Ga naar inhoud

Trojaans paard generic 22 bagu


Aanbevolen berichten

Sinds gistere weer last van paarden dus dit topic weer even geopend ...

Heb malware en avira al laten lopen die al een hoop hebben verwijderd maar blijf detecties krijgen van "trojaans paard generic 22" bhpb" en "virus boxed"

Hijack logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:05:00, on 2/06/2011

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Koen\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Koen\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 9286 bytes

Link naar reactie
Delen op andere sites

  • Reacties 30
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Dit logje is probleemloos. Even dieper kijken :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Avg 9.0 is uitgeschakelt, resident shield, link scanner dan toch.

Anti virus, anti spyware, e mailscanner blijven op actief staan.

Bij Emailscanner, " Go to E-mail Scanner - Servers POP3, and click on the POP3 server " en " Un-tick the option Activate this server and use it for receiving e-mails" staat er niet tussen.

De binnenkomende en uitgaande mails controleren staan uitgevinkt maar het emailscannen blijft op actief staan.

Comofix weigert te starten omdat avg nog actief is en vraagt dit te verwijderen.

Link naar reactie
Delen op andere sites

Heb ondertussen maar avg verwijderd, combofix start nu op en ik krijg een schermpje te zien met op zoek naar geinfecteerde bestanen, dit kan 10min - 20 min duren "

Meer als een uur later staat het zelfde schermpje er nog steeds, ik krijg ook niets te zien of deze weldegelijk aan het scannen is ofzo, geen of dit zo hoort.

Ik moet dadalijk naar men werk vertrekken dus laat ik het maar scannen tot morgen middag.

Als ik tegen dan nog steeds hetzelde schermpje zie vermoed ik dat er iets niet klopt :)

Link naar reactie
Delen op andere sites

Na een heel gedoe, eindelijk logje van combofix

ComboFix 11-06-03.02 - Koen 03/06/2011 16:35:45.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.2047.1226 [GMT 2:00]

Gestart vanuit: c:\users\Koen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2D8JOHR\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$xntuninstall643$

c:\windows\$xntuninstall643$\apUninstall.exe

c:\windows\$XNTUninstall643$\buomo.dll

c:\windows\$XNTUninstall643$\wktly.dll

c:\windows\$xntuninstall643$\zrpt.xml

.

---- Voorgaande Run -------

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\system32\tmp.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_.i8042prt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-03 to 2011-06-03 ))))))))))))))))))))))))))))))

.

.

2011-06-03 14:44 . 2011-06-03 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-03 14:30 . 2011-06-03 14:33 -------- d-----w- C:\32788R22FWJFW

2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\users\Default\Tracing

2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\program files\WhiteSmoke

2011-06-03 14:26 . 2011-06-03 14:27 -------- d-----w- c:\program files\SweetIM

2011-06-03 14:26 . 2011-06-03 14:26 -------- d-----w- c:\programdata\SweetIM

2011-06-03 10:58 . 2011-06-03 10:58 -------- d-----w- c:\users\Koen\AppData\Roaming\AVG9

2011-05-30 13:35 . 2011-05-30 13:35 -------- d-----w- c:\windows\Sun

2011-05-30 12:46 . 2011-05-30 12:46 -------- d-----w- c:\programdata\Yahoo! Companion

2011-05-28 03:24 . 2011-05-31 02:34 -------- d-----w- c:\users\Koen\Muvies

2011-05-22 11:32 . 2011-05-22 11:32 388096 ----a-r- c:\users\Koen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-22 11:32 . 2011-05-22 11:32 -------- d-----w- c:\program files\Trend Micro

2011-05-11 13:13 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-05-11 13:13 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-05-11 13:13 . 2011-05-11 13:13 -------- dc----w- c:\windows\system32\DRVSTORE

2011-05-11 13:12 . 2011-05-11 13:12 -------- d-----w- c:\program files\iPod

2011-05-11 13:12 . 2011-05-11 13:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-05-11 13:12 . 2011-05-11 13:13 -------- d-----w- c:\program files\iTunes

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-05-11 13:09 . 2011-05-11 13:10 -------- d-----w- c:\program files\QuickTime

2011-05-11 13:08 . 2011-05-11 13:08 -------- d-----w- c:\program files\Apple Software Update

2011-05-11 13:04 . 2011-05-11 13:04 -------- d-----w- c:\program files\Bonjour

2011-05-11 12:26 . 2011-05-11 12:26 -------- d-----w- c:\users\Koen\AppData\Local\Octoshape

2011-05-11 12:26 . 2011-05-11 12:26 -------- d-----w- c:\users\Koen\AppData\Roaming\Octoshape

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 07:11 . 2010-08-17 12:47 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 07:11 . 2010-08-17 12:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-18 23:55 . 2010-08-17 09:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-18 23:55 . 2010-08-17 09:49 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-23 08:11 . 2011-03-31 03:51 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5E04EFF-035C-443C-9A45-48BFC3B8007E}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2011-02-01 13:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-18 281768]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, mpfdkvsi.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]

R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-18 136360]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 22:14]

.

2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 22:14]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863898022-449067633-1713039750-1000Core.job

- c:\users\Koen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 20:27]

.

2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863898022-449067633-1713039750-1000UA.job

- c:\users\Koen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 20:27]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://home.sweetim.com

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Koen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.2 195.130.130.130

.

- - - - ORPHANS VERWIJDERD - - - -

.

BHO-{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4} - c:\windows\$XNTUninstall643$\wktly.dll

BHO-{E178638F-36F7-48D5-B0ED-C653EBF17380} - c:\windows\$XNTUninstall643$\buomo.dll

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

HKLM-Run-bipro - c:\windows\$XNTUninstall643$\wktly.dll

HKU-Default-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe

AddRemove-$XNTUninstall643$ - c:\windows\$XNTUninstall643$\apUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-03 16:44

Windows 6.0.6000 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,ef,f6,1b,f5,d0,5f,48,a5,ff,4e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,ef,f6,1b,f5,d0,5f,48,a5,ff,4e,\

.

Voltooingstijd: 2011-06-03 16:47:06

ComboFix-quarantined-files.txt 2011-06-03 14:47

.

Pre-Run: 158.067.789.824 bytes beschikbaar

Post-Run: 158.023.577.600 bytes beschikbaar

.

- - End Of File - - B99A04F8547D68D99EEB8F6F06A5E09C

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\SweetIM

c:\programdata\SweetIM

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SweetIM"=-

[-HKEY_LO[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Ook even vermelden dat er steeds na het heropstarten een kadertje verschijnt met " the file coud not be found". Moet dan op OK drukken om te verwijderen. Welke file, geen id ...

En sinds gisteren staat er plots een snelkoppeling van " by white smoke " op men bureablad. Van waar dat plots komt, ook geen id ...

Misschien dat jullie deze zaken kunnen terug vinden in de log files en eventueel kunnen verwijderen.

combofix.txt :

ComboFix 11-06-03.02 - Koen 04/06/2011 4:52.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.2047.958 [GMT 2:00]

Gestart vanuit: c:\users\Koen\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Koen\Documents\CFScript.txt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\SweetIM

c:\program files\SweetIM\Messenger\ContentPackagesActivationHandler.exe

c:\program files\SweetIM\Messenger\default.xml

c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll

c:\program files\SweetIM\Messenger\mgArchive.dll

c:\program files\SweetIM\Messenger\mgcommon.dll

c:\program files\SweetIM\Messenger\mgcommunication.dll

c:\program files\SweetIM\Messenger\mgconfig.dll

c:\program files\SweetIM\Messenger\mgFlashPlayer.dll

c:\program files\SweetIM\Messenger\mghooking.dll

c:\program files\SweetIM\Messenger\mgICQAuto.dll

c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll

c:\program files\SweetIM\Messenger\mglogger.dll

c:\program files\SweetIM\Messenger\mgMediaPlayer.dll

c:\program files\SweetIM\Messenger\mgMsnAuto.dll

c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll

c:\program files\SweetIM\Messenger\mgsimcommon.dll

c:\program files\SweetIM\Messenger\mgSweetIM.dll

c:\program files\SweetIM\Messenger\mgUpdateSupport.dll

c:\program files\SweetIM\Messenger\mgxml_wrapper.dll

c:\program files\SweetIM\Messenger\mgYahooAuto.dll

c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll

c:\program files\SweetIM\Messenger\msvcp71.dll

c:\program files\SweetIM\Messenger\msvcr71.dll

c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png

c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png

c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png

c:\program files\SweetIM\Messenger\resources\images\GamesButton.png

c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png

c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png

c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png

c:\program files\SweetIM\Messenger\resources\images\WinksButton.png

c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll

c:\program files\SweetIM\Messenger\SweetIM.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe

c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxAPI.dll

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DIFxInstallLog.txt

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\GEARAspiWDM.inf

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\gearaspiwdmx86.cat

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspi.dll

c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspiWDM.sys

c:\programdata\SweetIM

c:\programdata\SweetIM\Messenger\conf\adapter.xml

c:\programdata\SweetIM\Messenger\conf\autoupdate.xml

c:\programdata\SweetIM\Messenger\conf\contentpackages.xml

c:\programdata\SweetIM\Messenger\conf\logger.xml

c:\programdata\SweetIM\Messenger\conf\messages.xml

c:\programdata\SweetIM\Messenger\conf\sweetim.xml

c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml

c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml

c:\programdata\SweetIM\Messenger\data\Bars\Default\bar.html

c:\programdata\SweetIM\Messenger\data\Bars\Default\bar.js

c:\programdata\SweetIM\Messenger\data\Bars\Default\bar.swf

c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat

c:\programdata\SweetIM\Messenger\data\contentdb\installcontentvalidation.xml

c:\programdata\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm

c:\programdata\SweetIM\Messenger\data\packages\FailDialog\close_but.gif

c:\programdata\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-04 to 2011-06-04 ))))))))))))))))))))))))))))))

.

.

2011-06-04 03:02 . 2011-06-04 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-03 14:30 . 2011-06-04 02:49 -------- d-----w- C:\32788R22FWJFW

2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\users\Default\Tracing

2011-06-03 14:27 . 2011-06-03 14:27 -------- d-----w- c:\program files\WhiteSmoke

2011-06-03 10:58 . 2011-06-03 10:58 -------- d-----w- c:\users\Koen\AppData\Roaming\AVG9

2011-05-30 13:35 . 2011-05-30 13:35 -------- d-----w- c:\windows\Sun

2011-05-30 12:46 . 2011-05-30 12:46 -------- d-----w- c:\programdata\Yahoo! Companion

2011-05-28 03:24 . 2011-05-31 02:34 -------- d-----w- c:\users\Koen\Muvies

2011-05-22 11:32 . 2011-05-22 11:32 388096 ----a-r- c:\users\Koen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-22 11:32 . 2011-05-22 11:32 -------- d-----w- c:\program files\Trend Micro

2011-05-11 13:13 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-05-11 13:13 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-05-11 13:13 . 2011-05-11 13:13 -------- dc----w- c:\windows\system32\DRVSTORE

2011-05-11 13:12 . 2011-05-11 13:12 -------- d-----w- c:\program files\iPod

2011-05-11 13:12 . 2011-05-11 13:13 -------- d-----w- c:\program files\iTunes

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-05-11 13:09 . 2011-05-11 13:10 -------- d-----w- c:\program files\QuickTime

2011-05-11 13:08 . 2011-05-11 13:08 -------- d-----w- c:\program files\Apple Software Update

2011-05-11 13:04 . 2011-05-11 13:04 -------- d-----w- c:\program files\Bonjour

2011-05-11 12:26 . 2011-05-11 12:26 -------- d-----w- c:\users\Koen\AppData\Local\Octoshape

2011-05-11 12:26 . 2011-05-11 12:26 -------- d-----w- c:\users\Koen\AppData\Roaming\Octoshape

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 07:11 . 2010-08-17 12:47 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 07:11 . 2010-08-17 12:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-18 23:55 . 2010-08-17 09:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-18 23:55 . 2010-08-17 09:49 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-23 08:11 . 2011-03-31 03:51 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5E04EFF-035C-443C-9A45-48BFC3B8007E}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-18 281768]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, mpfdkvsi.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]

R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-18 136360]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 22:14]

.

2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 22:14]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863898022-449067633-1713039750-1000Core.job

- c:\users\Koen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 20:27]

.

2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863898022-449067633-1713039750-1000UA.job

- c:\users\Koen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 20:27]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://home.sweetim.com

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Koen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.2 195.130.130.130

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-04 05:02

Windows 6.0.6000 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,ef,f6,1b,f5,d0,5f,48,a5,ff,4e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,ef,f6,1b,f5,d0,5f,48,a5,ff,4e,\

.

Voltooingstijd: 2011-06-04 05:04:56

ComboFix-quarantined-files.txt 2011-06-04 03:04

ComboFix2.txt 2011-06-04 02:35

ComboFix3.txt 2011-06-03 14:47

.

Pre-Run: 161.279.283.200 bytes beschikbaar

Post-Run: 161.259.782.144 bytes beschikbaar

.

- - End Of File - - 909C82BC8F43C2B599E990E738113D58

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:19:10, on 4/06/2011

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 8136 bytes

Link naar reactie
Delen op andere sites

Verwijder manueel volgende vetgedrukte mappen

c:\ program files\WhiteSmoke

c:\users\Default\Tracing

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

Klik op 'Fix checked' om de items te verwijderen.

En laat dan maar weten of je nog merkbare problemen (Trojan, White Smoke of anderen) hebt ?

Link naar reactie
Delen op andere sites

Voor de moment geen last meer van trojan detectie, white smoke en tracing manueel verwijderd maar het kadertje bij het opstarten van "file not found..." blijft er op komen.

Heb nog eens hijack logje gemaakt, mss kan je daar iets op zien.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:37:24, on 4/06/2011

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 8250 bytes

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.