Ga naar inhoud

Trojaans paard


Aanbevolen berichten

Heb dus gisteren blijkbaar iets onbetrouwbaar gedownload en nu zit ik met 2 trojaanse paarden (had er gisteren nog meer maar heb er een aantal weg kunnen doen met AVG en MBAM), namelijk deze : C:\Windows\explorer.exe (1612) en C:\Windows\explorer.exe (1612):\memory_00010000 => allebei als infectie Trojaans paard Agent_r.XJ

EDIT : Er zit er nu ook nog een op C:\Program Files\Mozilla Firefox\firefox.exe (3820) en C:\Program Files\Mozilla Firefox\firefox.exe (3820):\memory_00010000

Krijg ze niet verwijderd met AVG en met MBAM heb ik er al een paar andere weggedaan (er waren nog een paar trojaanse paarden).

Heb hier een hijackthislog voor jullie :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:30:47, on 7/05/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\AVG\AVG10\avgui.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2304157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: XfireXO - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [steam] "D:\STEAM\Steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O15 - Trusted Zone: *.minfin.fgov.be

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\SKYPE4~1.DLL

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: SpyHunter 4 Service - Unknown owner - C:\Program Files\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--

End of file - 5509 bytes

aangepast door Sakke1994
Link naar reactie
Delen op andere sites


Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "SpyHunter 4 Service"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "SpyHunter 4 Service"

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2304157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user')

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw log van HijackThis.

Link naar reactie
Delen op andere sites

HJT log : Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:17:43, on 7/05/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll

O2 - BHO: XfireXO - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKCU\..\Run: [steam] "D:\STEAM\Steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O15 - Trusted Zone: *.minfin.fgov.be

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\SKYPE4~1.DLL

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--

End of file - 4178 bytes

Die combofix krijg ik niet geopend, als ik daar op dubbelklik gaat hij gewoon naar mijn computer

Link naar reactie
Delen op andere sites


Geloof dat het dit is :

ComboFix 11-05-06.05 - Sq 07/05/2011 20:48:14.3.1 - x86 MINIMAL

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.2047.1507 [GMT 2:00]

Gestart vanuit: C:\Users\Sq\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-07 to 2011-05-07 ))))))))))))))))))))))))))))))

2011-05-07 18:54:23 . 2011-05-07 18:54:23 -------- d-----w- C:\Users\Default\AppData\Local\temp

2011-05-07 13:19:14 . 2011-04-18 07:15:32 7071056 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2A09587-9525-4C6C-9202-5B63484E2FA4}\mpengine.dll

2011-05-07 08:30:20 . 2011-05-07 08:30:23 388096 ----a-r- C:\Users\Sq\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-07 08:30:17 . 2011-05-07 08:30:17 -------- d-----w- C:\Program Files\Trend Micro

2011-05-07 07:22:00 . 2011-05-07 07:22:00 -------- d-----w- C:\Program Files\Enigma Software Group

2011-05-07 07:19:44 . 2011-05-07 08:18:31 -------- d-----w- C:\Windows\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP

2011-05-06 23:02:30 . 2011-05-06 23:02:30 -------- d-----w- C:\Users\Sq\AppData\Roaming\Malwarebytes

2011-05-06 23:02:20 . 2010-12-20 16:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys

2011-05-06 23:02:04 . 2011-05-06 23:02:04 -------- d-----w- C:\ProgramData\Malwarebytes

2011-05-06 23:01:43 . 2010-12-20 16:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys

2011-05-06 23:01:31 . 2011-05-06 23:02:27 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2011-05-05 17:05:43 . 2011-05-05 17:51:29 -------- d-----w- C:\Users\Sq\AppData\Local\PMB Files

2011-05-05 17:05:41 . 2011-05-05 17:51:28 -------- d-----w- C:\ProgramData\PMB Files

2011-04-30 14:58:14 . 2011-04-30 14:58:20 -------- d-----w- C:\Python24

2011-04-30 14:55:32 . 2011-04-30 14:55:44 -------- d-----w- C:\Python27

2011-04-30 14:52:08 . 2011-04-30 14:58:36 -------- d-----w- C:\Program Files\Tibia Auto

2011-04-30 14:15:00 . 2011-04-30 14:15:00 -------- d-----w- C:\Program Files\TUGBot

2011-04-30 14:13:26 . 2011-04-30 14:13:26 -------- d-----w- C:\$AVG

2011-04-29 21:25:53 . 2011-04-14 16:57:43 142296 ----a-w- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

2011-04-29 21:25:52 . 2011-04-14 16:57:43 89048 ----a-w- C:\Program Files\Mozilla Firefox\libEGL.dll

2011-04-29 21:25:52 . 2011-04-14 16:57:43 781272 ----a-w- C:\Program Files\Mozilla Firefox\mozsqlite3.dll

2011-04-29 21:25:52 . 2011-04-14 16:57:43 465880 ----a-w- C:\Program Files\Mozilla Firefox\libGLESv2.dll

2011-04-29 21:25:52 . 2011-04-14 16:57:43 1874904 ----a-w- C:\Program Files\Mozilla Firefox\mozjs.dll

2011-04-29 21:25:52 . 2011-04-14 16:57:43 15832 ----a-w- C:\Program Files\Mozilla Firefox\mozalloc.dll

2011-04-29 21:25:52 . 2010-01-01 08:00:00 1974616 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_42.dll

2011-04-29 21:25:52 . 2010-01-01 08:00:00 1892184 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_42.dll

2011-04-25 09:58:23 . 2011-04-25 09:58:23 -------- d-----w- C:\Users\Sq\AppData\Roaming\AVG10

2011-04-25 09:57:27 . 2011-04-25 09:57:27 -------- d--h--w- C:\ProgramData\Common Files

2011-04-25 09:55:54 . 2011-05-07 18:26:36 -------- d-----w- C:\ProgramData\AVG10

2011-04-25 09:55:23 . 2011-04-25 09:55:23 -------- d-----w- C:\Program Files\AVG

2011-04-25 09:51:16 . 2011-05-07 18:24:27 -------- d-----w- C:\ProgramData\MFAData

2011-04-20 23:24:28 . 2011-04-20 23:24:28 -------- d-----w- C:\Users\Sq\AppData\Roaming\Unity

2011-04-20 23:23:42 . 2011-04-20 23:23:42 -------- d-----w- C:\Users\Sq\AppData\Local\Unity

2011-04-20 20:11:31 . 2011-04-20 20:18:20 -------- d-----w- C:\Users\Sq\AppData\Roaming\Tibia

2011-04-20 20:11:25 . 2011-04-30 14:58:36 -------- d-----w- C:\Program Files\Tibia

2011-04-19 13:55:31 . 2011-04-19 13:55:31 -------- d-----w- C:\Windows\system32\Wat

2011-04-19 10:23:04 . 2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\system32\mfc42u.dll

2011-04-19 10:23:04 . 2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\system32\mfc42.dll

2011-04-19 10:23:03 . 2011-02-23 05:05:25 69632 ----a-w- C:\Windows\system32\drivers\bowser.sys

2011-04-19 10:23:03 . 2011-02-23 03:37:48 222208 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys

2011-04-19 10:23:03 . 2011-02-23 03:37:41 97280 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys

2011-04-19 10:23:03 . 2011-02-23 03:37:32 123904 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys

2011-04-19 09:59:43 . 2011-04-19 09:59:43 -------- d-----w- C:\Users\Sq\AppData\Local\NeoSmart_Technologies

2011-04-19 09:57:48 . 2011-04-19 09:57:48 -------- d-----w- C:\Program Files\NeoSmart Technologies

2011-04-18 17:30:28 . 2011-04-18 17:30:28 -------- d-----w- C:\Users\Sq\AppData\Local\ElevatedDiagnostics

2011-04-18 17:21:47 . 2011-04-18 17:21:47 -------- d-----w- C:\Program Files\DIFX

2011-04-18 17:21:42 . 2011-04-18 17:21:42 -------- d-----w- C:\Windows\system32\beidpp

2011-04-18 17:21:41 . 2011-04-18 17:21:41 -------- d-----w- C:\Windows\system32\siscardplugins

2011-04-18 17:21:40 . 2011-04-18 17:21:41 -------- d-----w- C:\Program Files\Belgium Identity Card

2011-04-18 17:21:40 . 2011-04-18 17:21:40 -------- d-----w- C:\Program Files\BeID Minidriver

2011-04-18 17:21:30 . 2011-04-18 17:21:30 -------- d-----w- C:\drivers

2011-04-16 00:03:26 . 2011-04-16 00:03:26 0 ----a-w- C:\Windows\system32\ConduitEngine.tmp

2011-04-15 23:59:06 . 2011-04-15 23:59:44 -------- d-----w- C:\Program Files\Ace of Spades

2011-04-15 20:57:14 . 2011-04-16 16:23:47 138328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys

2011-04-15 20:56:24 . 2011-04-16 16:31:18 214816 ----a-w- C:\Windows\system32\PnkBstrB.exe

2011-04-15 20:56:12 . 2011-04-16 16:31:18 214816 ----a-w- C:\Windows\system32\PnkBstrB.xtr

2011-04-15 20:56:07 . 2011-04-15 20:56:07 75064 ----a-w- C:\Windows\system32\PnkBstrA.exe

2011-04-15 20:56:06 . 2011-04-15 20:56:06 -------- d-----w- C:\Users\Sq\AppData\Local\PunkBuster

2011-04-10 20:15:34 . 2011-04-26 14:42:30 -------- d-----w- C:\Users\Sq\AppData\Roaming\TeamViewer

2011-04-10 20:14:53 . 2011-04-10 20:14:53 -------- d-----w- C:\Program Files\TeamViewer

2011-04-08 11:28:58 . 2011-04-08 11:28:58 41872 ----a-w- C:\Windows\system32\xfcodec.dll

2011-04-07 20:57:39 . 2011-04-07 20:58:40 -------- d-----w- C:\Users\Sq\AppData\Roaming\.minecraft

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-19 13:55:45 . 2011-03-12 13:53:51 13824 ----a-w- C:\Windows\system32\slwga.dll

2011-04-19 13:55:45 . 2009-07-13 23:40:34 409088 ----a-w- C:\Windows\system32\systemcpl.dll

2011-04-19 13:55:43 . 2010-10-26 19:30:37 811520 ----a-w- C:\Windows\system32\user32.dll

2011-03-12 23:35:14 . 2011-03-12 23:35:31 472808 ----a-w- C:\Windows\system32\deployJava1.dll

2011-03-12 13:29:47 . 2011-03-12 13:29:47 436792 ----a-w- C:\Windows\system32\drivers\sptd.sys

2011-02-19 05:56:52 . 2011-03-12 13:53:48 805376 ----a-w- C:\Windows\system32\FntCache.dll

2011-02-19 05:56:27 . 2011-03-12 13:53:48 1076736 ----a-w- C:\Windows\system32\DWrite.dll

2011-02-19 05:56:14 . 2011-03-12 13:53:48 739840 ----a-w- C:\Windows\system32\d2d1.dll

2011-04-14 16:57:43 . 2011-04-29 21:25:53 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

------- Sigcheck -------

[-] 2011-04-19 13:55:43 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16529 (win7_gdr.100214-1506)] . . C:\Windows\System32\user32.dll

[7] 2010-11-20 12:21:33 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2010-10-26 19:30:37 . A59E558BEA7D9607E86E8BDE68E2488F . 811520 . . [6.1.7600.16529 (win7_gdr.100214-1506)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16529_none_cd53a6e0ce7bcca7\user32.dll

[7] 2010-10-26 19:30:37 . 109A1C1E7315CC2DC048EA4028A59563 . 811520 . . [6.1.7600.20645 (win7_ldr.100215-1502)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.20645_none_cdc3a2abe7ad3ef7\user32.dll

[7] 2010-10-26 19:09:59 . C7B21BEF09EC7249556BEE19F9D314CB . 811520 . . [6.1.7600.16400 (win7_gdr.090723-1830)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16400_none_cd604238ce73b38f\user32.dll

[7] 2010-10-26 19:09:59 . AE2B4D47934D3798C984D51B1694A490 . 811520 . . [6.1.7600.20496 (win7_ldr.090723-1830)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.20496_none_cd8e8f8de7d4e9b5\user32.dll

[7] 2009-07-14 01:16:17 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "C:\Program Files\XfireXO\prxtbXfir.dll" [2011-01-17 15:54:02 175912 begin_of_the_skype_highlighting 02 175912 end_of_the_skype_highlighting]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

2011-01-17 15:54:02 175912 ----a-w- C:\Program Files\XfireXO\prxtbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "C:\Program Files\XfireXO\prxtbXfir.dll" [2011-01-17 15:54:02 175912 begin_of_the_skype_highlighting 02 175912 end_of_the_skype_highlighting]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "C:\Program Files\XfireXO\prxtbXfir.dll" [2011-01-17 15:54:02 175912 begin_of_the_skype_highlighting 02 175912 end_of_the_skype_highlighting]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="D:\STEAM\Steam.exe" [2011-03-12 16:21:51 1242448]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-01-26 16:05:34 15026056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 01:29:10 102400]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]

"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe" [2011-02-03 08:20:10 2068480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

C:\Users\Sq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2011-4-8 3510160]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

RUN.CMD [2010-10-24 142]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Sq^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]

path=C:\Users\Sq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk

backup=C:\Windows\pss\OpenOffice.org 3.3 .lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]

2011-01-13 08:20:02 395192 ----a-w- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

R0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2011-03-12 13:29:47 436792]

R2 TeamViewer6;TeamViewer 6;C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 08:31:39 2271608]

R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 FlashUSB;FlashUSB;C:\Windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 11:23:04 16896 begin_of_the_skype_highlighting 04 16896 end_of_the_skype_highlighting]

R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\system32\DRIVERS\lgbtport.sys [2009-09-29 07:11:22 12160]

R3 LGVMODEM;LGE Virtual Modem;C:\Windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 07:11:20 12928]

R3 NETw2v32;Stuurprogramma voor Intel® PRO/Wireless 2915ABG-netwerkverbinding onder Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2007-03-06 17:08:46 2595840]

R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 12:32:42 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-19 13:55:29 1343400]

S3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 07:11:20 10496]

------- Bijkomende Scan -------

Trusted Zone: fgov.be\*.minfin

FF - ProfilePath - C:\Users\Sq\AppData\Roaming\Mozilla\Firefox\Profiles\2447dlof.default\

FF - prefs.js: network.proxy.type - 0

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-RunOnce-<NO NAME> - (no file)

AddRemove-Wubi - C:\ubuntu\uninstall-wubi.exe

Link naar reactie
Delen op andere sites

Verwijder volgende vetgedrukte bestanden :

C:\Windows\CF33A0CE702A4E66B91BF995F9DDFD5B.TMP

C:\Windows\system32\ConduitEngine.tmp

... en laat dan even weten of je nog meldingen van Trojaantjes krijgt ?

Link naar reactie
Delen op andere sites


Ga naar de site van de .

  • Klik op de knop ESET Online Scanner
  • Zet een vinkje bij YES, I accept the Terms of Use
  • Klik op Start
  • Sta het ActiveX control toe om te installeren.
  • Klik op "Advanced settings"
  • Zet een vinkje bij de volgende opties:
    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Klik op Start

    [*]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.

    [*]Je mag het venster sluiten wanneer de scan klaar is.

    [*]Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\Program Files\EsetOnlineScanner\log.txt

    [*]Kopieer en plak de inhoud van dit logje in je volgende bericht.

Link naar reactie
Delen op andere sites

Verwijder ESET, dan proberen we met een andere scanner :

Download Dr.Web CureIt en sla het op je bureaublad op.

  • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
    Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
  • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
  • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
  • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:

    • Adware: Verplaats
    • Dialers: Verplaats
    • Jokes: Rapportage
    • Riskware: Rapportage
    • Hacktools: Verplaats
    • Haal dan het vinkje weg bij 'Prompt bij actie'.

    [*]Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.

    Druk vervolgens op Toepassen gevolgd door OK.

    [*]Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.

    Druk daarna op het groene pijltje (start knop) om de scan te starten.

    [*]Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.

    [*]Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.

    Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.

    [*]Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

    [*]Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Link naar reactie
Delen op andere sites

 Delen

×
×
  • Nieuwe aanmaken...