Mededeling

Collapse
No announcement yet.

CoolWWWSearch.WCADW

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • CoolWWWSearch.WCADW

    Ik krijg elke keer als ik Spybot S&D draai die coolwwsearch melding.
    Mijn software: a-squared antimalware (betaalde versie), bitdefender total security 2008, boclean 4.24, rogue remover, spoybot S&D, spywareblaster, spyware guard, crapcleaner, RegCure. Ik heb net voor het eerst even ATF cleaner gebruikt en die heeft 62 Mb opgeruimd.

    Hieronder mijn hjt log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:55:14, on 20-3-2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\CNAC6RPK.EXE
    C:\Malware\a2service.exe
    C:\Bo\BOCORE.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Ghost\Agent\VProSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
    C:\Spybot\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Omnipage\OpWare15.exe
    C:\Malware\a2guard.exe
    C:\Adobe\Distillr\acrotray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Bo\BOC425.EXE
    C:\Ghost\Agent\VProTray.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Spybot\TeaTimer.exe
    C:\Omnipage\OpAgent.exe
    C:\Transparent\ActualTransparentWindowCenter.exe
    C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
    C:\Rogue\RogueRemoverPRO.exe
    C:\Blaster\idblasterplus.exe
    C:\Plextor\PlexTool.exe
    C:\Guard\sgmain.exe
    C:\Users\Privé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ietsr.exe
    C:\Washer\MailWasher.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Guard\sgbhp.exe
    C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Crypt\TrueCrypt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://europe.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://europe.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://europe.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://europe.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://europe.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://europe.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://europe.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://europe.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://europe.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://europe.google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://europe.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://europe.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://europe.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://europe.google.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F3 - REG:win.ini: load=
    F3 - REG:win.ini: run=
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Guard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Adobe\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Opware15] "C:\Omnipage\Opware15.exe"
    O4 - HKLM\..\Run: [ScanSoft OmniPage 15-reminder] "C:\Omnipage\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage15.0\Ereg\Ereg.ini
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Wipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [a-squared] "C:\Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Adobe\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BOC-425] C:\Bo\BOC425.exe
    O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\RunServices: [IECleanAux] IEBOOT6.EXE
    O4 - HKLM\..\RunServicesOnce: [IECleanWiper] IEBOOT6.EXE
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot\TeaTimer.exe
    O4 - HKCU\..\Run: [OpAgent] "C:\Omnipage\OpAgent.exe" /agent
    O4 - HKCU\..\Run: [Actual Transparent Window] "C:\Transparent\ActualTransparentWindowCenter.exe"
    O4 - HKCU\..\Run: [E08NXLRD_11791912] "C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [E08NXLRD_1915941] "C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Adobe\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
    O4 - HKCU\..\Run: [RogueMonitor] C:\Rogue\RogueRemoverPRO.exe /monitor
    O4 - HKCU\..\Run: [TrueCrypt] "C:\Crypt\TrueCrypt.exe" /q preferences /a devices /a favorites
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Guard.lnk = C:\Guard\sgmain.exe
    O4 - Startup: ietsr.exe
    O4 - Startup: MailWasherPro.lnk = C:\Washer\MailWasher.exe
    O4 - Global Startup: ID-blaster.lnk = C:\Blaster\idblasterplus.exe
    O4 - Global Startup: Plextools.lnk = C:\Plextor\PlexTool.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/iss-loc/mwfs/3.1.0.0/WscWlanScannerCtrl.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Malware\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
    O23 - Service: BOCore - COMODO - C:\Bo\BOCORE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Ghost\Agent\VProSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Spybot\SDWinSec.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 12524 bytes

  • #2
    hallo,

    * Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

    Extra Nota:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart. start sowieso opnieuw op.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Ik heb het gedaan, maar de computer vroeg niet om opnieuw opgestart te worden. Hij vond wel 1 geïnfecteerde map (C:\Windows\System32\x64 (Trojan.Downloader)). Ik heb de entry toen verwijderd, waarna spybot S&D tweemaal vroeg om een waarde uit het register te verwijderen, wat ik gedaan heb. Wat me wel opvalt is dat de wwwcoolsearch infectie niets anders is dan een wijziging in de zoekpagina, deze wordt dan file://c:\search.htm. Kan het ook iets onschuldigs ijn? Hieronder de gegevens van na de scan:





      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:03:23, on 23-3-2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal
      Running processes:
      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
      C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\CNAC6RPK.EXE
      C:\Malware\a2service.exe
      C:\Bo\BOCORE.exe
      C:\Program Files\PrevxCSI\PrevxCSI.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Ghost\Agent\VProSvc.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
      C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
      C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
      C:\Spybot\SDWinSec.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
      C:\Omnipage\OpWare15.exe
      C:\Malware\a2guard.exe
      C:\Adobe\Distillr\acrotray.exe
      C:\Windows\System32\igfxtray.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Bo\BOC425.EXE
      C:\Ghost\Agent\VProTray.exe
      C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
      C:\Spybot\TeaTimer.exe
      C:\Omnipage\OpAgent.exe
      C:\Transparent\ActualTransparentWindowCenter.exe
      C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE
      C:\Windows\System32\svchost.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
      C:\Rogue\RogueRemoverPRO.exe
      C:\Blaster\idblasterplus.exe
      C:\Plextor\PlexTool.exe
      C:\Guard\sgmain.exe
      C:\Users\Privé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ietsr.exe
      C:\Washer\MailWasher.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
      C:\Guard\sgbhp.exe
      C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\SYSTEM32\WISPTIS.EXE
      C:\Hijack\HijackThis.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://europe.google.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://europe.google.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://europe.google.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://europe.google.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://europe.google.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://europe.google.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://europe.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://europe.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://europe.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://europe.google.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://europe.google.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://europe.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = file://c:\search.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://europe.google.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://europe.google.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F3 - REG:win.ini: load=
      F3 - REG:win.ini: run=
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\ActiveX\AcroIEHelper.dll
      O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Guard\dlprotect.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Adobe\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [Opware15] "C:\Omnipage\Opware15.exe"
      O4 - HKLM\..\Run: [ScanSoft OmniPage 15-reminder] "C:\Omnipage\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage15.0\Ereg\Ereg.ini
      O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Wipe\BCWipeTM.exe" startup
      O4 - HKLM\..\Run: [a-squared] "C:\Malware\a2guard.exe" /d=60
      O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Adobe\Distillr\Acrotray.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [BOC-425] C:\Bo\BOC425.exe
      O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Ghost\Agent\VProTray.exe"
      O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
      O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
      O4 - HKLM\..\RunServices: [IECleanAux] IEBOOT6.EXE
      O4 - HKLM\..\RunServicesOnce: [IECleanWiper] IEBOOT6.EXE
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot\TeaTimer.exe
      O4 - HKCU\..\Run: [OpAgent] "C:\Omnipage\OpAgent.exe" /agent
      O4 - HKCU\..\Run: [Actual Transparent Window] "C:\Transparent\ActualTransparentWindowCenter.exe"
      O4 - HKCU\..\Run: [E08NXLRD_11791912] "C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE" -m
      O4 - HKCU\..\Run: [E08NXLRD_1915941] "C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE" -m
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Adobe\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1
      O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
      O4 - HKCU\..\Run: [RogueMonitor] C:\Rogue\RogueRemoverPRO.exe /monitor
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
      O4 - Startup: Guard.lnk = C:\Guard\sgmain.exe
      O4 - Startup: ietsr.exe
      O4 - Startup: MailWasherPro.lnk = C:\Washer\MailWasher.exe
      O4 - Global Startup: ID-blaster.lnk = C:\Blaster\idblasterplus.exe
      O4 - Global Startup: Plextools.lnk = C:\Plextor\PlexTool.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Office\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
      O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Malware\a2service.exe
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
      O23 - Service: BOCore - COMODO - C:\Bo\BOCORE.exe
      O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Ghost\Agent\VProSvc.exe
      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Spybot\SDWinSec.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
      O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
      O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
      O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
      --
      End of file - 12242 bytes


      Malwarebytes' Anti-Malware 1.09
      Database versie: 526
      Scan type: Snelle Scan
      Objecten gescand: 29778
      Verstreken tijd: 4 minute(s), 29 second(s)
      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 0
      Registersleutels geïnfecteerd: 0
      Registerwaarden geïnfecteerd: 0
      Registerdata bestanden geïnfecteerd: 0
      Mappen geïnfecteerd: 1
      Bestanden geïnfecteerd: 0
      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)
      Geheugenmodulen geïnfecteerd:
      (Geen kwaadaardige items gevonden)
      Registersleutels geïnfecteerd:
      (Geen kwaadaardige items gevonden)
      Registerwaarden geïnfecteerd:
      (Geen kwaadaardige items gevonden)
      Registerdata bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)
      Mappen geïnfecteerd:
      C:\Windows\System32\x64 (Trojan.Downloader) -> Quarantined and deleted successfully.
      Bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)
      Last edited by Kiklo; 23-03-08, 20:13.

      Comment


      • #4
        Na het opschonen met dat anti malware programma liet ik Spybot S&D nog een keer lopen en de wwwcoolsearch zat er gewoon nog in. Maar volgens mij is het iets onschuldigs. Als ik namelijk kijk wat er verandert in het register is dat het volgende:

        In HKEY_Local_Machine/Software/Microsoft/Internet Explorer/Search staat eerst achter customized search het volgende:

        file://c:\search.htm

        Nadat Spybot S&D hem heeft gefixed staat er dit achter:

        about:blank

        Dat is alles.

        Comment


        • #5
          Lijkt te kloppen .

          Ik moet even wat nagaan voor mijn volgende antwoord.

          Wat is trouwens je startpagina ?

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Mijn startpagina is europe.google.com

            Uiteraard met cookies geblokkeerd

            Ik gebruik ook IEClean, en die vulde altijd automatisch als alternatieve search pagina die file://C locatie in; spybot kwam dan met de vraag of ik de startpagina wel echt wilde wijzigen en dat weigerde ik dan. Maar die settings in IEClean heb ik sindsdien gewijzigd.

            Comment


            • #7
              kijk eens aan.

              Ok wil je onderstaande even uitvoeren.

              Ik zal alleen morgen pas weer een antwoord geven, ik ga zo maffen.

              Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

              Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
              Is er iets niet duidelijk, dan vraag je het.
              Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
              Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

              succes

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Ik heb geprobeerd via taakbeeer alle spyware en firewalls inclusief die van windows uit te zetten, maar spybot kon ik nergens vinden in de processen en servises van taakbeheer.

                Terwijl hij het logbestand aan het maken was begon spybot met vragen naar registerwijzigingen, hij vroeg wel tig keer of ik de startpagina wilde wijzigen in go.microsoft.com of in "none." Ik heb het telkens geweigerd.

                Hij zei ook een paar keer can't read temp00

                Resultaten Combofix (die van hijackthis staan in het volgende bericht):

                ComboFix 08-03-23.2 - Privé 2008-03-24 0:10:20.2 - NTFSx86
                Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1202 [GMT 1:00]
                Gestart vanuit: C:\Users\Privé\Downloads\ComboFix.exe
                .
                (((((((((((((((((((( Bestanden Gemaakt van 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))
                .
                Geen nieuwe bestanden aangemaakt in deze periode
                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2008-03-23 23:13 4,194,304 --sha-w C:\Users\Privé\NTUSER.DAT
                2008-03-23 23:13 4,194,304 --sha-w C:\Users\Privé\NTUSER.DAT
                2008-03-23 23:00 --------- d-----w C:\Users\Privé\AppData\Roaming\MailWasherPro
                2008-03-23 17:53 --------- d-----w C:\Users\Privé\AppData\Roaming\Malwarebytes
                2008-03-23 17:53 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
                2008-03-23 17:53 --------- d-----w C:\PROGRA~2\Malwarebytes
                2008-03-22 09:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                2008-03-22 08:56 --------- d---a-w C:\PROGRA~2\TEMP
                2008-03-22 08:49 10,880 ----a-w C:\Windows\system32\drivers\pxark.sys
                2008-03-22 08:49 --------- d-----w C:\Program Files\PrevxCSI
                2008-03-21 04:55 --------- d-----w C:\Users\Privé\AppData\Roaming\SlimBrowser
                2008-03-21 01:47 --------- d-----w C:\Users\Privé\AppData\Roaming\TrojanHunter
                2008-03-20 05:08 --------- d-----w C:\PROGRA~2\BitDefender
                2008-03-20 02:23 --------- d-----w C:\Program Files\Clean
                2008-03-19 20:42 --------- d-----w C:\Program Files\BitDefender
                2008-03-19 17:53 85,520 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
                2008-03-18 07:26 --------- d-s---w C:\Users\Privé\AppData\Roaming\Microsoft
                2008-03-17 16:57 81,984 ----a-w C:\Windows\System32\bdod.bin
                2008-03-17 02:30 --------- d--h--w C:\PROGRA~2\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}
                2008-03-17 02:30 --------- d-----w C:\Program Files\Anonymizer
                2008-03-14 20:02 77,824 ----a-w C:\Windows\System32\xcomm.dll
                2008-03-14 19:43 --------- d-----w C:\Users\Privé\AppData\Roaming\BitDefender
                2008-03-14 19:42 --------- d-----w C:\Program Files\Common Files\BitDefender
                2008-03-13 16:56 --------- d-----w C:\Program Files\Windows Mail
                2008-03-12 02:49 --------- d-----w C:\PROGRA~2\CheckPoint
                2008-03-12 02:29 23,600 ----a-w C:\Windows\system32\drivers\TVICHW32.SYS
                2008-03-12 00:54 --------- d-----w C:\Users\Privé\AppData\Roaming\Symantec
                2008-03-12 00:25 --------- d-----w C:\PROGRA~2\Symantec
                2008-03-12 00:19 --------- d-----w C:\Program Files\Symantec
                2008-03-05 17:20 --------- d-----w C:\Users\Privé\AppData\Roaming\NewSoft
                2008-03-05 17:19 --------- d-----w C:\Users\Privé\AppData\Roaming\Canon
                2008-03-05 16:44 --------- d-----w C:\Program Files\Common Files\PDFView
                2008-03-05 16:34 --------- d-----w C:\Program Files\Common Files\CANON
                2008-03-05 16:34 --------- d-----w C:\Program Files\Canon
                2008-03-05 16:31 --------- d--h--w C:\Program Files\CanonBJ
                2008-02-28 18:46 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
                2008-02-18 13:42 --------- d-----w C:\Users\Privé\AppData\Roaming\Adobe
                2008-02-18 13:42 --------- d-----w C:\Program Files\Common Files\Adobe
                2008-02-13 15:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
                2008-02-13 15:28 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
                2008-02-13 15:22 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
                2008-02-13 15:22 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
                2008-02-13 15:22 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
                2008-02-13 15:22 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
                2008-02-13 15:22 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
                2008-02-13 15:22 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
                2008-02-13 15:22 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
                2008-02-13 15:22 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
                2008-02-13 15:20 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
                2008-02-13 15:20 24,064 ----a-w C:\Windows\System32\netcfg.exe
                2008-02-13 15:20 22,016 ----a-w C:\Windows\System32\netiougc.exe
                2008-02-13 15:20 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
                2008-02-13 15:20 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
                2008-02-13 15:19 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
                2008-02-13 15:19 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
                2008-02-13 15:19 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
                2008-02-13 15:19 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
                2008-02-13 15:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
                2008-02-13 15:19 1,686,528 ----a-w C:\Windows\System32\gameux.dll
                2008-02-13 15:15 824,832 ----a-w C:\Windows\System32\wininet.dll
                2008-02-13 15:15 56,320 ----a-w C:\Windows\System32\iesetup.dll
                2008-02-13 15:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
                2008-02-13 15:15 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
                2008-02-13 15:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
                2008-02-11 00:21 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
                2008-02-10 00:03 --------- d-----w C:\PROGRA~2\SSScanAppDataDir
                2008-02-10 00:03 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
                2008-02-10 00:02 --------- d-----w C:\PROGRA~2\MSScanAppDataDir
                2008-02-09 23:55 --------- d-----w C:\Program Files\Microsoft Works
                2008-02-09 23:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
                2008-02-09 23:55 --------- d-----w C:\Program Files\InfraRecorder
                2008-02-09 23:54 --------- d-----w C:\Program Files\Common Files\Stardock
                2008-02-06 17:22 691,545 ----a-w C:\Windows\unins000.exe
                2008-01-09 08:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
                2008-01-02 16:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
                2008-01-02 16:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
                2008-01-02 16:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
                2008-01-02 16:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
                2008-01-02 16:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
                2008-01-02 16:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
                2008-01-02 16:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
                2008-01-02 16:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
                2008-01-02 15:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
                2008-01-02 15:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
                2008-01-02 15:47 1,953,696 ----a-w C:\Windows\System32\igklg400.dll
                2008-01-02 15:47 1,533,360 ----a-w C:\Windows\System32\igklg450.dll
                2008-01-02 15:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
                2008-01-02 15:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
                2008-01-02 15:37 188,416 ----a-w C:\Windows\System32\igfxres.dll
                2008-01-02 15:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
                2008-01-02 15:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
                2008-01-02 15:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
                2008-01-02 15:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
                2008-01-02 15:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
                2008-01-02 15:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
                2008-01-02 15:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
                2008-01-02 15:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
                2008-01-02 15:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
                2007-10-13 11:31 174 --sha-w C:\Program Files\desktop.ini
                2001-04-03 04:50 1,421,312 ----a-w C:\Program Files\ACDSee.exe
                2007-12-14 17:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
                2007-12-14 17:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
                .
                ((((((((((((((((((((((((((((( [email protected]_23.51.27,33 )))))))))))))))))))))))))))))))))))))))))
                .
                - 2008-03-23 21:15:44 67,584 --s-a-w C:\Windows\bootstat.dat
                + 2008-03-23 22:58:30 67,584 --s-a-w C:\Windows\bootstat.dat
                - 2008-03-23 22:08:59 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                + 2008-03-23 23:01:46 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
                - 2008-03-23 21:18:12 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                + 2008-03-23 23:01:40 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
                - 2008-03-23 21:19:30 11,318 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-174093399-4237407302-4291190551-1000_UserData.bin
                + 2008-03-23 23:03:43 11,334 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-174093399-4237407302-4291190551-1000_UserData.bin
                - 2008-03-23 21:19:20 69,216 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                + 2008-03-23 23:03:33 69,382 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
                - 2008-03-23 21:19:17 66,604 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                + 2008-03-23 23:02:14 66,800 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                REGEDIT4
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "SpybotSD TeaTimer"="C:\Spybot\TeaTimer.exe" [2008-01-28 11:43 2097488]
                "OpAgent"="C:\Omnipage\OpAgent.exe" [2007-01-08 08:26 943656]
                "Actual Transparent Window"="C:\Transparent\ActualTransparentWindowCenter.exe" [2007-06-20 03:05 609792]
                "E08NXLRD_11791912"="C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.exe" [2007-05-31 13:00 351000]
                "E08NXLRD_1915941"="C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.exe" [2007-05-31 13:00 351000]
                "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
                "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
                "updateMgr"="C:\Adobe\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
                "Anonymizer"="C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe" [2008-03-17 03:31 1557176]
                "RogueMonitor"="C:\Rogue\RogueRemoverPRO.exe" [2008-02-24 15:09 421568]
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-07-12 16:20 868352]
                "WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 07:35 20480]
                "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 08:03 210472]
                "Opware15"="C:\Omnipage\Opware15.exe" [2007-01-08 08:27 79400]
                "ScanSoft OmniPage 15-reminder"="C:\Omnipage\Ereg\Ereg.exe" [2006-11-27 09:25 255528]
                "BCWipeTM Startup"="C:\Wipe\BCWipeTM.exe" [2008-02-05 09:08 545520]
                "a-squared"="C:\Malware\a2guard.exe" [2007-12-27 10:23 1816208]
                "Acrobat Assistant 7.0"="C:\Adobe\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
                "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
                "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
                "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
                "BOC-425"="C:\Bo\BOC425.exe" [2007-11-26 10:38 342272]
                "Norton Ghost 12.0"="C:\Ghost\Agent\VProTray.exe" [2008-01-10 04:43 2037088]
                "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-03-19 18:53 360448]
                "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2008-03-14 21:02 61440]
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
                "IECleanAux"="IEBOOT6.EXE" [2001-11-22 06:13 39936 C:\Windows\IEBOOT6.EXE]
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
                "IECleanWiper"="IEBOOT6.EXE" [2001-11-22 06:13 39936 C:\Windows\IEBOOT6.EXE]
                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                "EnableLUA"= 0 (0x0)
                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
                C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-06-12 16:56 181936 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
                [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                "UacDisableNotify"=dword:00000001
                "InternetSettingsDisableNotify"=dword:00000001
                "AutoUpdateDisableNotify"=dword:00000001
                [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
                "AntiVirusOverride"=dword:00000001
                "AntiSpywareOverride"=dword:00000001
                "FirewallOverride"=dword:00000001
                [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-174093399-4237407302-4291190551-1000]
                "EnableNotificationsRef"=dword:00000002
                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
                "EnableFirewall"= 0 (0x0)
                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
                "TCP Query User{2E04123F-3400-48C9-A731-3C2B43353E74}C:\\program files\\anonymizer\\anonymizer software\\common\\anonproxy.exe"= Disabled:UDP:C:\program files\anonymizer\anonymizer software\common\anonproxy.exe:AnonProxy
                "UDP Query User{1406FF26-2510-4DFD-A87B-8823D2DA0A2B}C:\\program files\\anonymizer\\anonymizer software\\common\\anonproxy.exe"= Disabled:TCP:C:\program files\anonymizer\anonymizer software\common\anonproxy.exe:AnonProxy
                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
                "EnableFirewall"= 0 (0x0)
                "DisabledInterfaces"= {5CFF5680-D401-4705-AF9B-5E9A35197D75}
                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
                "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
                "EnableFirewall"= 0 (0x0)
                "DisabledInterfaces"= {56C84E8F-DBF1-40B1-9BDB-FCE449245797},{5CFF5680-D401-4705-AF9B-5E9A35197D75}
                R0 Pnp680r;Silicon Image SiI 0680 Medley Raid Controller;C:\Windows\system32\DRIVERS\pnp680r.sys [2007-07-19 22:44]
                R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-03-22 09:49]
                R1 BCSWAP;BCSWAP;C:\Windows\system32\drivers\BCSWAP.sys [2007-09-14 05:46]
                R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-03-19 18:53]
                R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
                R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\system32\DRIVERS\WPN111.sys [2005-05-29 11:00]
                S2 AnonMgmtSvc;Anonymizer Management Service;"C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe" [2007-10-22 10:12]
                S2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service (hier staan twee haakjes in plaats van de smily)
                S2 SBSDWSCService;SBSD Security Center Service;C:\Spybot\SDWinSec.exe [2008-01-28 11:43]
                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                bdx REG_MULTI_SZ scan
                [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5755897b-7977-11dc-a979-806e6f6e6963}]
                \shell\AutoRun\command - F:\AutoRun.exe
                .
                Inhoud van de 'Gedeelde Taken' map
                "2008-03-23 22:59:09 C:\Windows\Tasks\RegCure Program Check.job"
                - C:\Reg\RegCure.exe
                "2007-11-01 02:30:24 C:\Windows\Tasks\RegCure.job"
                - C:\Reg\RegCure.exe
                .
                **************************************************************************
                catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2008-03-24 00:13:25
                Windows 6.0.6000 NTFS
                scannen van verborgen processen ...
                scannen van verborgen autostart items ...
                scannen van verborgen bestanden ...
                Scan succesvol afgerond
                verborgen bestanden: 0
                **************************************************************************
                .
                Voltooingstijd: 2008-03-24 0:14:37
                ComboFix-quarantined-files.txt 2008-03-23 23:14:29
                ComboFix2.txt 2008-03-23 22:52:24
                .
                2008-03-19 20:41:28 --- E O F ---
                Last edited by Kiklo; 24-03-08, 02:08.

                Comment


                • #9
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 0:35:11, on 24-3-2008
                  Platform: Windows Vista (WinNT 6.00.1904)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16609)
                  Boot mode: Normal

                  Running processes:
                  C:\Windows\System32\smss.exe
                  C:\Windows\system32\csrss.exe
                  C:\Windows\system32\wininit.exe
                  C:\Windows\system32\csrss.exe
                  C:\Windows\system32\services.exe
                  C:\Windows\system32\winlogon.exe
                  C:\Windows\system32\lsass.exe
                  C:\Windows\system32\lsm.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\AUDIODG.EXE
                  C:\Windows\system32\SLsvc.exe
                  C:\Windows\system32\svchost.exe
                  C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
                  C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\System32\spoolsv.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\Dwm.exe
                  C:\Windows\Explorer.EXE
                  C:\Program Files\Analog Devices\Core\smax4pnp.exe
                  C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
                  C:\Omnipage\OpWare15.exe
                  C:\Malware\a2guard.exe
                  C:\Adobe\Distillr\acrotray.exe
                  C:\Windows\System32\igfxtray.exe
                  C:\Windows\System32\hkcmd.exe
                  C:\Windows\System32\igfxpers.exe
                  C:\Bo\BOC425.EXE
                  C:\Ghost\Agent\VProTray.exe
                  C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
                  C:\Spybot\TeaTimer.exe
                  C:\Omnipage\OpAgent.exe
                  C:\Transparent\ActualTransparentWindowCenter.exe
                  C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE
                  C:\Windows\ehome\ehtray.exe
                  C:\Program Files\Windows Media Player\wmpnscfg.exe
                  C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
                  C:\Rogue\RogueRemoverPRO.exe
                  C:\Blaster\idblasterplus.exe
                  C:\Plextor\PlexTool.exe
                  C:\Guard\sgmain.exe
                  C:\Users\Privé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ietsr.exe
                  C:\Washer\MailWasher.exe
                  C:\Windows\system32\igfxsrvc.exe
                  C:\Windows\system32\CNAC6RPK.EXE
                  C:\Windows\ehome\ehmsas.exe
                  C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
                  C:\Malware\a2service.exe
                  C:\Bo\BOCORE.exe
                  C:\Program Files\PrevxCSI\PrevxCSI.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\Ghost\Agent\VProSvc.exe
                  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe
                  C:\Windows\System32\svchost.exe
                  C:\Windows\system32\SearchIndexer.exe
                  C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
                  C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
                  C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
                  C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
                  C:\Spybot\SDWinSec.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Program Files\Windows Media Player\wmpnetwk.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Windows\System32\svchost.exe
                  C:\Guard\sgbhp.exe
                  C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe
                  C:\Office\OFFICE11\WINWORD.EXE
                  C:\Windows\servicing\TrustedInstaller.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Hijack\HijackThis.exe

                  R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://europe.google.com/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://europe.google.com/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://europe.google.com/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://europe.google.com/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://europe.google.com
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://europe.google.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://europe.google.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://europe.google.com
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://europe.google.com
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://europe.google.com/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://europe.google.com/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://europe.google.com
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
                  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://europe.google.com
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://europe.google.com/
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\ActiveX\AcroIEHelper.dll
                  O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Guard\dlprotect.dll
                  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll
                  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Adobe\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat\AcroIEFavClient.dll
                  O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
                  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
                  O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
                  O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
                  O4 - HKLM\..\Run: [Opware15] "C:\Omnipage\Opware15.exe"
                  O4 - HKLM\..\Run: [ScanSoft OmniPage 15-reminder] "C:\Omnipage\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage15.0\Ereg\Ereg.ini
                  O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Wipe\BCWipeTM.exe" startup
                  O4 - HKLM\..\Run: [a-squared] "C:\Malware\a2guard.exe" /d=60
                  O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Adobe\Distillr\Acrotray.exe"
                  O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
                  O4 - HKLM\..\Run: [BOC-425] C:\Bo\BOC425.exe
                  O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Ghost\Agent\VProTray.exe"
                  O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
                  O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
                  O4 - HKLM\..\RunServices: [IECleanAux] IEBOOT6.EXE
                  O4 - HKLM\..\RunServicesOnce: [IECleanWiper] IEBOOT6.EXE
                  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot\TeaTimer.exe
                  O4 - HKCU\..\Run: [OpAgent] "C:\Omnipage\OpAgent.exe" /agent
                  O4 - HKCU\..\Run: [Actual Transparent Window] "C:\Transparent\ActualTransparentWindowCenter.exe"
                  O4 - HKCU\..\Run: [E08NXLRD_11791912] "C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE" -m
                  O4 - HKCU\..\Run: [E08NXLRD_1915941] "C:\Encarta\Encarta Winkler Prins Naslagbibliotheek 2008 DVD\EDICT.EXE" -m
                  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
                  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
                  O4 - HKCU\..\Run: [updateMgr] "C:\Adobe\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1
                  O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
                  O4 - HKCU\..\Run: [RogueMonitor] C:\Rogue\RogueRemoverPRO.exe /monitor
                  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
                  O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
                  O4 - Startup: Guard.lnk = C:\Guard\sgmain.exe
                  O4 - Startup: ietsr.exe
                  O4 - Startup: MailWasherPro.lnk = C:\Washer\MailWasher.exe
                  O4 - Global Startup: ID-blaster.lnk = C:\Blaster\idblasterplus.exe
                  O4 - Global Startup: Plextools.lnk = C:\Plextor\PlexTool.exe
                  O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                  O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                  O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                  O8 - Extra context menu item: Convert to existing PDF - res://C:\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Office\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: Encarta Winkler Prins Zoekbalk - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
                  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll
                  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll
                  O13 - Gopher Prefix:
                  O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://plugin.driveragent.com/files/driveragent.cab
                  O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Malware\a2service.exe
                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                  O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
                  O23 - Service: BOCore - COMODO - C:\Bo\BOCORE.exe
                  O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                  O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
                  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                  O23 - Service: Norton Ghost - Symantec Corporation - C:\Ghost\Agent\VProSvc.exe
                  O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                  O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Spybot\SDWinSec.exe
                  O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
                  O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
                  O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
                  O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

                  --
                  End of file - 12147 bytes

                  Comment


                  • #10
                    Hallo weer,


                    Schakel Spybot's TeaTimer even uit, omdat deze de fix in de weg kan zitten:
                    - Start Spybot
                    - Ga naar Mode > selecteer Advanced Mode
                    - Ga naar Tools en klik op het Resident-icoon in de lijst
                    - Haal het vinkje weg bij Resident TeaTimer en klik OK
                    - Herstart de computer

                    Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
                    Dubbelklik op ResetTeaTimer.bat om alle entries in TeaTimer te verwijderen.
                    Als de computer schoon is, kun je TeaTimer weer aan zetten

                    Start Hijackthis op en kies voor 'Do a system scan only'
                    Selecteer alleen de items die hieronder zijn genoemd:

                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://europe.google.com/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://europe.google.com/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://europe.google.com/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://europe.google.com
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://europe.google.com/
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://europe.google.com
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://europe.google.com
                    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://europe.google.com
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://europe.google.com/
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://europe.google.com/
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://europe.google.com
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
                    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://europe.google.com
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://europe.google.com/
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

                    Klik op 'Fix checked' om de items te verwijderen.

                    1 regel laten staan dus.

                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://europe.google.com/

                    vertel even hoe het gaat nu.

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Werkt niet. Als ik die reset teatimer.bat probeer te starten zegt hij, "unsupported version. press any key to exit."

                      Als ik het probeer te fixen via hijackthis dan komt spyware guard steds met waarschuwingsberichten dat de default search page geijzigd wordt van google naar msn.com, of van google naar "none."
                      Last edited by Kiklo; 24-03-08, 15:23.

                      Comment


                      • #12
                        Dan zet je die toch even uit ??

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Ik denk dat het al goed is nu. Ik heb spyware guard en spyware blaster eraf gehaald, IEClean erafgehaald, Spybot S&D eraf gehaald, register opgeschoond, vervolgens opnieuw Spybot S&D geïnstalleerd, via instellingen browserpages de msn en windows search pages allemaal gewijzigd in europe.google.com en de coolwwsearch.wcadw is na een nieuwe scan niet meer aanwezig.

                          Comment


                          • #14
                            spyblaster en ad-aware mogen er ook weer op.

                            Goed gedaan.

                            Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

                            Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U
                            Klik op OK of toets Enter.
                            Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.




                            Hier nog wat tips. Beveiligings Tips

                            Ik zet de tread op opgelost.

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Me valt nu ook op dat bij de installatie van Spyware Blaster geen andere sites meer buiten die van europe.google.com in de lijst staan.

                              Ik vraag me nu nog steeds af of die wwwcolsearch wel echt spyware was, het lijkt namelijk gewoon op een simpele wijziging van de startpagina.

                              Adviseer je ook het uitzetten van de flash optie in Spyware Blaster? Het neemt wel wat funtionaliteit weg.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X