security tools probleem

[Coen53]

Beste allemaal

Alweer heb ik last van een malware progammatje.

Nou goed volgens mij heb ik ze allebij (security tools en anti malware doctor) waarvan de eerste actief bezig is.

Ik heb HiJackThis gedownload en geinstaleerd maar kan hem niet openen omdat de malware met iets opkomt en HiJackThis dan word afgesloten.

Ik heb windows 7 en het lukt me niet hem te openen als administrator. hoe doe ik dit zodat ik het progammatje kan laten draaien?

Alvast bedankt

Groeten Coen

[Kurtt]

Probeer hijackthis te laden in veilige modus. F8 blijven tokkelen tijdens het opstarten om in veilige modus te geraken.

[Coen53]

juist ik ren even naar boven om te proberen

---------- Post toegevoegd om 15:58 ---------- Vorige post was om 15:51 ----------

Bedankt het is gelukt!

Het logboekje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:55:38, on 14-9-2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Safe mode

Running processes:

C:\Windows\system32\userinit.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = DAEMON-Search.com :: STARTPAGE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Coen\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [coexwsanmr.exe] "C:\Users\Coen\AppData\Local\Temp\coexwsanmr.exe"

O4 - HKCU\..\Run: [handlerfix70700en00.exe] C:\Users\Coen\AppData\Roaming\CAA7B7696394E04CBA00F31712BF9E3F\handlerfix70700en00.exe

O4 - HKCU\..\Run: [COM+ Manager] "C:\Users\Coen\.COMMgr\complmgr.exe"

O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\Coen\AppData\Local\Temp\sshnas21.dll,GetHandle

O4 - HKCU\..\Run: [YXE7DXCQ37] C:\Users\Coen\AppData\Local\Temp\Cld.exe

O4 - HKCU\..\Run: [OTGV1DNWQQ] C:\Users\Coen\AppData\Local\Temp\Clj.exe

O4 - HKCU\..\RunOnce: [37794] "C:\Users\Coen\AppData\Local\37794.exe" 5 38

O4 - Startup: Antimalware Doctor.lnk = Coen\AppData\Roaming\CAA7B7696394E04CBA00F31712BF9E3F\handlerfix70700en00.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~4\GO36F4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--

End of file - 6959 bytes

Thx

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop RelevantKnowledge

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete RelevantKnowledge

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = DAEMON-Search.com :: STARTPAGE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKCU\..\Run: [coexwsanmr.exe] "C:\Users\Coen\AppData\Local\Temp\coexwsanmr.exe"

O4 - HKCU\..\Run: [handlerfix70700en00.exe] C:\Users\Coen\AppData\Roaming\CAA7B7696394E04CBA00F31712BF9E3F\handlerfix70700en 00.exe

O4 - HKCU\..\Run: [COM+ Manager] "C:\Users\Coen\.COMMgr\complmgr.exe"

O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\Coen\AppData\Local\Temp\sshnas21.dll,GetHandle

O4 - HKCU\..\Run: [YXE7DXCQ37] C:\Users\Coen\AppData\Local\Temp\Cld.exe

O4 - HKCU\..\Run: [OTGV1DNWQQ] C:\Users\Coen\AppData\Local\Temp\Clj.exe

O4 - HKCU\..\RunOnce: [37794] "C:\Users\Coen\AppData\Local\37794.exe" 5 38

O4 - Startup: Antimalware Doctor.lnk = Coen\AppData\Roaming\CAA7B7696394E04CBA00F31712BF9E3F\handlerfix70700en00.exe

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~4\GO36F4~1.DLL

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[Coen53]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4052

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

14-9-2010 18:27:01

mbam-log-2010-09-14 (18-27-01).txt

Scantype: Snelle scan

Objecten gescand: 127815

Verstreken tijd: 4 minuut/minuten, 33 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 5

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 3

Bestanden geïnfecteerd: 22

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.

HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> No action taken.

Bestanden geïnfecteerd:

C:\Users\Coen\AppData\Local\Temp\noeramwxcs.exe (Trojan.Agent.Gen) -> No action taken.

C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> No action taken.

C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken.

C:\Users\Coen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.

C:\Users\Coen\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.

C:\Users\Coen\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.

C:\Users\Coen\.COMMgr\complmgr.exe (Trojan.Agent) -> No action taken.

C:\Users\Coen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:21:45, on 14-9-2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Safe mode

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Coen\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--

End of file - 5926 bytes

[Coen53]

kloppen deze logjes?

computer werkt redelijk, internet gaat vooral erg sloom.

[kape]

De logjes kloppen wel, maar bij Malwarebytes heb je blijkbaar niet gekozen om de gevonden items te verwijderen. "No action taken" wijst alvast in die richting. Wil je Malwarebytes nog eens laten scannen en nu wél kiezen voor "verwijderen". Zet daarna een nieuw logje van Malwarebytes in je volgende bericht.

[Coen53]

Ik heb het wel verwijderd, het logje had ik alleen voor het verwijderen opgeslagen.

nieuwe log (uitgebreide scan)

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4615

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

14-9-2010 20:36:26

mbam-log-2010-09-14 (20-36-26).txt

Scantype: Volledige scan (C:\|D:\|)

Objecten gescand: 258733

Verstreken tijd: 41 minuut/minuten, 17 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 1

Registersleutels geïnfecteerd: 4

Registerwaarden geïnfecteerd: 2

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 20

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

C:\Users\Coen\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yxe7dxcq37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\Users\Coen\AppData\Local\37794.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\stp8819c.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\sxcfgslr.exe (Rogue.SecuritySolutionsScanner) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\wnoeracsxm.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Clg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Clh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Cli.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Clj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\coexwsanmr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Clf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\17g3i7.exe (Trojan.Alureon) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Clb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Clc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Cle.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Roaming\CAA7B7696394E04CBA00F31712BF9E3F\handlerfix70700en00.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Rootkit.Agent.Gen) -> Quarantined and deleted successfully.

C:\Windows\System32\drivers\hgqnaew.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Coen\AppData\Local\Temp\Cld.exe (Trojan.FakeAlert) -> Delete on reboot.

[kape]

OK, om de items allemaal te verwijderen moet je de PC opnieuw opstarten. En laat dan eens weten hoe het met de "foute" virusmeldingen staat ?