w C:\Program Files\DIFX

2008-04-21 19:46 --------- d-----w C:\Program Files\vanBasco's Karaoke Player

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-02 13:00 15360]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728]

"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-02 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-02 13:00 455168]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-18 23:30 7122944]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]

"TFncKy"="TFncKy.exe" []

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848]

"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-05-11 13:02 253952]

"000StTHK"="000StTHK.exe" [2001-06-23 05:28 24576 C:\WINDOWS\system32\000StTHK.exe]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-02-19 02:24 196608]

"Kraidman"="C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2005-08-11 16:37 1093712]

"NDSTray.exe"="NDSTray.exe" []

"TPSMain"="TPSMain.exe" [2005-07-06 15:04 266240 C:\WINDOWS\system32\TPSMain.exe]

"TPSODDCtl"="TPSODDCtl.exe" [2005-07-06 15:04 102400 C:\WINDOWS\system32\TPSODDCtl.exe]

"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327]

"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-01 13:29 102400]

"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152]

"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"Norman ZANDA"="C:\VIRUSfighter\bin\ZLH.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-02 13:00 15360]

"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-05-18 03:38 2115728]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-02-19 00:31:33 65536]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-19 04:59:25 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2008-02-18 20:19]

R2 TOS_SPS;TOSHIBA SPS Driver;C:\Program Files\TOSHIBA\TMP2VDec\TOS_SPS.sys [2005-07-11 18:01]

R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]

R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;C:\WINDOWS\system32\drivers\ttv400x.sys [2008-02-19 00:20]

S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 16:54]

*Newly Created Service* - CATCHME

*Newly Created Service* - ENTDRV51

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-23 15:29:06

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Action Script]

"ImagePath"="\"\""

.

Voltooingstijd: 2008-05-23 15:30:46

ComboFix-quarantined-files.txt 2008-05-23 13:30:41

ComboFix2.txt 2008-05-22 20:24:17

Pre-Run: 59,450,867,712 bytes beschikbaar

Post-Run: 59,443,294,208 bytes beschikbaar

167 --- E O F --- 2008-05-21 20:37:46

ruskic · 23 mei 2008

En een heel vers HJT logje

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:38:39, on 23-05-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Planet - Planet Homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Kraidman] C:\Program Files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Monitor.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365513121

O17 - HKLM\System\CCS\Services\Tcpip\..\{473E2151-1AB9-4143-A034-521C7A354C28}: NameServer = 195.121.1.34,195.121.1.66

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: TOSHIBA RAID Service (kraidsvc) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing)

O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 11253 bytes

Xeno · 23 mei 2008

Hoi Ruskic,

1. Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

Dit zal alles van RVAXO verwijderen.

2. Ga naar Start > Uitvoeren en typ (of kopiëer en plak) :

sc delete "Norman NJeeves"

en klik op OK/Enter

Herhaal de bewerking voor:

sc delete "Norman ZANDA"

en klik op OK/Enter

3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
C:\WINDOWS\win.tmp
C:\WINDOWS\system.tmp
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\beep.sys
DirLook::
C:\12345
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"=-
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Action Script]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.

Start opnieuw op als daarom gevraagd wordt,

en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Succes,

Xeno

ruskic · 24 mei 2008

Hoi Xeno,

Bij deze , ik stuur je wat je gevraagt hebt.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:32:00, on 24-05-2008