Hoi Jeroen,
ook in dit logje niets te zien, dus ook hier voor zekerheid ff verder kijken.
Eerst ADWcleaner, zoals eerder al om schreven en dat logje plaatsen.
Computer is dan al opnieuw gestart.
Daarna mag je ook Combo, zoals eerder omschreven uitvoeren en dat logje plaatsen.
Plaats dan ook een nieuw HijackThis logje
Houd wel deze volgorde aan!!!
Succes,
Huib;)
Hi Huib,
Hier alvast het ADW logje. Ik ga verder met combo.
gr
Jeroen
# AdwCleaner v2.005 - Verslag gemaakt op 25/10/2012 om 23:25:24
# Geactualiseerd op 14/10/2012 door Xplode
# Besturingssysteem : Windows Vista (TM) Home Premium (32 bits)
# Gebruiker : Jeroen - PC_VAN_JEROEN
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Jeroen\Downloads\adwcleaner.exe
# Optie
***** *****
***** *****
Map Verwijdert : C:\Program Files\Viewpoint
Map Verwijdert : C:\ProgramData\Viewpoint
***** *****
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\S
Sleutel Verwijdert : HKLM\Software\MetaStream
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Sleutel Verwijdert : HKLM\Software\Viewpoint
***** *****
-\\ Internet Explorer v7.0.6000.16982
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v
File : C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Preferences
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Hi Huib,
Combofix had er een boel moeite mee. Hieronder de logjes.
Groet,
Jeroen
Combofix:
ComboFix 12-10-25.02 - Jeroen 25-10-2012 23:37:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.3070.1779
Gestart vanuit: c:\users\Jeroen\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\CddbCdda.dll
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_nvsvc
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-25 to 2012-10-25 ))))))))))))))))))))))))))))))
.
.
2012-10-25 20:07 . 2012-10-25 20:07 ——– d—–w- c:\users\Jeroen\AppData\Roaming\Malwarebytes
2012-10-25 20:06 . 2012-10-25 20:06 ——– d—–w- c:\programdata\Malwarebytes
2012-10-25 20:06 . 2012-10-25 20:07 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2012-10-25 20:06 . 2012-09-29 17:54 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 18:56 . 2012-10-25 18:56 ——– d—–w- c:\program files\ESET
2012-10-23 17:42 . 2012-10-12 05:56 6918632 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1811C196-A00A-4096-854F-BD7969249C10}\mpengine.dll
2012-10-23 17:35 . 2012-10-23 17:35 ——– d—–w- c:\windows\system32\drivers\NSS
2012-10-23 17:35 . 2012-10-23 17:35 ——– d—–w- c:\program files\Norton Security Scan
2012-10-23 17:35 . 2012-10-23 17:35 ——– d—–w- c:\programdata\Norton
2012-10-23 17:35 . 2012-10-23 17:35 ——– d—–w- c:\program files\NortonInstaller
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 10:18 . 2012-02-24 08:13 360392 —-a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 10:18 . 2012-02-24 08:13 738504 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 10:18 . 2012-02-24 08:13 54232 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 10:18 . 2012-02-24 08:13 35928 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-23 10:18 . 2012-02-24 08:13 58680 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-23 10:18 . 2012-02-24 08:13 21256 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 10:17 . 2012-02-24 08:12 41224 —-a-w- c:\windows\avastSS.scr
2012-10-23 10:17 . 2012-02-24 08:12 227648 —-a-w- c:\windows\system32\aswBoot.exe
2012-10-12 10:49 . 2012-05-01 20:34 73656 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 10:49 . 2012-05-01 20:34 696760 —-a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2012-10-23 10:17 121528 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“PC Suite Tray”=“c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe”
.
“SynTPStart”=“c:\program files\Synaptics\SynTP\SynTPStart.exe”
“SMSERIAL”=“c:\program files\Motorola\SMSERIAL\sm56hlpr.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe”
“QPService”=“c:\program files\HP\QuickPlay\QPService.exe”
“QlbCtrl”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe”
“OnScreenDisplay”=“c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe”
“UCam_Menu”=“c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe”
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe”
“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”
“WAWifiMessage”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE
.
“mixer2”=wdmaud.drv
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
bthsvcs REG_MULTI_SZ BthServ
.
2007-08-23 15:34 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-10-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-10-23 c:\windows\Tasks\Norton Security Scan for Jeroen.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=laptop
TCP: DhcpNameServer = 192.168.2.254
.
.
——- Bestandsassociaties ——-
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
.
**************************************************************************
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘Explorer.exe’(1540)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
———————— Andere Aktieve Processen ————————
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Voltooingstijd: 2012-10-25 23:57:07 - machine werd herstart
ComboFix-quarantined-files.txt 2012-10-25 21:56
.
Pre-Run: 65.227.841.536 bytes beschikbaar
Post-Run: 64.805.793.792 bytes beschikbaar
.
- - End Of File - - D4592A2DEC47A745E7C1E966BAFB015E
Hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:01:02, on 26-10-2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Users\Jeroen\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM\..\Run: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”
O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 9024 bytes
Goeie morgen Jeroen,
Start hijackThis, kilk op scan en vink de volgende regels aan:
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
Sluit alle openstaande vensters, behalve HijackThis en klik op Fix Checked.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
c:\windows\Tasks\Norton Security Scan for Jeroen.job
Folder::
c:\program files\Norton Security Scan
c:\programdata\Norton
c:\program files\NortonInstaller
c:\program files\ESET
Registry::
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Succes,
Huib;)
Goedemorgen Huib,
Hieronder de logjes. Ben pas maandag weer terug, dus dan kan ik pas je antwoord zien. Deze keer vond combofix inderdaad iets. Alvast wederom bedankt voor je hulp.
gr
Jeroen
Combofix:
ComboFix 12-10-25.02 - Jeroen 26-10-2012 10:18:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.3070.1918
Gestart vanuit: c:\users\Jeroen\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jeroen\Desktop\CFScript.txt
.
FILE ::
“c:\windows\Tasks\Norton Security Scan for Jeroen.job”
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET
c:\program files\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files\ESET\ESET Online Scanner\log.txt
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0576.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod07D6.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0872.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod1491.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod222C.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod22B0.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod23A0.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod26F3.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod358B.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod39BD.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3DB0.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4A02.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5494.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5520.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6402.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod651C.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6678.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6D3F.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod7669.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod7A10.nup
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files\ESET\ESET Online Scanner\Modules\em023_32.dat
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files\ESET\ESET Online Scanner\unicows.dll
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\Engine\3.7.2.5\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files\Norton Security Scan\Engine\3.7.2.5\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\program files\Norton Security Scan\Engine\3.7.2.5\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\program files\Norton Security Scan\Engine\3.7.2.5\BilBDRes.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\ccL100U.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\ccScanw.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\ccVrTrst.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\Config.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\dec_abi.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\DefUtDCD.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\diLueCbk.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\ecmldr32.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\HeartBt.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\help.htm
c:\program files\Norton Security Scan\Engine\3.7.2.5\InstWrap.exe
c:\program files\Norton Security Scan\Engine\3.7.2.5\InstWRes.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\Microsoft.VC90.CRT.manifest
c:\program files\Norton Security Scan\Engine\3.7.2.5\msl.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\msvcp90.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\msvcr90.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\Nss.exe
c:\program files\Norton Security Scan\Engine\3.7.2.5\patch25d.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\pePIDyn.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\pePIRes.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\pePIRes.dll.bckp
c:\program files\Norton Security Scan\Engine\3.7.2.5\RevList.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\SAUpdt.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\ScanCore.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\ScanRes.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\ScanText.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\SKU.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\SKURes.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\SymCCIS.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\SymCCISE.exe
c:\program files\Norton Security Scan\Engine\3.7.2.5\SymDltCl.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\SymHTML.dll
c:\program files\Norton Security Scan\Engine\3.7.2.5\SymInstallStub.exe
c:\program files\Norton Security Scan\isolate.ini
c:\program files\NortonInstaller
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\13\01\InstUI.loc
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\ccL100U.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\ccSet.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\Engine.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\extract.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\fallback.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\finalzed.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\install.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\Install.mft
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\InstStub.exe
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\InstUI.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\layout.dat
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\ProdCbk.dll
c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\3.7.2.5\SKU.dll
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\isolate.ini
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\Module9000.txt
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.7.2.5\Connections\connections.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.7.2.5\diMaster\eula.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.7.2.5\diMaster\service.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.7.2.5\itbLUReg\{65190544-26C3-43a4-A78A-694964901607}.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.7.2.5\itbLUReg\{6E3396BD-C6A6-4f0f-9254-267F9058FEC4}.dat
c:\programdata\Norton\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS_3.7.2.5\itbLUReg\{D4F4CC32-7A41-4684-AE57-41E59E9B4503}.dat
c:\windows\Tasks\Norton Security Scan for Jeroen.job
.
Besmet exemplaar van c:\windows\system32\Drivers\atapi.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\erdnt\cache\atapi.sys
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-26 to 2012-10-26 ))))))))))))))))))))))))))))))
.
.
2012-10-26 08:29 . 2012-10-26 08:29 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-10-25 20:07 . 2012-10-25 20:07 ——– d—–w- c:\users\Jeroen\AppData\Roaming\Malwarebytes
2012-10-25 20:06 . 2012-10-25 20:06 ——– d—–w- c:\programdata\Malwarebytes
2012-10-25 20:06 . 2012-10-25 20:07 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2012-10-25 20:06 . 2012-09-29 17:54 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-10-23 17:42 . 2012-10-12 05:56 6918632 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1811C196-A00A-4096-854F-BD7969249C10}\mpengine.dll
2012-10-23 17:35 . 2012-10-23 17:35 ——– d—–w- c:\windows\system32\drivers\NSS
2012-10-23 17:35 . 2012-10-23 17:35 ——– d—–w- c:\programdata\NortonInstaller
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 10:18 . 2012-02-24 08:13 360392 —-a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 10:18 . 2012-02-24 08:13 738504 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 10:18 . 2012-02-24 08:13 54232 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 10:18 . 2012-02-24 08:13 35928 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-23 10:18 . 2012-02-24 08:13 58680 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-23 10:18 . 2012-02-24 08:13 21256 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 10:17 . 2012-02-24 08:12 41224 —-a-w- c:\windows\avastSS.scr
2012-10-23 10:17 . 2012-02-24 08:12 227648 —-a-w- c:\windows\system32\aswBoot.exe
2012-10-12 10:49 . 2012-05-01 20:34 73656 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 10:49 . 2012-05-01 20:34 696760 —-a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2012-10-23 10:17 121528 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“PC Suite Tray”=“c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe”
.
“SynTPStart”=“c:\program files\Synaptics\SynTP\SynTPStart.exe”
“SMSERIAL”=“c:\program files\Motorola\SMSERIAL\sm56hlpr.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe”
“QPService”=“c:\program files\HP\QuickPlay\QPService.exe”
“QlbCtrl”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe”
“OnScreenDisplay”=“c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe”
“UCam_Menu”=“c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe”
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe”
“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”
“WAWifiMessage”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE
.
“mixer2”=wdmaud.drv
.
“DisableMonitoring”=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
.
bthsvcs REG_MULTI_SZ BthServ
.
2007-08-23 15:34 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-10-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=laptop
TCP: DhcpNameServer = 192.168.2.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.7.2.5\InstWrap.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-26 10:33
Windows 6.0.6000 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘Explorer.exe’(2652)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
———————— Andere Aktieve Processen ————————
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Voltooingstijd: 2012-10-26 10:38:16 - machine werd herstart
ComboFix-quarantined-files.txt 2012-10-26 08:38
ComboFix2.txt 2012-10-25 21:57
.
Pre-Run: 64.786.501.632 bytes beschikbaar
Post-Run: 64.744.321.024 bytes beschikbaar
.
- - End Of File - - 881883F9CFA4A6D3EC7D623F76F62748
Hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:29, on 26-10-2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Users\Jeroen\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM\..\Run: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”
O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 8868 bytes
Hoi Jeroen,
Hoe is het nu met het probleem:S
ADWcleaner mag je met de knop deinstalatie weer verwijderen.
Combo als volgt, zie hier.
We zien je maandag wel weer.
Groetjes Huib;)
Hoi Huib,
Duurde ietsje langer. Voor zover ik kan zien is de email niet meer gekraakt (heb in ieder geval geen vreemde dingen gezien). Werk nu weer op de eerste computer, maar als ik het goed begrepen heb zat daar geen virus en/of keylogger in.
Voor de andere computer heb ik alle instructies opgevolgd. Deze lijkt nu wat sneller te draaien. Ik heb echter geen idee wat er mee aan de hand was. Wat voor virus zat er in die computer?
Heb inmiddels Combo en ADWcleaner weer verwijderd. In ieder geval hardstikke bedankt voor al je hulp!
Gr
Jeroen
Hoi Jeroen,
Je schreef o.a.:
>>>Werk nu weer op de eerste computer, maar als ik het goed begrepen heb zat daar geen virus en/of keylogger in. <<<
Klopt.
>>>Voor de andere computer heb ik alle instructies opgevolgd. Deze lijkt nu wat sneller te draaien. Ik heb echter geen idee wat er mee aan de hand was.<<<
Hier zat wel een trojan op.
Verwijder alle herstelpunten van deze computer en maak een nieuw herstelpunt.
Voer met regelmaat ons schoonmaakplan uit.
Bedenk wel dat die computer waar meerdere mensen gebruik van maken sneller trager zal zijn omdat vaak gebruikers van alles tegelijk willen doen en dit alles heeft natuurlijk ook te maken met de systeemconfiguratie.
Groetjes Huib;)
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's