Keylogger?

• 

  jeroen

  24-10-2012 20:29

  Het lijkt erop dat mijn email gekraakt is, mogelijk door een key logger. Heb inmiddels het email password aangepast, en alle stappen doorlopen. Ben benieuwd wat jullie van de logjes vinden.

  Hijack log:

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 20:22:44, on 24-10-2012

  Platform: Windows Vista SP2 (WinNT 6.00.1906)

  MSIE: Internet Explorer v9.00 (9.00.8112.16450)

  Boot mode: Normal

  Running processes:

  C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

  C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

  C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe

  C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

  C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

  C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

  C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

  C:\Program Files (x86)\Windows Media Player\wmplayer.exe

  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

  C:\Users\Jeroen\Downloads\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=92&bd=Pavilion&pf=cndt

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=92&bd=Pavilion&pf=cndt

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

  O1 - Hosts: ::1 localhost

  O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll

  O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll

  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

  O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

  O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

  O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll

  O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

  O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

  O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

  O4 - HKLM\..\Run: “c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

  O4 - HKLM\..\Run: c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\LabelPrint” UpdateWithCreateOnce “Software\CyberLink\LabelPrint\2.5”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\PowerDirector” UpdateWithCreateOnce “SOFTWARE\CyberLink\PowerDirector\7.0”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe”

  O4 - HKLM\..\Run: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices

  O4 - HKLM\..\RunOnce: “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /install /silent

  O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  O4 - HKCU\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

  O4 - HKCU\..\Run: C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

  O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

  O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

  O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

  O11 - Options group: Accelerated graphics

  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

  O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

  O20 - AppInit_DLLs: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

  O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

  O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

  O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

  O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

  O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

  O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

  O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

  O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

  O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe

  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

  O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

  O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

  O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

  –

  End of file - 13245 bytes

  Malware bytes:

  Malwarebytes Anti-Malware (Trial) 1.65.1.1000

  www.malwarebytes.org

  Database version: v2012.10.24.06

  Windows Vista Service Pack 2 x64 NTFS

  Internet Explorer 9.0.8112.16421

  Jeroen :: JEROEN-PC

  Protection: Enabled

  24-10-2012 20:16:55

  mbam-log-2012-10-24 (20-16-55).txt

  Scan type: Quick scan

  Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

  Scan options disabled: P2P

  Objects scanned: 199643

  Time elapsed: 3 minute(s), 27 second(s)

  Memory Processes Detected: 0

  (No malicious items detected)

  Memory Modules Detected: 0

  (No malicious items detected)

  Registry Keys Detected: 0

  (No malicious items detected)

  Registry Values Detected: 0

  (No malicious items detected)

  Registry Data Items Detected: 0

  (No malicious items detected)

  Folders Detected: 0

  (No malicious items detected)

  Files Detected: 0

  (No malicious items detected)

  (end)

  Rapporteren
• 

  fazantje

  24-10-2012 20:38

  Hoi Jeroen,

  Voor opschoning heeft het aanpassen van wachtwoorden geen zin als er een keylogger op je computer zit.

  Download AdwCleaner by Xplode naar je Bureaublad.

  Sluit alle openstaande vensters.

  Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…

  Voor XP: Gewoon dubbelklikken op AdwCleaner.

  Klik vervolgens op Verwijderen.

  Klik bij AdwCleaner – Informatie op OK

  Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

  Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.

  Nadat de PC opnieuw is opgestart, opent een logfile.

  Post dit logje samen met een nieuw HijackThis logje in je volgende bericht.

  Succes,

  Huib;)

  

  Rapporteren
• 

  Jeroen

  24-10-2012 21:00

  Hi Huib,

  Bedankt voor je hulp. En inderdaad, zal straks het pwd wederom aanpassen. Hierbij de logjes.

  ADW log:

  # AdwCleaner v2.005 - Logfile created 10/24/2012 at 20:49:17

  # Updated 14/10/2012 by Xplode

  # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)

  # User : Jeroen - JEROEN-PC

  # Boot Mode : Normal

  # Running from : C:\Users\Jeroen\Downloads\adwcleaner.exe

  # Option

  ***** *****

  ***** *****

  Deleted on reboot : C:\ProgramData\Browser Manager

  ***** *****

  Data Deleted : HKLM\..\Windows = c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

  Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

  Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

  Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

  Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

  Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar

  ***** *****

  -\\ Internet Explorer v9.0.8112.16421

  Registry is clean.

  *************************

  AdwCleaner.txt - -

  AdwCleaner.txt - -

  AdwCleaner.txt - -

  AdwCleaner.txt - -

  AdwCleaner.txt - -

  ########## EOF - C:\AdwCleaner.txt - ##########

  Nieuw Hijack this log:

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 20:58:41, on 24-10-2012

  Platform: Windows Vista SP2 (WinNT 6.00.1906)

  MSIE: Internet Explorer v9.00 (9.00.8112.16450)

  Boot mode: Normal

  Running processes:

  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

  C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

  C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

  C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

  C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

  C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

  C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Users\Jeroen\Downloads\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=92&bd=Pavilion&pf=cndt

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=92&bd=Pavilion&pf=cndt

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

  O1 - Hosts: ::1 localhost

  O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll

  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

  O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

  O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

  O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll

  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

  O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

  O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

  O4 - HKLM\..\Run: “c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

  O4 - HKLM\..\Run: c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\LabelPrint” UpdateWithCreateOnce “Software\CyberLink\LabelPrint\2.5”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\PowerDirector” UpdateWithCreateOnce “SOFTWARE\CyberLink\PowerDirector\7.0”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe”

  O4 - HKLM\..\Run: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices

  O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  O4 - HKCU\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

  O4 - HKCU\..\Run: C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

  O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

  O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

  O11 - Options group: Accelerated graphics

  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

  O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

  O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

  O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

  O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

  O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

  O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

  O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

  O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

  O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe

  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

  O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

  O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

  O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

  –

  End of file - 12214 bytes

  Rapporteren
• 

  fazantje

  24-10-2012 21:11

  Hoi Jeroen,

  Ik zie zo nog niets betreffende een keylogger.

  We gaan eens wat dieper kijken.

  Schakel nu eerst jou virusscanner uit.

  Download Combofix hier en plaats het op jou bureaublad.

  Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

  want Combofix wordt dagelijks geupdate.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt

  van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

  Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  Dubbelklik op Combofix.exe

  Volg de instructies, aanvaard de disclaimer.

  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

  De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast.

  Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

  Plaats deze log in je volgende post samen met een nieuw HijackThis log.

  Succes,

  Huib;)

  

  Rapporteren
• 

  jeroen

  24-10-2012 21:51

  Hoi Huib,

  Hieronder wederom de logjes. Eerst ook nog even iets over de andere computer……. Deze wordt met name door de rest van de familie gebruikt en vanaf die computer wordt soms ook het gekraakte hotmail account gelezen. Ik vermoed zo dat het probleem wel eens in die computer kan zitten. Helaas bevat deze maar liefst 6 verschillende gebruikers, waarvan enkele met paswoord beveiligd….. Anyway, ook met dat project ben ik zojuist begonnen dus er zullen nog wel meer berichten hier gaan volgen.

  Alvast wederom bedankt voor je hulp.

  Jeroen

  Combofix log:

  ComboFix 12-10-24.02 - Jeroen 24-10-2012 21:27:44.1.4 - x64

  Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2272

  Running from: c:\users\Jeroen\Downloads\ComboFix.exe

  AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

  FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

  SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

  SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

  .

  .

  ((((((((((((((((((((((((( Files Created from 2012-09-24 to 2012-10-24 )))))))))))))))))))))))))))))))

  .

  .

  2012-10-24 19:38 . 2012-10-24 19:38 ——– d—–w- c:\users\Jeroen\AppData\Local\temp

  2012-10-24 18:16 . 2012-10-24 18:16 ——– d—–w- c:\users\Jeroen\AppData\Roaming\Malwarebytes

  2012-10-24 18:15 . 2012-10-24 18:15 ——– d—–w- c:\programdata\Malwarebytes

  2012-10-24 18:15 . 2012-10-24 18:15 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware

  2012-10-24 18:15 . 2012-09-29 17:54 25928 —-a-w- c:\windows\system32\drivers\mbam.sys

  2012-10-24 17:06 . 2012-10-24 17:06 ——– d—–w- c:\program files (x86)\ESET

  2012-10-10 12:16 . 2012-09-13 13:45 2048 —-a-w- c:\windows\system32\tzres.dll

  2012-10-10 12:16 . 2012-09-13 13:28 2048 —-a-w- c:\windows\SysWow64\tzres.dll

  2012-10-10 12:16 . 2012-08-24 16:07 218624 —-a-w- c:\windows\system32\wintrust.dll

  2012-10-10 12:16 . 2012-08-24 15:53 172544 —-a-w- c:\windows\SysWow64\wintrust.dll

  2012-10-10 12:16 . 2012-06-02 00:20 174592 —-a-w- c:\windows\system32\cryptsvc.dll

  2012-10-10 12:16 . 2012-06-02 00:20 132096 —-a-w- c:\windows\system32\cryptnet.dll

  2012-10-10 12:16 . 2012-06-02 00:20 1268736 —-a-w- c:\windows\system32\crypt32.dll

  2012-10-10 12:16 . 2012-06-02 00:02 985088 —-a-w- c:\windows\SysWow64\crypt32.dll

  2012-10-10 12:16 . 2012-06-02 00:02 98304 —-a-w- c:\windows\SysWow64\cryptnet.dll

  2012-10-10 12:16 . 2012-06-02 00:02 133120 —-a-w- c:\windows\SysWow64\cryptsvc.dll

  2012-10-10 12:16 . 2012-08-29 11:40 4699520 —-a-w- c:\windows\system32\ntoskrnl.exe

  2012-09-26 16:13 . 2012-09-26 16:13 ——– d—–w- c:\windows\en

  2012-09-26 16:11 . 2009-09-04 15:44 69464 —-a-w- c:\windows\SysWow64\XAPOFX1_3.dll

  2012-09-26 16:11 . 2009-09-04 15:44 515416 —-a-w- c:\windows\SysWow64\XAudio2_5.dll

  2012-09-26 16:11 . 2009-09-04 15:29 453456 —-a-w- c:\windows\SysWow64\d3dx10_42.dll

  2012-09-26 16:11 . 2009-09-04 15:29 523088 —-a-w- c:\windows\system32\d3dx10_42.dll

  2012-09-26 16:10 . 2012-09-26 16:10 15712 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7b8e83101cd9c0122\MeshBetaRemover.exe

  2012-09-26 16:10 . 2012-09-26 16:10 94040 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6e26a8601cd9c011a\DSETUP.dll

  2012-09-26 16:10 . 2012-09-26 16:10 525656 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6e26a8601cd9c011a\DXSETUP.exe

  2012-09-26 16:10 . 2012-09-26 16:10 1691480 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6e26a8601cd9c011a\dsetup32.dll

  2012-09-26 16:10 . 2012-09-26 16:10 94040 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6d4e70d01cd9c0119\DSETUP.dll

  2012-09-26 16:10 . 2012-09-26 16:10 525656 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6d4e70d01cd9c0119\DXSETUP.exe

  2012-09-26 16:10 . 2012-09-26 16:10 1691480 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6d4e70d01cd9c0119\dsetup32.dll

  2012-09-26 16:09 . 2012-10-16 07:01 ——– d—–w- c:\users\Jeroen\AppData\Local\Windows Live

  2012-09-26 16:08 . 2009-08-04 08:12 1103872 —-a-w- c:\windows\system32\webservices.dll

  2012-09-26 16:08 . 2009-08-04 08:02 754688 —-a-w- c:\windows\SysWow64\webservices.dll

  .

  .

  .

  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  2012-10-11 01:06 . 2006-11-02 12:35 65309168 —-a-w- c:\windows\system32\mrt.exe

  2012-10-08 19:09 . 2012-04-04 05:41 696760 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe

  2012-10-08 19:09 . 2011-06-15 05:29 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

  2012-09-26 16:11 . 2010-06-24 09:33 19720 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

  2012-08-24 11:15 . 2012-09-23 01:00 17810944 —-a-w- c:\windows\system32\mshtml.dll

  2012-08-24 10:39 . 2012-09-23 01:00 10925568 —-a-w- c:\windows\system32\ieframe.dll

  2012-08-24 10:31 . 2012-09-23 01:00 2312704 —-a-w- c:\windows\system32\jscript9.dll

  2012-08-24 10:22 . 2012-09-23 01:00 1346048 —-a-w- c:\windows\system32\urlmon.dll

  2012-08-24 10:21 . 2012-09-23 01:00 1392128 —-a-w- c:\windows\system32\wininet.dll

  2012-08-24 10:20 . 2012-09-23 01:00 1494528 —-a-w- c:\windows\system32\inetcpl.cpl

  2012-08-24 10:18 . 2012-09-23 01:00 237056 —-a-w- c:\windows\system32\url.dll

  2012-08-24 10:17 . 2012-09-23 01:00 85504 —-a-w- c:\windows\system32\jsproxy.dll

  2012-08-24 10:14 . 2012-09-23 01:00 173056 —-a-w- c:\windows\system32\ieUnatt.exe

  2012-08-24 10:14 . 2012-09-23 01:00 816640 —-a-w- c:\windows\system32\jscript.dll

  2012-08-24 10:13 . 2012-09-23 01:00 599040 —-a-w- c:\windows\system32\vbscript.dll

  2012-08-24 10:12 . 2012-09-23 01:00 2144768 —-a-w- c:\windows\system32\iertutil.dll

  2012-08-24 10:11 . 2012-09-23 01:00 729088 —-a-w- c:\windows\system32\msfeeds.dll

  2012-08-24 10:10 . 2012-09-23 01:00 96768 —-a-w- c:\windows\system32\mshtmled.dll

  2012-08-24 10:09 . 2012-09-23 01:00 2382848 —-a-w- c:\windows\system32\mshtml.tlb

  2012-08-24 10:04 . 2012-09-23 01:00 248320 —-a-w- c:\windows\system32\ieui.dll

  2012-08-24 06:59 . 2012-09-23 01:00 1800704 —-a-w- c:\windows\SysWow64\jscript9.dll

  2012-08-24 06:51 . 2012-09-23 01:00 1129472 —-a-w- c:\windows\SysWow64\wininet.dll

  2012-08-24 06:51 . 2012-09-23 01:00 1427968 —-a-w- c:\windows\SysWow64\inetcpl.cpl

  2012-08-24 06:47 . 2012-09-23 01:00 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe

  2012-08-24 06:47 . 2012-09-23 01:00 420864 —-a-w- c:\windows\SysWow64\vbscript.dll

  2012-08-24 06:43 . 2012-09-23 01:00 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb

  .

  .

  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  *Note* empty entries & legit default entries are not shown

  REGEDIT4

  .

  “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”

  “HPADVISOR”=“c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe”

  .

  “hpsysdrv”=“c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe”

  “KBD”=“c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE”

  “StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

  “HP Health Check Scheduler”=“c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe”

  “UpdateP2GoShortCut”=“c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe”

  “UpdateLBPShortCut”=“c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe”

  “UpdatePDIRShortCut”=“c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe”

  “UpdatePSTShortCut”=“c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe”

  “TSMAgent”=“c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe”

  “CLMLServer for HP TouchSmart”=“c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”

  “TVAgent”=“c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe”

  “HP Software Update”=“c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe”

  “DVDAgent”=“c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe”

  “Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  “BCSSync”=“c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe”

  .

  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

  HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

  .

  “EnableUIADesktopToggle”= 0 (0x0)

  .

  “Userinit”=“c:\windows\system32\userinit.exe”

  .

  “LoadAppInit_DLLs”=1 (0x1)

  .

  R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  .

  .

  hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

  .

  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

  Themes

  ezSharedSvc

  .

  Contents of the ‘Scheduled Tasks’ folder

  .

  2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job

  - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  .

  2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

  - c:\program files (x86)\Google\Update\GoogleUpdate.exe

  .

  2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

  - c:\program files (x86)\Google\Update\GoogleUpdate.exe

  .

  2012-10-17 c:\windows\Tasks\HPCeeScheduleForJeroen.job

  - c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe

  .

  2012-07-08 c:\windows\Tasks\PCDRScheduledMaintenance.job

  - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe

  .

  .

  ——— X64 Entries ———–

  .

  .

  “IAAnotif”=“c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe”

  .

  ——- Supplementary Scan ——-

  .

  uStart Page = hxxp://www.startpagina.nl/

  uLocal Page = c:\windows\system32\blank.htm

  mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=92&bd=Pavilion&pf=cndt

  mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=92&bd=Pavilion&pf=cndt

  mLocal Page = c:\windows\SysWOW64\blank.htm

  IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

  IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

  TCP: DhcpNameServer = 192.168.2.254

  .

  - - - - ORPHANS REMOVED - - - -

  .

  Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

  Wow6432Node-HKLM-Run- - (no file)

  HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

  AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

  AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe

  AddRemove-Video Converter - c:\program files (x86)\VideoConverter\Uninstall\Uninstall.exe

  .

  .

  .

  “ImagePath”=“\”c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\“ /s \”N360\“ /m \”c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\“ /prefetch:1”

  .

  “ImagePath”=“\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms”

  .

  ——————— LOCKED REGISTRY KEYS ———————

  .

  @Denied: (A 2) (Everyone)

  @=“FlashBroker”

  “LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101”

  .

  “Enabled”=dword:00000001

  .

  @=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe”

  .

  @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

  .

  @Denied: (A 2) (Everyone)

  @=“IFlashBroker5”

  .

  @=“{00020424-0000-0000-C000-000000000046}”

  .

  @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

  “Version”=“1.0”

  .

  @Denied: (A 2) (Everyone)

  @=“FlashBroker”

  “LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101”

  .

  “Enabled”=dword:00000001

  .

  @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe”

  .

  @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

  .

  @Denied: (A 2) (Everyone)

  @=“Shockwave Flash Object”

  .

  @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx”

  “ThreadingModel”=“Apartment”

  .

  @=“0”

  .

  @=“ShockwaveFlash.ShockwaveFlash.11”

  .

  @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1”

  .

  @=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”

  .

  @=“1.0”

  .

  @=“ShockwaveFlash.ShockwaveFlash”

  .

  @Denied: (A 2) (Everyone)

  @=“Macromedia Flash Factory Object”

  .

  @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx”

  “ThreadingModel”=“Apartment”

  .

  @=“FlashFactory.FlashFactory.1”

  .

  @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1”

  .

  @=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”

  .

  @=“1.0”

  .

  @=“FlashFactory.FlashFactory”

  .

  @Denied: (A 2) (Everyone)

  @=“IFlashBroker5”

  .

  @=“{00020424-0000-0000-C000-000000000046}”

  .

  @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

  “Version”=“1.0”

  .

  @Denied: (A 2) (Everyone)

  .

  @=“Shockwave Flash”

  .

  @Denied: (A 2) (Everyone)

  @=“”

  .

  @=“FlashBroker”

  .

  “SymbolicLinkValue”=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

  .

  @Denied: (A) (Everyone)

  “Solution”=“{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}”

  .

  @Denied: (A) (Everyone)

  .

  “Key”=“ActionsPane3”

  “Location”=“c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd”

  .

  Completion time: 2012-10-24 21:40:58

  ComboFix-quarantined-files.txt 2012-10-24 19:40

  .

  Pre-Run: 421.974.048.768 bytes free

  Post-Run: 421.876.518.912 bytes free

  .

  - - End Of File - - 566F64C34C223ADDC0905A608DB81E07

  Hijack log:

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 21:50:58, on 24-10-2012

  Platform: Windows Vista SP2 (WinNT 6.00.1906)

  MSIE: Internet Explorer v9.00 (9.00.8112.16450)

  Boot mode: Normal

  Running processes:

  C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe

  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

  C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

  C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

  C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

  C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

  C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

  C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

  C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

  C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Program Files (x86)\Internet Explorer\iexplore.exe

  C:\Users\Jeroen\Downloads\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=92&bd=Pavilion&pf=cndt

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=92&bd=Pavilion&pf=cndt

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

  O1 - Hosts: ::1 localhost

  O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

  O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll

  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

  O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

  O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

  O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll

  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

  O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

  O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

  O4 - HKLM\..\Run: “c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

  O4 - HKLM\..\Run: c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\LabelPrint” UpdateWithCreateOnce “Software\CyberLink\LabelPrint\2.5”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\PowerDirector” UpdateWithCreateOnce “SOFTWARE\CyberLink\PowerDirector\7.0”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe”

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe”

  O4 - HKLM\..\Run: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

  O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices

  O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  O4 - HKCU\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

  O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

  O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

  O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

  O11 - Options group: Accelerated graphics

  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

  O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

  O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

  O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

  O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

  O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

  O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

  O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

  O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

  O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe

  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

  O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

  O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

  O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

  –

  End of file - 11941 bytes

  Rapporteren
• 

  fazantje

  24-10-2012 22:00

  Hoi Jeroen,

  Als 1e deze computer.

  Geen bijzonderheden te zien.

  Je mag combofix verwijderen, dat doe je als volgt:

  Download OTC exe hier, om combo weer helemaal te verwijderen.

  Plaats het bestand op je bureaublad.

  Zorg dat er een internetverbinding is.

  Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.

  Lukt dat niet , dan dubbelklikken op het icoon.

  Klik nu op de knop “CleanUp!”

  Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.

  OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

  Voer ook regelmatig ons schoonmaakplan uit.

  De andere computer,

  Je zei 6 gebruikers.

  Als je die computer ook wilt laten controleren, dan graag van alle gebruikers de logjes plaatsen.

  Dus alle gebruikers apart scannen.

  Succes,

  Huib;)

  

  Rapporteren
• 

  Jeroen

  24-10-2012 22:12

  Hoi Huib,

  Bedankt. Ga dan nu met de andere verder: 5 gebruikers deleten :-)

  Nieuwe computer = nieuw topic of hierin blijven?

  Gr

  Jeroen

  Rapporteren
• 

  fazantje

  24-10-2012 22:14

  Hoi Jeroen,

  Je mag hier blijven hoor;)

  Geef alleen ff ander onderwerp aan.

  Succes,

  Huib;)

  

  Rapporteren
• 

  Jeroen

  24-10-2012 23:25

  Maar even een kort berichtje tussendoor, die andere computer heeft nog wat meer problemen. Het wordt inmiddels laat, zal wel morgenavond worden voordat ik hier weer op terug kom.

  Groet

  Jeroen

  Rapporteren
• 

  Jeroen

  25-10-2012 23:01

  Hoi Huib,

  Dat duurde even, deze comp is niet zo snel. Heb alle accounts verwijderd, dus maar 1 logje. Virusscanners vonden niets, maar MBAM heeft 1 item verwijderd.

  Ben wederom benieuwd naar reacties.

  Gr

  Jeroen

  Hijack this:

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 22:51:04, on 25-10-2012

  Platform: Windows Vista (WinNT 6.00.1904)

  MSIE: Internet Explorer v7.00 (7.00.6000.16982)

  Boot mode: Normal

  Running processes:

  C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Windows\system32\taskeng.exe

  C:\Program Files\Synaptics\SynTP\SynTPStart.exe

  C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

  C:\Windows\RtHDVCpl.exe

  C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

  C:\Program Files\HP\QuickPlay\QPService.exe

  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

  C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

  C:\Program Files\Windows Defender\MSASCui.exe

  C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

  C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

  C:\Program Files\Java\jre6\bin\jusched.exe

  C:\Program Files\AVAST Software\Avast\AvastUI.exe

  C:\Program Files\HP\HP Software Update\hpwuschd2.exe

  C:\Program Files\Windows Sidebar\sidebar.exe

  C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

  C:\Windows\ehome\ehtray.exe

  C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

  C:\Windows\ehome\ehmsas.exe

  C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

  C:\Program Files\Windows Sidebar\sidebar.exe

  C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

  C:\Program Files\Internet Explorer\ieuser.exe

  C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

  C:\Windows\system32\wuauclt.exe

  C:\Users\Jeroen\Downloads\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=laptop

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=laptop

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=laptop

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O1 - Hosts: ::1 localhost

  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

  O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

  O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

  O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

  O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

  O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

  O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

  O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPStart.exe

  O4 - HKLM\..\Run: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

  O4 - HKLM\..\Run: RtHDVCpl.exe

  O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

  O4 - HKLM\..\Run: “C:\Program Files\HP\QuickPlay\QPService.exe”

  O4 - HKLM\..\Run: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

  O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

  O4 - HKLM\..\Run: “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”

  O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

  O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

  O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

  O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

  O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

  O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”

  O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui

  O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

  O4 - HKLM\..\Run: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

  O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

  O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe

  O4 - HKCU\..\Run: “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray

  O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

  O4 - Global Startup: BTTray.lnk = ?

  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

  O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

  O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

  O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

  O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

  O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

  O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

  O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

  O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

  O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

  O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

  –

  End of file - 10089 bytes

  MBAM:

  Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.1.1000

  www.malwarebytes.org

  Databaseversie: v2012.10.25.07

  Windows Vista x86 NTFS

  Internet Explorer 7.0.6000.16982

  Jeroen :: PC_VAN_JEROEN

  Realtime bescherming: Ingeschakeld

  25-10-2012 22:08:10

  mbam-log-2012-10-25 (22-08-10).txt

  Scantype: Snelle scan

  Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

  Uitgeschakelde scanopties: P2P

  Objecten gescand: 189901

  Verstreken tijd: 4 minuut/minuten, 17 seconde(n)

  Geheugenprocessen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerwaarden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata gedetecteerd: 1

  HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Slecht: () Goed: (“%1” /S) -> Zal worden verwijderd tijdens het herstarten.

  Mappen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  (einde)

  Rapporteren

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.