Trojaans paard generic 22 bagu

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland

Klik op 'Fix checked' om de items te verwijderen.

Waar en wanneer verschijnt het kadertje "file not found" ? En staat er nog andere tekst of een bestandsnaam in of op dit kadertje ?

[Mr Red]

Als de pc opstart, men bureaublad verschijnt en als alles opstart programmas geladen zijn komt het kadertje.

Er staat enkel "This profile coud not be found". Meer staat er niet in.

Ik had eerst File gelezen, blijkt dat het PROfile is dat er staat...

Ander vraagje, AVG is nu verwijderd en Avira staat nu geselecteerd als antivrurs voor men pc. Zet ik best AVG 9.0 terug want die Avira is een test versie die op 9/11 (instort) ehm stopt. Of is er mss een andere antivirus dat ik best neem.

6 juni 2011 aangepast door Mr Red

[Mr Red]

Ben hier terug met, idd, weer virus detectie...

Begin die paarde wel stillaan beu te worden, snap ni hoe die plots zijn binnen geraakt. Ik surf enkel wat op facebook en filmfora en plots zitten ze binnen.

Heb dan maar uit gewoonte log files gemaakt, voor zover het iets zal uithalen deze keer... :

ComboFix 11-06-06.02 - Koen 06/06/2011 21:53:34.5.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.2047.1175 [GMT 2:00]

Gestart vanuit: c:\users\Koen\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\config\systemprofile\explorer.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-06 to 2011-06-06 ))))))))))))))))))))))))))))))

.

.

2011-06-06 20:01 . 2011-06-06 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-06 19:00 . 2011-06-06 19:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 06:07 . 2007-11-26 02:18 2923520 ----a-w- c:\windows\system32\config\systemprofile\explorer.bak

2011-06-03 14:30 . 2011-06-06 19:51 -------- d-----w- C:\32788R22FWJFW

2011-06-03 10:58 . 2011-06-03 10:58 -------- d-----w- c:\users\Koen\AppData\Roaming\AVG9

2011-05-30 13:35 . 2011-05-30 13:35 -------- d-----w- c:\windows\Sun

2011-05-30 12:46 . 2011-05-30 12:46 -------- d-----w- c:\programdata\Yahoo! Companion

2011-05-28 03:24 . 2011-05-31 02:34 -------- d-----w- c:\users\Koen\Muvies

2011-05-22 11:32 . 2011-05-22 11:32 388096 ----a-r- c:\users\Koen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-22 11:32 . 2011-05-22 11:32 -------- d-----w- c:\program files\Trend Micro

2011-05-11 13:13 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-05-11 13:13 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-05-11 13:13 . 2011-05-11 13:13 -------- dc----w- c:\windows\system32\DRVSTORE

2011-05-11 13:12 . 2011-05-11 13:12 -------- d-----w- c:\program files\iPod

2011-05-11 13:12 . 2011-05-11 13:13 -------- d-----w- c:\program files\iTunes

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-05-11 13:10 . 2011-05-11 13:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-05-11 13:09 . 2011-05-11 13:10 -------- d-----w- c:\program files\QuickTime

2011-05-11 13:08 . 2011-05-11 13:08 -------- d-----w- c:\program files\Apple Software Update

2011-05-11 13:04 . 2011-05-11 13:04 -------- d-----w- c:\program files\Bonjour

2011-05-11 12:26 . 2011-05-11 12:26 -------- d-----w- c:\users\Koen\AppData\Local\Octoshape

2011-05-11 12:26 . 2011-05-11 12:26 -------- d-----w- c:\users\Koen\AppData\Roaming\Octoshape

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 07:11 . 2010-08-17 12:47 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 07:11 . 2010-08-17 12:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-18 23:55 . 2010-08-17 09:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-18 23:55 . 2010-08-17 09:49 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-23 08:11 . 2011-03-31 03:51 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5E04EFF-035C-443C-9A45-48BFC3B8007E}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-18 281768]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, mpfdkvsi.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]

R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-18 136360]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 22:14]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 22:14]

.

2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863898022-449067633-1713039750-1000Core.job

- c:\users\Koen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 20:27]

.

2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863898022-449067633-1713039750-1000UA.job

- c:\users\Koen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 20:27]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://home.sweetim.com

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Koen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.130.2 195.130.131.2

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-WhiteSmoke - c:\program files\WhiteSmoke\Uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-06-06 22:01

Windows 6.0.6000 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,ef,f6,1b,f5,d0,5f,48,a5,ff,4e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,ef,f6,1b,f5,d0,5f,48,a5,ff,4e,\

.

Voltooingstijd: 2011-06-06 22:03:34

ComboFix-quarantined-files.txt 2011-06-06 20:03

ComboFix2.txt 2011-06-04 03:04

ComboFix3.txt 2011-06-04 02:35

ComboFix4.txt 2011-06-03 14:47

.

Pre-Run: 161.050.972.160 bytes beschikbaar

Post-Run: 161.036.894.208 bytes beschikbaar

.

- - End Of File - - AFE3841282B59A1FFCD652865774550F

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:12:57, on 6/06/2011

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Koen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 8321 bytes

[kape]

Download Dr.Web CureIt en sla het op je bureaublad op.

• Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
  Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
  
• De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
  
• Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
  
• Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
  
  • 
    
  • Adware: Verplaats
    
  • Dialers: Verplaats
    
  • Jokes: Rapportage
    
  • Riskware: Rapportage
    
  • Hacktools: Verplaats
    
  • Haal dan het vinkje weg bij 'Prompt bij actie'.
    

  [*]Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.

  Druk vervolgens op Toepassen gevolgd door OK.

  [*]Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.

  Druk daarna op het groene pijltje (start knop) om de scan te starten.

  [*]Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.

  [*]Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.

  Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.

  [*]Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

  [*]Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

[Mr Red]

Sinds men vorig bericht (23) krijg ik geen detecties meer, dus voorlopig ga ik die dr web scan zo laten.

Moest ik er toch nog last van krijgen doe ik de scan en post ik deze hier.

bedankt voor de hulp.

[kape]

OK, maar dan gaan we wel de gebruikte tools en de restjes van de besmetting even opruimen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe die via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen". Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

That's it !

[Mr Red]

Ik zal dit weekend of maandag eerst nog eens die Dr Web laten werken, nadien comofix verwijderen enz.

Heb dan wat meer tijd om alles deftig af te sluiten

grtz

[kape]

Uitstekend. Als alles probleemloos verlopen is, mag je dit onderwerp dan definitief op "opgelost" zetten !!!

[Mr Red]

[TABLE=width: 256]

[TR]

[TD=width: 64, bgcolor: transparent]Nog Log van Dr.Web [/TD]

[TD=width: 64, bgcolor: transparent](na een scan van meer dan 9u ! )

[/TD]

[TD=width: 128, bgcolor: transparent, colspan: 2][/TD]

[/TR]

[TR]

[TD=width: 64, bgcolor: transparent][/TD]

[TD=width: 64, bgcolor: transparent][/TD]

[TD=width: 128, bgcolor: transparent, colspan: 2][/TD]

[/TR]

[TR]

[TD=width: 64, bgcolor: transparent]00ef8a76.qua\data001

[/TD]

[TD=width: 64, bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\00ef8a76.qua

[/TD]

[TD=width: 128, bgcolor: transparent, colspan: 2]BackDoor.MaosBoot.85

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]00ef8a76.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4a27ff39.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a27ff39.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.DownLoader3.8397

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4a27ff39.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4a3bffb5.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a3bffb5.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.DownLoader3.1056

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4a3bffb5.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4d83c09c.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4d83c09c.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.Siggen2.7278

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4d83c09c.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4db16552.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4db16552.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.Click1.39075

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4db16552.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4dc4f761.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4dc4f761.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.DownLoader3.10491

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4dc4f761.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4ddb1626.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ddb1626.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.Fakealert.20904

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4ddb1626.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4fa24e52.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4fa24e52.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Adware.Hotbar.398

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4fa24e52.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]52b0d09e.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\52b0d09e.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]BackDoor.MaosBoot.85

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]52b0d09e.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]52cbf380.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\52cbf380.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]BackDoor.Tdss.5070

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]52cbf380.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]66d8c5b4.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\66d8c5b4.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.DownLoader3.8397

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]66d8c5b4.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]00ef8a76.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\00ef8a76.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]BackDoor.MaosBoot.85

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]00ef8a76.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4a27ff39.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\4a27ff39.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.DownLoader3.8397

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4a27ff39.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4a3bffb5.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\4a3bffb5.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.DownLoader3.1056

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4a3bffb5.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4d83c09c.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\4d83c09c.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.Siggen2.7278

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4d83c09c.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4db16552.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\4db16552.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.Click1.39075

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4db16552.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4dc4f761.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\4dc4f761.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.DownLoader3.10491

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4dc4f761.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4ddb1626.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\4ddb1626.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.Fakealert.20904

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4ddb1626.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4fa24e52.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\4fa24e52.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Adware.Hotbar.398

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]4fa24e52.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]52b0d09e.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\52b0d09e.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]BackDoor.MaosBoot.85

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]52b0d09e.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]52cbf380.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\52cbf380.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]BackDoor.Tdss.5070

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]52cbf380.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]66d8c5b4.qua\data001

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine\66d8c5b4.qua

[/TD]

[TD=bgcolor: transparent, colspan: 2]Trojan.DownLoader3.8397

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent][/TD]

[TD=bgcolor: transparent][/TD]

[TD=bgcolor: transparent][/TD]

[TD=bgcolor: transparent][/TD]

[/TR]

[TR]

[TD=bgcolor: transparent]66d8c5b4.qua

[/TD]

[TD=bgcolor: transparent]C:\Documents and Settings\Koen\DoctorWeb\Quarantine

[/TD]

[TD=bgcolor: transparent]Container contains infected objects

[/TD]

[TD=bgcolor: transparent]Verplaatst.

[/TD]

[/TR]

[TR]

[TD=bgcolor: transparent][/TD]

[TD=bgcolor: transparent][/TD]

[TD=bgcolor: transparent][/TD]

[TD=bgcolor: transparent][/TD]

[/TR]

[/TABLE]

[Mr Red]

En ook nog eens post 26 volledig afgewerkt.

Ik zal ook maar meteen AVG terug installeren aangezien avira binnekort toch betalend wordt.

Ik heb verder geen problemen ondervonden tijdens de scan noch nog detecties gekregen, maar misschien zien jullie nog iets vreemds in de dr web log, zo niet mogen jullie het markeren als opgelost.

bedankt!