Ga naar inhoud

paoloconverse

Lid
  • Items

    8
  • Registratiedatum

  • Laatst bezocht

paoloconverse's prestaties

  1. ja zoals het er nu voor staat helemaal goed! alles werkt weer en geen meldingen of iets. echt heel erg bedankt! nu kan ik weer normaal op internet!
  2. sorry voor de late reactie (was weg met me werk). maar goed hier is het Log die ik kreeg uit Combofix. ComboFix 11-01-31.02 - paul 03-02-2011 17:10:05.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3326.2249 [GMT 1:00] Gestart vanuit: c:\users\paul\Desktop\ComboFix.exe AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\mxfilerelatedcache.mxc2 c:\users\paul\AppData\Local\Temp\7BF2.tmp c:\users\paul\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2 c:\users\paul\FAVORI~1\mxfilerelatedcache.mxc2 c:\users\paul\Favorites\mxfilerelatedcache.mxc2 c:\windows\system32\Device.dll . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))) . 2011-01-30 17:58 . 2011-01-30 17:58 -------- d-----w- c:\users\paul\AppData\Roaming\Malwarebytes 2011-01-30 17:58 . 2011-01-30 17:58 -------- d-----w- c:\programdata\Malwarebytes 2011-01-30 17:58 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-30 17:58 . 2011-01-30 17:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-30 17:58 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-30 14:23 . 2011-01-30 14:23 388096 ----a-r- c:\users\paul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-30 14:23 . 2011-01-30 14:23 -------- d-----w- c:\program files\Trend Micro 2011-01-28 15:40 . 2011-01-28 15:40 -------- d-----w- c:\windows\nl 2011-01-27 16:05 . 2011-01-28 15:34 -------- d-----w- c:\program files\Bing Bar Installer 2011-01-27 16:05 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-01-27 16:05 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-01-27 16:05 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-01-23 17:32 . 2011-01-23 17:32 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\79963c111cbbb2311\InstallManager_WLE_WLE.exe 2011-01-23 17:31 . 2011-01-23 17:31 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\66f42f411cbbb2305\MeshBetaRemover.exe 2011-01-17 13:39 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2011-01-17 13:38 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2011-01-17 13:37 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2011-01-17 13:30 . 2011-01-17 13:30 -------- d-----w- c:\program files\Common Files\Java 2011-01-17 13:30 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-17 13:28 . 2011-01-17 13:28 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\787283c61cbb64a18\DSETUP.dll 2011-01-17 13:28 . 2011-01-17 13:28 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\787283c61cbb64a18\DXSETUP.exe 2011-01-17 13:28 . 2011-01-17 13:28 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\787283c61cbb64a18\dsetup32.dll 2011-01-17 13:28 . 2011-01-17 13:28 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\766c05661cbb64a17\DSETUP.dll 2011-01-17 13:28 . 2011-01-17 13:28 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\766c05661cbb64a17\DXSETUP.exe 2011-01-17 13:28 . 2011-01-17 13:28 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\766c05661cbb64a17\dsetup32.dll 2011-01-17 13:27 . 2011-02-03 16:05 -------- d-----w- c:\users\paul\AppData\Local\Windows Live 2011-01-17 13:27 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2011-01-17 13:26 . 2011-01-19 16:04 -------- d-----w- c:\program files\Microsoft Silverlight 2011-01-17 09:53 . 2011-01-17 09:55 -------- d-----w- c:\windows\system32\NtmsData 2011-01-15 18:56 . 2011-01-15 18:56 -------- d--h--r- c:\users\paul\AppData\Roaming\SecuROM 2011-01-15 18:38 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2011-01-15 18:37 . 2011-01-15 18:37 -------- d-----w- c:\program files\AGEIA Technologies 2011-01-15 18:37 . 2011-01-15 18:37 -------- d-----w- c:\windows\system32\AGEIA 2011-01-15 18:37 . 2011-01-15 18:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2011-01-13 19:58 . 2011-01-13 19:58 -------- d-----w- c:\programdata\Uniblue 2011-01-13 19:55 . 2011-01-13 19:59 -------- d-----w- c:\users\paul\AppData\Roaming\Uniblue 2011-01-13 19:55 . 2011-01-17 13:17 -------- d-----w- c:\program files\Uniblue 2011-01-13 19:55 . 2011-01-13 19:55 -------- d-----w- c:\users\paul\AppData\Local\PackageAware 2011-01-13 18:22 . 2011-01-13 18:22 -------- d-----w- c:\program files\Windows Portable Devices 2011-01-13 18:17 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-01-13 18:17 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-01-13 18:17 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-01-13 18:15 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-01-13 18:15 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2011-01-13 18:15 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2011-01-13 18:15 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2011-01-13 18:15 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2011-01-13 18:15 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2011-01-13 18:15 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2011-01-13 18:15 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2011-01-13 18:15 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2011-01-13 18:15 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll 2011-01-13 18:14 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2011-01-13 18:14 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-01-13 18:14 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-01-12 20:09 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll 2011-01-12 20:09 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-12 20:09 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-12 20:09 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-01-12 20:09 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-01-12 20:09 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-12 20:09 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2011-01-11 16:17 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll 2011-01-10 15:40 . 2011-01-10 15:40 -------- d-----w- c:\windows\system32\ca-ES 2011-01-10 15:40 . 2011-01-10 15:40 -------- d-----w- c:\windows\system32\eu-ES 2011-01-10 15:40 . 2011-01-10 15:40 -------- d-----w- c:\windows\system32\vi-VN 2011-01-10 15:14 . 2011-01-10 15:14 -------- d-----w- c:\windows\system32\EventProviders 2011-01-06 21:18 . 2011-01-06 21:18 -------- d-----w- c:\users\paul\AppData\Roaming\Antares 2011-01-06 21:18 . 2011-01-06 21:18 -------- d-----w- c:\program files\Antares Audio Technologies 2011-01-06 21:12 . 2011-01-06 21:12 -------- d-----w- c:\program files\AnalogX 2011-01-05 18:06 . 2011-01-05 18:06 -------- d-----w- c:\program files\EDIROL . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-03 15:55 . 2010-12-14 21:05 20 ----a-w- c:\windows\system32\setup.bat 2011-02-03 15:55 . 2010-12-14 21:05 1652 ----a-w- c:\windows\system32\setup.reg 2010-12-13 15:48 . 2010-12-13 15:48 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-12-13 15:48 . 2010-12-13 15:48 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-12-13 15:47 . 2010-12-13 15:47 833737 ----a-w- c:\windows\system32\regrc.exe 2010-11-16 11:01 . 2010-12-17 12:35 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A48B48A-6014-4AC4-B633-B91A3574732A}\mpengine.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoEJCD_0ACE20FF] 2010-10-02 13:44 40960 ----a-w- c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner] 2010-11-12 16:56 338296 ----a-w- c:\program files\Uniblue\DriverScanner\Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2010-05-04 19:44 102400 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regrc.exe [2010-12-13 833737] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-04-19 894976] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-10-04 23456] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-02-23 9728] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-02-23 3072] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2010-10-22 110304] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 172032] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 5550592] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 176128] S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc rsmsvcs REG_MULTI_SZ ntmssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS VERWIJDERD - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-02-03 17:17 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,15,65,cd,16,ad,0f,4d,a1,23,bb,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,15,65,cd,16,ad,0f,4d,a1,23,bb,\ [HKEY_USERS\S-1-5-21-3551011077-2539739791-940724638-1000\Software\SecuROM\License information*] "datasecu"=hex:fb,d1,0a,eb,e7,18,1a,8f,06,11,f9,91,86,0e,73,42,17,03,60,09,48, e3,b3,c5,bb,3f,15,f7,17,24,46,99,cb,82,22,f9,6a,90,39,a6,51,1d,ac,56,00,4d,\ "rkeysecu"=hex:38,82,22,77,cc,01,36,ca,65,bd,ad,aa,3b,20,13,ff . Voltooingstijd: 2011-02-03 17:18:41 ComboFix-quarantined-files.txt 2011-02-03 16:18 Pre-Run: 3.795.800.064 bytes beschikbaar Post-Run: 5.617.520.640 bytes beschikbaar - - End Of File - - 059F76021CF9FA00412998197027EE87
  3. Goedemiddag, Hier zijn de file's. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5648 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 31-1-2011 17:01:51 mbam-log-2011-01-31 (17-01-51).txt Scantype: Snelle scan Objecten gescand: 148381 Verstreken tijd: 9 minuut/minuten, 29 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: c:\Windows\Temp\mrtDA66.tmp\stdrt.exe (Trojan.FakeMS) -> 2620 -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Windows\Temp\mrtDA66.tmp\stdrt.exe (Trojan.FakeMS) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:51:05, on 31-1-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\FRONTP~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{84A5742F-AD87-4190-BCB0-9F38BE27D43B}: NameServer = 4.2.2.2 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regrc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 5635 bytes M.V.G
  4. Goedemiddag, Hierbij stuur ik mijn nieuwe file's. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5648 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 31-1-2011 16:19:26 mbam-log-2011-01-31 (16-19-16).txt Scantype: Snelle scan Objecten gescand: 148239 Verstreken tijd: 10 minuut/minuten, 37 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 2 Geheugenprocessen geïnfecteerd: c:\Windows\Temp\mrtBB52.tmp\stdrt.exe (Trojan.FakeMS) -> 2720 -> No action taken. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Windows\Temp\mrtBB52.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. c:\Windows\Temp\mrtE474.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:57:04, on 31-1-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\FRONTP~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{84A5742F-AD87-4190-BCB0-9F38BE27D43B}: NameServer = 4.2.2.2 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regrc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 5635 bytes M.V.G
  5. Goedemiddag, Kan iemand mij helpen mijn internet werkt op dit moment niet goed. Pagina worden niet gevonden en dan wel weer. Terwijl ik gewoon kan downloaden. Hier een log file van HIJACKTHIS aaLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:08:52, on 13-9-2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hulpprogramma's\Schoonmaakprogramma's\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hulpprogramma's\Schoonmaakprogramma's\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\HULPPR~1\SCHOON~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Hulpprogramma's\Schoonmaakprogramma's\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\HULPPR~1\SCHOON~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\HULPPR~1\SCHOON~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://ponltbc.onl.motive.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Hulpprogramma's\Schoonmaakprogramma's\SuperAntiSpyware\SASWINLO.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Hulpprogramma's\Schoonmaakprogramma's\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Hulpprogramma's\Brand en rip programma's\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8724 bytes Bij voorbaat dank Alex ---------- Post toegevoegd om 15:31 ---------- Vorige post was om 15:30 ---------- Sorry dit is een andere computer sluiten maar
  6. Hijack This Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:42:37, on 30-1-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\FRONTP~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{84A5742F-AD87-4190-BCB0-9F38BE27D43B}: NameServer = 4.2.2.2 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regrc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 5635 bytes MBAM Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5640 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 30-1-2011 19:36:23 mbam-log-2011-01-30 (19-36-23).txt Scantype: Snelle scan Objecten gescand: 148753 Verstreken tijd: 18 minuut/minuten, 0 seconde(n) Geheugenprocessen geïnfecteerd: 3 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 10 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 1 Mappen geïnfecteerd: 7 Bestanden geïnfecteerd: 102 Geheugenprocessen geïnfecteerd: c:\Windows\Temp\mrtB65.tmp\stdrt.exe (Trojan.FakeMS) -> 2128 -> Unloaded process successfully. c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> 2836 -> Unloaded process successfully. c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> 3764 -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: c:\program files\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mappen geïnfecteerd: c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\relevantknowledge (Spyware.MarketScore) -> Delete on reboot. c:\program files\relevantknowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\program files\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot. c:\Windows\Temp\mrtB65.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\install\redist\windowsinstaller-kb893803-v2-x86.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\install\redist\windowsserver2003-kb898715-ia64-enu.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\install\redist\windowsserver2003-kb898715-x64-enu.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\install\redist\windowsserver2003-kb898715-x86-enu.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\install\redist\windowsxp-kb898715-x64-enu.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\~os1A27.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\~os1A27.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\~os1A27.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\Users\paul\AppData\Local\Temp\~os1A27.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt1110.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt14F6.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt157.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt15E0.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt189E.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt209A.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt34A6.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt3C73.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt5263.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt55C.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt5E93.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt5F1F.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt6B4F.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt6BBC.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt8094.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt845B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt84C8.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt87D4.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt8989.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt89C7.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtBF77.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtC4F.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtC84D.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtCEC3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtD142.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtD46D.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtD5A5.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtD8A2.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtDA95.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtDAE3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtDB60.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtDCE6.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtDDB1.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtE252.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtE35B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtE3B9.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtE619.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtE751.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtE935.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtEB28.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtEB29.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtF4F8.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtF6AD.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtFC19.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtFCA6.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrt8F24.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtBF0A.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtF0D3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtA3DC.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtA42A.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtA717.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtA811.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtA939.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtAAAF.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtABD8.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtACA3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtAD8D.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtAE77.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtAEF3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtB03B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtB17.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtB46F.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtB5B7.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtB7AA.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtB9AD.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtBAE5.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtBB62.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtBC7B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Temp\mrtBCF7.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DL_ (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\nscf.dat (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\program files\relevantknowledge\components\rlxg.dll (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
  7. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:25:23, on 30-1-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\RelevantKnowledge\rlvknlg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\FRONTP~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{84A5742F-AD87-4190-BCB0-9F38BE27D43B}: NameServer = 4.2.2.2 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regrc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 5765 bytes Dit kwam er te staan. Alleen onder de scan kwam er wel wat in beeld. Over dat er bestanden in C:// zitten ofzo die hij niet kan scannen (weet het niet meer precies.) Hoop dat je me kan helpen!
  8. Goedenmiddag. Ik heb sinds een korte tijd steeds problemen met het internet. Maar het gekke is, alles werkt gewoon. Me mail/msn en alles werkt gewoon. Maar internet explorder doet het gewoon niet. Om een pagina te laden doet die echt 3 uur over voor die is geladen. Iets in me computer of dergelijke zit gewoon niet goed. Want ik heb nog 2 computers in me huis en die werken wel gewoon. (Zoals je ziet). Dus graag HELP!
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.