• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Zpack.gen (trojan horse)? Zie Hijacklog

Status
Niet open voor verdere reacties.

Hendriek

Nieuw lid
Lid geworden
19 sep 2008
Berichten
12
Waarderingsscore
0
Hallo!

Ik heb een worm/Trojan horse in mijn computer maar ik krijg m er niet uit. Als ik de online scans doe dan loopt mijn computer vast ens oms loopt mijn AVIRA virusscanner vast.

Ik hoop dat jij/jullie mij kunnen helpen!

Groetjes Hendriek

[hjt]
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 21:17:54, on 25-12-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\widcomm\bluetooth software\bin\btwdins.exe
c:\program files\lavasoft\ad-aware\aawservice.exe
c:\windows\system32\spoolsv.exe
c:\program files\avira\antivir desktop\sched.exe
c:\windows\explorer.exe
c:\program files\avira\antivir desktop\avguard.exe
c:\program files\intel\intel matrix storage manager\iaanotif.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\windows\rthdcpl.exe
c:\progra~1\launch~1\lmanager.exe
c:\program files\google\google desktop search\googledesktop.exe
c:\program files\synaptics\syntp\syntpenh.exe
c:\program files\google\gmail notifier\gnotify.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\avira\antivir desktop\avgnt.exe
c:\program files\poweriso\pwrisovm.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\webcam\m3000\m3000mnt.exe
c:\windows\system32\ctfmon.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\program files\acer\acer vcm\acervcm.exe
c:\program files\widcomm\bluetooth software\bttray.exe
c:\windows\system32\igfxext.exe
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\intel\intel matrix storage manager\iaantmon.exe
c:\program files\acer\acer vcm\rs_service.exe
c:\program files\microsoft sql server\90\shared\sqlwriter.exe
c:\docume~1\hendriek\locals~1\temp\rtkbtmnt.exe
c:\windows\system32\svchost.exe
c:\program files\ipod\bin\ipodservice.exe
c:\program files\lavasoft\ad-aware\aawtray.exe
c:\program files\trendmicro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://homepage.acer.com/rdr.aspx?b=acaw&l=0413&s=0&o=xpp&d=0709&m=aspire_one_pro[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://hendriek.zurf.nl/index.php?[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\internet connection wizard,shellnext = [noparse]http://homepage.acer.com/rdr.aspx?b=acaw&l=0413&s=0&o=xpp&d=0709&m=aspire_one_pro[/noparse]
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
o2 - bho: google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
o3 - toolbar: google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o4 - hklm\..\run: [iaanotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [hotkeyscmds] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [azmixersel] c:\program files\realtek\audio\drivers\azmixersel.exe
o4 - hklm\..\run: [lmanager] c:\progra~1\launch~1\lmanager.exe
o4 - hklm\..\run: [google desktop search] c:\program files\google\google desktop search\googledesktop.exe /startup
o4 - hklm\..\run: [imjpmig8.1] c:\windows\ime\imjp8_1\imjpmig.exe /spoil /remadvdef /migration32
o4 - hklm\..\run: [mspy2002] c:\windows\system32\ime\pintlgnt\imscinst.exe /sync
o4 - hklm\..\run: [phime2002async] c:\windows\system32\ime\tintlgnt\tintsetp.exe /sync
o4 - hklm\..\run: [phime2002a] c:\windows\system32\ime\tintlgnt\tintsetp.exe /imename
o4 - hklm\..\run: [syntpenh] c:\program files\synaptics\syntp\syntpenh.exe
o4 - hklm\..\run: [m3000mnt] rundll32.exe m3000rmv.dll ,winmainrmv /startstillmnt
o4 - hklm\..\run: [plfseti] c:\windows\plfseti.exe
o4 - hklm\..\run: [userfaultcheck] %systemroot%\system32\dumprep 0 -u
o4 - hklm\..\run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
o4 - hklm\..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe /min
o4 - hklm\..\run: [pwrisovm.exe] c:\program files\poweriso\pwrisovm.exe
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [windows login assistance] c:\documents and settings\hendriek\application data\s05-3636-t34636-7574-blazebot-asget-ueiaash\winlogon.exe
o4 - hklm\..\run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [windows login assistance] c:\documents and settings\hendriek\application data\s05-3636-t34636-7574-blazebot-asget-ueiaash\winlogon.exe
o4 - hklm\..\policies\explorer\run: [windows login assistance] c:\documents and settings\hendriek\application data\s05-3636-t34636-7574-blazebot-asget-ueiaash\winlogon.exe
o4 - hkcu\..\policies\explorer\run: [windows login assistance] c:\documents and settings\hendriek\application data\s05-3636-t34636-7574-blazebot-asget-ueiaash\winlogon.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: acer vcm.lnk = ?
o4 - global startup: bttray.lnk = ?
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: verzenden naar &bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
o8 - extra context menu item: verzenden naar bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra button: in weblog opnemen - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &in weblog opnemen met windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: (no name) - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra 'tools' menuitem: skype add-on for internet explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra 'tools' menuitem: @btrez.dll,-12650 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {8100d56a-5661-482c-bee8-afece305d968} (facebook photo uploader 5 control) - [noparse]http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/facebookphotouploader55.cab[/noparse]
o16 - dpf: {9191f686-7f0a-441d-8a98-2fe3ac1bd913} (activescan 2.0 installer class) - [noparse]http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[/noparse]
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~1\common~1\skype\skype4~1.dll
o20 - appinit_dlls: c:\progra~1\google\google~1\goec62~1.dll
o22 - sharedtaskscheduler: preloader van browseui - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll
o22 - sharedtaskscheduler: cache-daemon voor onderdeelcategorien - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files\avira\antivir desktop\avguard.exe
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: bluetooth service (btwdins) - broadcom corporation. - c:\program files\widcomm\bluetooth software\bin\btwdins.exe
o23 - service: google desktop manager 5.9.911.3589 (googledesktopmanager-110309-193829) - google - c:\program files\google\google desktop search\googledesktop.exe
o23 - service: google updateservice (gupdate1ca0a9eff1ab4b2) (gupdate1ca0a9eff1ab4b2) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: intel(r) matrix storage event monitor (iaantmon) - intel corporation - c:\program files\intel\intel matrix storage manager\iaantmon.exe
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: lavasoft ad-aware service - lavasoft - c:\program files\lavasoft\ad-aware\aawservice.exe
o23 - service: raw socket service (rs_service) - acer incorporated - c:\program files\acer\acer vcm\rs_service.exe
--
end of file - 12000 bytes

[/hjt]
 
Hallo Hendriek, start HijackThis opnieuw en kies voor Scan only, nadat je een vinkje hebt gezet voor de met de onderstaand corresponderende regels, klik je vervolgens op de knop Fix checked:

o4 - hklm\..\run: [userfaultcheck] %systemroot%\system32\dumprep 0 -u
o4 - hklm\..\run: [windows login assistance] c:\documents and settings\hendriek\application data\s05-3636-t34636-7574-blazebot-asget-ueiaash\winlogon.exe
o4 - hklm\..\run: [windows login assistance] c:\documents and settings\hendriek\application data\s05-3636-t34636-7574-blazebot-asget-ueiaash\winlogon.exe
o4 - hklm\..\policies\explorer\run: [windows login assistance] c:\documents and settings\hendriek\application data\s05-3636-t34636-7574-blazebot-asget-ueiaash\winlogon.exe
o4 - hkcu\..\policies\explorer\run: [windows login assistance] c:\documents and settings\hendriek\application data\s05-3636-t34636-7574-blazebot-asget-ueiaash\winlogon.exe


Hierna je PC herstarten!



Download, installeer en blijf a-squared Free 4.5 gebruiken.

Direkt na de installatie wil ook a-squared Free 4.5 updaten.

Dat verhinder je. Start a-squared Free 4.5 en klik op Configureer updates en haal dan het vinkje weg bij Extra talen installeren!

Hierna kan je a-squared Free 4.5 de nieuwste definities binnenhalen.
Nadat de update gedaan is kies je voor Grondige Scan.


Download a-squared Free 4.5


VISTAGEBRUIKERS: klik de betreffende snelkoppeling met rechts aan en kies voor Eigenschappen.
In het Eigenschappenvenster klik je dan op de knop Geavanceerd en zet je een vinkje bij Als administrator uitvoeren.



Post een nieuw HJT-log en het log van a-squared!
Tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop Open the Misc Tools section, dan op de knop Open Uninstall Manager en als laatse op de knop Save.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan