Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Databaseversie: 911122502
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
25-12-2011 17:55:01
mbam-log-2011-12-25 (17-55-01).txt
Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 304918
Verstreken tijd: 1 uur/uren, 59 minuut/minuten, 5 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
herstelpunten verwijderd,gescand met housecall
niks gevonden
gescand met microsoft online scanner niks gevonden
HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:24:39, on 25-12-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\MANONNA\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Nieuwe map (2)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: “C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schdlr32.exe” -s
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O11 - Options group: Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5781/mcfscan.cab
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Tomtom\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 5658 bytes
en combo
ComboFix 11-12-24.10 - MANONNA 25-12-2011 20:33:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.992
Gestart vanuit: c:\users\MANONNA\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\MANONNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\system32\AutoRun.inf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-25 to 2011-12-25 ))))))))))))))))))))))))))))))
.
.
2011-12-25 19:49 . 2011-12-25 19:50 ——– d—–w- c:\users\MANONNA\AppData\Local\temp
2011-12-25 19:49 . 2011-12-25 19:49 ——– d—–w- c:\users\Gast\AppData\Local\temp
2011-12-25 19:49 . 2011-12-25 19:49 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-12-23 11:44 . 2011-11-21 10:47 6823496 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB005053-922D-4B11-B5C6-A6F1C2827945}\mpengine.dll
2011-12-18 16:36 . 2011-12-18 16:36 ——– d—–w- c:\users\MANONNA\AppData\Local\Messenger_Plus_Live
2011-12-18 16:26 . 2011-12-23 13:25 ——– d—–w- c:\program files\BrowserCompanion
2011-12-18 16:25 . 2011-12-19 20:51 ——– d—–w- c:\users\MANONNA\AppData\Local\Linkury
2011-12-14 18:39 . 2011-10-27 08:01 3602816 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 18:39 . 2011-10-27 08:01 3550080 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 18:39 . 2011-10-14 16:02 429056 —-a-w- c:\windows\system32\EncDec.dll
2011-12-14 18:39 . 2011-11-23 13:37 2043904 —-a-w- c:\windows\system32\win32k.sys
2011-12-14 18:39 . 2011-11-08 12:10 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 18:39 . 2011-10-25 15:56 49152 —-a-w- c:\windows\system32\csrsrv.dll
2011-12-14 18:39 . 2011-11-08 14:42 2048 —-a-w- c:\windows\system32\tzres.dll
2011-11-30 21:13 . 2011-11-30 21:13 ——– d—–w- c:\users\MANONNA\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-06-29 18:14 41184 —-a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-05-22 09:13 199816 —-a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-06 17:10 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-05-22 09:14 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-05-22 09:14 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-05-22 09:14 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-05-22 09:13 55128 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2008-05-22 09:14 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-22 19:29 . 2011-06-05 20:35 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-05-01 07:52 472808 —-a-w- c:\windows\system32\deployJava1.dll
2011-11-22 19:34 . 2011-03-30 20:21 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“IncrediMail”=“c:\program files\IncrediMail\bin\IncMail.exe”
“NTI Scheduler”=“c:\program files\Common Files\NewTech Infosystems\Scheduler\Schdlr32.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe”
“IntelliPoint”=“c:\program files\Microsoft IntelliPoint\ipoint.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“AppInit_DLLs”=c:\windows\System32\eNetHook.dll
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
2007-02-06 22:04 464168 —-a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
2007-02-09 08:40 13312 —-a-w- c:\acer\Empowering Technology\eDSMSNfix.exe
.
2011-04-22 12:21 247728 —-a-w- d:\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
.
2006-11-05 19:48 57344 —-a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“EnableNotifications”=dword:00000001
“EnableNotificationsRef”=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
S2 TomTomHOMEService;TomTomHOMEService;d:\tomtom\TomTom HOME 2\TomTomHOMEService.exe
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\MANONNA\AppData\Roaming\Mozilla\Firefox\Profiles\6x29b06f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 20:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2011-12-25 21:13:39
ComboFix-quarantined-files.txt 2011-12-25 20:13
.
Pre-Run: 17.107.767.296 bytes beschikbaar
Post-Run: 16.564.629.504 bytes beschikbaar
.
- - End Of File - - D56ADDEFC074F88BF53A6A809A235AAB
zo.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
