Nafisa

Thank you! Alles ziet er weer goed uit en ik krijg geen rare meldingen meer. Ik had nog een vraagje, is die CCleaner handig voor normaal gebruik? Om de zoveel tijd analyseren en schoonmaken, helpt dit mijn systeem ook? En voor de rest, vriendelijk bedankt voor alle hulp. Nu weet ik iig waar ik moet zijn als ik weer een probleem heb.

Voorlopig niet. Ik hoop ook dat het zo blijft, anders laat ik het zeker horen. Welke geinstalleerde progs mogen weg?

Ik kreeg dit bestandje na afloop van de scan. Het heette log.txt en geen Combofix.txt. Maakt dit wat uit?? ComboFix 10-10-09.01 - OEM 09/10/2010 19:16:24.2.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1015.359 [GMT 2:00] Gestart vanuit: c:\users\OEM\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\OEM\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\system32\drivers\ymsuknuo.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\ymsuknuo.sys . (((((((((((((((((((( Bestanden Gemaakt van 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))) . 2010-10-09 17:30 . 2010-10-09 17:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-10-09 17:30 . 2010-10-09 17:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-10-09 17:30 . 2010-10-09 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-09 16:14 . 2010-10-09 17:31 -------- d-----w- c:\users\OEM\AppData\Local\temp 2010-10-08 12:59 . 2010-10-08 12:59 388096 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-08 12:59 . 2010-10-08 12:59 -------- d-----w- c:\program files\Trend Micro 2010-10-08 10:35 . 2010-10-08 10:36 -------- d-----w- c:\users\OEM\AppData\Roaming\Malwarebytes 2010-10-08 10:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-08 10:35 . 2010-10-08 10:35 -------- d-----w- c:\programdata\Malwarebytes 2010-10-08 10:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-08 10:35 . 2010-10-08 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-08 09:32 . 2010-10-08 10:29 -------- d-----w- c:\windows\system32\MpEngineStore 2010-09-29 17:17 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-28 11:41 . 2010-09-28 12:28 101376 ----a-w- c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll 2010-09-28 11:41 . 2010-09-28 12:28 52224 ----a-w- c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll 2010-09-21 20:15 . 2010-09-24 14:43 -------- d-----w- c:\program files\Oberon Media 2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AdobeARM.exe 2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17313\AdobeARM.exe 2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AdobeExtractFiles.dll 2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17313\AdobeExtractFiles.dll 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\ReaderUpdater.exe 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AcrobatUpdater.exe 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17313\ReaderUpdater.exe 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17313\AcrobatUpdater.exe 2010-09-15 18:05 . 2010-09-21 20:20 -------- d-----w- c:\program files\ePSXe 2010-09-15 18:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll 2010-09-15 18:01 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-15 18:00 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-09-15 18:00 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-09 15:58 . 2006-11-02 16:07 739334 ----a-w- c:\windows\system32\perfh013.dat 2010-10-09 15:58 . 2006-11-02 16:07 154380 ----a-w- c:\windows\system32\perfc013.dat 2010-10-05 23:22 . 2009-02-24 13:28 1356 ----a-w- c:\users\OEM\AppData\Local\d3d9caps.dat 2010-10-01 23:30 . 2010-03-28 18:11 -------- d-----w- c:\users\OEM\AppData\Roaming\Skype 2010-10-01 22:01 . 2010-03-28 18:28 -------- d-----w- c:\users\OEM\AppData\Roaming\skypePM 2010-09-29 22:33 . 2010-03-21 19:50 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-25 15:06 . 2010-02-04 20:18 -------- d-----w- c:\program files\Yahoo! 2010-09-24 14:45 . 2009-12-14 20:54 -------- d-----w- c:\program files\DVDVideoSoft 2010-09-24 14:45 . 2009-12-14 20:54 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-09-16 06:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-09-13 19:06 . 2010-09-08 16:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-09-13 19:06 . 2010-08-17 17:47 -------- d-----w- c:\programdata\DivX 2010-09-13 19:06 . 2009-12-12 20:56 -------- d-----w- c:\program files\DivX 2010-09-13 19:05 . 2010-08-17 17:47 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-09-08 15:43 . 2010-09-08 15:43 8854 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\UNINST_Uninstall_A_6DBDF86321744BD1995E5AE429061628.exe 2010-09-08 15:43 . 2010-09-08 15:43 8854 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\UNINST_Uninstall_A_5CAD3F3805754F51802458079D007DB0.exe 2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut6_BA9B78AAD4D74D899FC31371F4CAD435.exe 2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut4_39BDABECE51744048888DD4DF87A5697.exe 2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\ARPPRODUCTICON.exe 2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut5_F98FECF1C3B4443E80DF2C064AC43102.exe 2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut3_3BB3017CA22E4CC7B5DA0A4D3F71BDC5.exe 2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut2_9FE2138D7B36411B9F9982BE58CEBBD6.exe 2010-09-08 15:43 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat 2010-09-08 15:43 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat 2010-09-08 15:43 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat 2010-09-08 15:43 . 2010-09-08 15:43 -------- d-----w- c:\program files\ABN AMRO e.dentifier2 2010-08-30 15:19 . 2009-10-21 21:15 -------- d-----w- c:\program files\CyberLink 2010-08-12 17:58 . 2010-02-04 20:20 -------- d-----w- c:\programdata\Yahoo! 2010-08-12 17:54 . 2010-08-12 17:54 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe . ------- Sigcheck ------- [-] 2010-04-02 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll [7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll [7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll [7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-11-02 19:02 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "IgfxTray"=c:\windows\system32\igfxtray.exe "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "HotKeysCmds"=c:\windows\system32\hkcmd.exe "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" -hide -runkey "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" -h "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040] R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 99968] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-08-21 645120] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112] S2 iprip;RIP-listener;c:\windows\System32\svchost.exe [2008-01-19 21504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc rsmsvcs REG_MULTI_SZ ntmssvc ipripsvc REG_MULTI_SZ iprip LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 12:37] 2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 12:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\OEM\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm FF - ProfilePath - c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll FF - component: c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll FF - plugin: c:\program files\ABN AMRO e.dentifier2\Mozilla\npBECON.dll FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\System32\guard32.dll - - - - - - - > 'lsass.exe'(628) c:\windows\system32\guard32.dll . Voltooingstijd: 2010-10-09 19:39:24 ComboFix-quarantined-files.txt 2010-10-09 17:39 ComboFix2.txt 2010-10-09 16:14 Pre-Run: 67,796,561,920 bytes beschikbaar Post-Run: 67,722,502,144 bytes beschikbaar - - End Of File - - BB65DE1081A72230E85E509E56F764F8

Combofix log ComboFix 10-10-08.01 - OEM 09/10/2010 17:54:28.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1015.376 [GMT 2:00] Gestart vanuit: c:\users\OEM\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\enemies-names.txt c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\local.ini c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\lsrslt.ini c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\v700bin00mod.exe c:\users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor c:\users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\users\OEM\AppData\Roaming\SQLite3.dll c:\users\OEM\FAVORI~1\sportbusiness center leusden.html c:\users\OEM\FAVORI~1\what-are-legal-rights-father.html c:\users\OEM\Favorites\sportbusiness center leusden.html c:\users\OEM\Favorites\what-are-legal-rights-father.html Besmet exemplaar van c:\windows\system32\drivers\kbdclass.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack . (((((((((((((((((((( Bestanden Gemaakt van 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))) . 2010-10-09 16:08 . 2010-10-09 16:09 -------- d-----w- c:\users\OEM\AppData\Local\temp 2010-10-09 16:08 . 2010-10-09 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-08 12:59 . 2010-10-08 12:59 388096 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-08 12:59 . 2010-10-08 12:59 -------- d-----w- c:\program files\Trend Micro 2010-10-08 10:35 . 2010-10-08 10:36 -------- d-----w- c:\users\OEM\AppData\Roaming\Malwarebytes 2010-10-08 10:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-08 10:35 . 2010-10-08 10:35 -------- d-----w- c:\programdata\Malwarebytes 2010-10-08 10:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-08 10:35 . 2010-10-08 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-08 10:28 . 2010-10-08 10:28 35384 ----a-w- c:\windows\system32\drivers\ymsuknuo.sys 2010-10-08 09:32 . 2010-10-08 10:29 -------- d-----w- c:\windows\system32\MpEngineStore 2010-09-29 17:17 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-28 11:41 . 2010-09-28 12:28 101376 ----a-w- c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll 2010-09-28 11:41 . 2010-09-28 12:28 52224 ----a-w- c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll 2010-09-21 20:15 . 2010-09-24 14:43 -------- d-----w- c:\program files\Oberon Media 2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AdobeARM.exe 2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AdobeExtractFiles.dll 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\ReaderUpdater.exe 2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AcrobatUpdater.exe 2010-09-15 18:05 . 2010-09-21 20:20 -------- d-----w- c:\program files\ePSXe 2010-09-15 18:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll 2010-09-15 18:01 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-15 18:00 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-09-15 18:00 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-09 15:58 . 2006-11-02 16:07 739334 ----a-w- c:\windows\system32\perfh013.dat 2010-10-09 15:58 . 2006-11-02 16:07 154380 ----a-w- c:\windows\system32\perfc013.dat 2010-10-05 23:22 . 2009-02-24 13:28 1356 ----a-w- c:\users\OEM\AppData\Local\d3d9caps.dat 2010-10-01 23:30 . 2010-03-28 18:11 -------- d-----w- c:\users\OEM\AppData\Roaming\Skype 2010-10-01 22:01 . 2010-03-28 18:28 -------- d-----w- c:\users\OEM\AppData\Roaming\skypePM 2010-09-29 22:33 . 2010-03-21 19:50 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-25 15:06 . 2010-02-04 20:18 -------- d-----w- c:\program files\Yahoo! 2010-09-24 14:45 . 2009-12-14 20:54 -------- d-----w- c:\program files\DVDVideoSoft 2010-09-24 14:45 . 2009-12-14 20:54 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-09-16 06:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-09-13 19:06 . 2010-09-08 16:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-09-13 19:06 . 2010-08-17 17:47 -------- d-----w- c:\programdata\DivX 2010-09-13 19:06 . 2009-12-12 20:56 -------- d-----w- c:\program files\DivX 2010-09-13 19:05 . 2010-08-17 17:47 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-09-08 15:43 . 2010-09-08 15:43 8854 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\UNINST_Uninstall_A_6DBDF86321744BD1995E5AE429061628.exe 2010-09-08 15:43 . 2010-09-08 15:43 8854 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\UNINST_Uninstall_A_5CAD3F3805754F51802458079D007DB0.exe 2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut6_BA9B78AAD4D74D899FC31371F4CAD435.exe 2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut4_39BDABECE51744048888DD4DF87A5697.exe 2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\ARPPRODUCTICON.exe 2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut5_F98FECF1C3B4443E80DF2C064AC43102.exe 2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut3_3BB3017CA22E4CC7B5DA0A4D3F71BDC5.exe 2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut2_9FE2138D7B36411B9F9982BE58CEBBD6.exe 2010-09-08 15:43 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat 2010-09-08 15:43 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat 2010-09-08 15:43 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat 2010-09-08 15:43 . 2010-09-08 15:43 -------- d-----w- c:\program files\ABN AMRO e.dentifier2 2010-08-30 15:19 . 2009-10-21 21:15 -------- d-----w- c:\program files\CyberLink 2010-08-12 17:58 . 2010-02-04 20:20 -------- d-----w- c:\programdata\Yahoo! 2010-08-12 17:54 . 2010-08-12 17:54 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-11-02 19:02 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "IgfxTray"=c:\windows\system32\igfxtray.exe "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "HotKeysCmds"=c:\windows\system32\hkcmd.exe "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" -hide -runkey "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" -h "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040] R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 99968] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-08-21 645120] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112] S2 iprip;RIP-listener;c:\windows\System32\svchost.exe [2008-01-19 21504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc rsmsvcs REG_MULTI_SZ ntmssvc ipripsvc REG_MULTI_SZ iprip LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 12:37] 2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 12:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\users\OEM\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm FF - ProfilePath - c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll FF - component: c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll FF - plugin: c:\program files\ABN AMRO e.dentifier2\Mozilla\npBECON.dll FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\System32\guard32.dll - - - - - - - > 'lsass.exe'(628) c:\windows\system32\guard32.dll . Voltooingstijd: 2010-10-09 18:14:01 ComboFix-quarantined-files.txt 2010-10-09 16:14 Pre-Run: 67,405,008,896 bytes beschikbaar Post-Run: 67,833,802,752 bytes beschikbaar - - End Of File - - 5C8FDB3465D81E4F5CE49EDFF61252EF

Bedankt voor het reageren. Ik heb zojuist een Malwarebytes scan uitgevoerd, hieronder het logje. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4774 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 09/10/2010 16:59:14 mbam-log-2010-10-09 (16-59-14).txt Scantype: Volledige scan (C:\|D:\|E:\|F:\|) Objecten gescand: 223024 Verstreken tijd: 1 uur/uren, 16 minuut/minuten, 54 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ---------- Post toegevoegd om 15:11 ---------- Vorige post was om 15:01 ---------- De HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:14:04, on 09/10/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\OEM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\OEM\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 5026 bytes En de website waar ik de eerste HJT log naar toe had gekopieerd was die van HJT zelf. www.hijackthis.de Er worden nog steeds zomaar websites geopend, en emails verstuurd vanuit mijn account. Het icoontje is al wel verwijderd van mijn desktop.

Ik ben er vanochtend achtergekomen dat ook ik het doelwit ben geworden van dat Antimalware gebeuren. Ik heb op het internet een beetje rondgekeken en heb inmiddels ook al Malwarebytes Antimalware gedownload en uitgevoerd, deze had 32 infecties gevonden en verwijderd. Na het restarten kreeg ik al gelijk de Doctor voor mijn neus. Ook heb ik Hijackthis gedownload, en mijn logfile op die site gekopieerd maar volgens hun is er niets aan de hand terwijl er dus echt wel wat is. Ik heb nog steeds mijn Logfile. Zou iemand mij aub kunnen verder helpen? Ik word hier langzaamaan een beetje moedeloos van.. ---------- Post toegevoegd om 13:41 ---------- Vorige post was om 13:40 ---------- Hierbij mijn logje. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:26:25, on 08/10/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\wermgr.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [v700bin00mod.exe] C:\Users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\v700bin00mod.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\OEM\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 5170 bytes