Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Yvonne0603
Hallo,
Sinds gisteren last van een hardnekkigge trojan horse. Volgens mij heb ik alle stappen uitgevoerd. Willen jullie dit bekijken?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:03:43, on 8-8-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\SpoJag\AppData\Local\Apps\2.0\BJDEXLQG.RYT\TXWAVZ8N.LAR\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F “C:\Windows\TEMP\E_S96C.tmp” /EF “HKLM”
O4 - HKLM\..\Run: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: C:\Acer\AcerTour\Reminder.exe (User ‘SYSTEEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\Acer\AcerTour\Reminder.exe (User ‘Default user’)
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: OneNote-inhoudsopgave.onetoc2
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6431/mcfscan.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
–
End of file - 8177 bytes
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Databaseversie: 7411
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
8-8-2011 19:56:14
mbam-log-2011-08-08 (19-56-14).txt
Scantype: Snelle scan
Objecten gescand: 156271
Verstreken tijd: 3 minuut/minuten, 8 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 4
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 14
Bestanden geïnfecteerd: 26
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
c:\program files\automated content enhancer (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\Data (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330 (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\Data (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
c:\Windows\run_setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\SpoJag\AppData\Roaming\microsoft\Windows\start menu\Programs\security tool.lnk (Rogue.SecurityTool) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\acecommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\components\aceffaddon.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\components\aceffaddon.xpt (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\automated content enhancer\4.3.0.5570\FF\components\aceffhelpercomponent.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\wsocommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\components\wsoffaddon.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\components\wsoffaddon.xpt (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\web search operator\4.3.0.2330\FF\components\wsoffhelpercomponent.js (Adware.Agent) -> Quarantined and deleted successfully.
