Nafisa
-
Items
6 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Nafisa
-
-
Voorlopig niet. Ik hoop ook dat het zo blijft, anders laat ik het zeker horen.
Welke geinstalleerde progs mogen weg? -
Ik kreeg dit bestandje na afloop van de scan. Het heette log.txt en geen Combofix.txt. Maakt dit wat uit??
ComboFix 10-10-09.01 - OEM 09/10/2010 19:16:24.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1015.359 [GMT 2:00]
Gestart vanuit: c:\users\OEM\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\OEM\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\ymsuknuo.sys"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ymsuknuo.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-09 to 2010-10-09 ))))))))))))))))))))))))))))))
.
2010-10-09 17:30 . 2010-10-09 17:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-10-09 17:30 . 2010-10-09 17:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-09 17:30 . 2010-10-09 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-09 16:14 . 2010-10-09 17:31 -------- d-----w- c:\users\OEM\AppData\Local\temp
2010-10-08 12:59 . 2010-10-08 12:59 388096 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-08 12:59 . 2010-10-08 12:59 -------- d-----w- c:\program files\Trend Micro
2010-10-08 10:35 . 2010-10-08 10:36 -------- d-----w- c:\users\OEM\AppData\Roaming\Malwarebytes
2010-10-08 10:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-08 10:35 . 2010-10-08 10:35 -------- d-----w- c:\programdata\Malwarebytes
2010-10-08 10:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-08 10:35 . 2010-10-08 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 09:32 . 2010-10-08 10:29 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-29 17:17 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 11:41 . 2010-09-28 12:28 101376 ----a-w- c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-09-28 11:41 . 2010-09-28 12:28 52224 ----a-w- c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-09-21 20:15 . 2010-09-24 14:43 -------- d-----w- c:\program files\Oberon Media
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17313\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17313\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AcrobatUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17313\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17313\AcrobatUpdater.exe
2010-09-15 18:05 . 2010-09-21 20:20 -------- d-----w- c:\program files\ePSXe
2010-09-15 18:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 18:01 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 18:00 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 18:00 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 15:58 . 2006-11-02 16:07 739334 ----a-w- c:\windows\system32\perfh013.dat
2010-10-09 15:58 . 2006-11-02 16:07 154380 ----a-w- c:\windows\system32\perfc013.dat
2010-10-05 23:22 . 2009-02-24 13:28 1356 ----a-w- c:\users\OEM\AppData\Local\d3d9caps.dat
2010-10-01 23:30 . 2010-03-28 18:11 -------- d-----w- c:\users\OEM\AppData\Roaming\Skype
2010-10-01 22:01 . 2010-03-28 18:28 -------- d-----w- c:\users\OEM\AppData\Roaming\skypePM
2010-09-29 22:33 . 2010-03-21 19:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-25 15:06 . 2010-02-04 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-24 14:45 . 2009-12-14 20:54 -------- d-----w- c:\program files\DVDVideoSoft
2010-09-24 14:45 . 2009-12-14 20:54 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-16 06:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-13 19:06 . 2010-09-08 16:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-13 19:06 . 2010-08-17 17:47 -------- d-----w- c:\programdata\DivX
2010-09-13 19:06 . 2009-12-12 20:56 -------- d-----w- c:\program files\DivX
2010-09-13 19:05 . 2010-08-17 17:47 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-08 15:43 . 2010-09-08 15:43 8854 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\UNINST_Uninstall_A_6DBDF86321744BD1995E5AE429061628.exe
2010-09-08 15:43 . 2010-09-08 15:43 8854 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\UNINST_Uninstall_A_5CAD3F3805754F51802458079D007DB0.exe
2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut6_BA9B78AAD4D74D899FC31371F4CAD435.exe
2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut4_39BDABECE51744048888DD4DF87A5697.exe
2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\ARPPRODUCTICON.exe
2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut5_F98FECF1C3B4443E80DF2C064AC43102.exe
2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut3_3BB3017CA22E4CC7B5DA0A4D3F71BDC5.exe
2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut2_9FE2138D7B36411B9F9982BE58CEBBD6.exe
2010-09-08 15:43 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-08 15:43 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-08 15:43 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-08 15:43 . 2010-09-08 15:43 -------- d-----w- c:\program files\ABN AMRO e.dentifier2
2010-08-30 15:19 . 2009-10-21 21:15 -------- d-----w- c:\program files\CyberLink
2010-08-12 17:58 . 2010-02-04 20:20 -------- d-----w- c:\programdata\Yahoo!
2010-08-12 17:54 . 2010-08-12 17:54 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
.
------- Sigcheck -------
[-] 2010-04-02 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-02 19:02 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" -hide -runkey
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" -h
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664]
R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 99968]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-08-21 645120]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 iprip;RIP-listener;c:\windows\System32\svchost.exe [2008-01-19 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 12:37]
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 12:37]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\OEM\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(592)
c:\windows\System32\guard32.dll
- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\guard32.dll
.
Voltooingstijd: 2010-10-09 19:39:24
ComboFix-quarantined-files.txt 2010-10-09 17:39
ComboFix2.txt 2010-10-09 16:14
Pre-Run: 67,796,561,920 bytes beschikbaar
Post-Run: 67,722,502,144 bytes beschikbaar
- - End Of File - - BB65DE1081A72230E85E509E56F764F8
-
Combofix log
ComboFix 10-10-08.01 - OEM 09/10/2010 17:54:28.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1015.376 [GMT 2:00]
Gestart vanuit: c:\users\OEM\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC
c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\enemies-names.txt
c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\local.ini
c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\lsrslt.ini
c:\users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\v700bin00mod.exe
c:\users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\OEM\AppData\Roaming\SQLite3.dll
c:\users\OEM\FAVORI~1\sportbusiness center leusden.html
c:\users\OEM\FAVORI~1\what-are-legal-rights-father.html
c:\users\OEM\Favorites\sportbusiness center leusden.html
c:\users\OEM\Favorites\what-are-legal-rights-father.html
Besmet exemplaar van c:\windows\system32\drivers\kbdclass.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-09 to 2010-10-09 ))))))))))))))))))))))))))))))
.
2010-10-09 16:08 . 2010-10-09 16:09 -------- d-----w- c:\users\OEM\AppData\Local\temp
2010-10-09 16:08 . 2010-10-09 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-08 12:59 . 2010-10-08 12:59 388096 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-08 12:59 . 2010-10-08 12:59 -------- d-----w- c:\program files\Trend Micro
2010-10-08 10:35 . 2010-10-08 10:36 -------- d-----w- c:\users\OEM\AppData\Roaming\Malwarebytes
2010-10-08 10:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-08 10:35 . 2010-10-08 10:35 -------- d-----w- c:\programdata\Malwarebytes
2010-10-08 10:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-08 10:35 . 2010-10-08 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 10:28 . 2010-10-08 10:28 35384 ----a-w- c:\windows\system32\drivers\ymsuknuo.sys
2010-10-08 09:32 . 2010-10-08 10:29 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-29 17:17 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 11:41 . 2010-09-28 12:28 101376 ----a-w- c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-09-28 11:41 . 2010-09-28 12:28 52224 ----a-w- c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-09-21 20:15 . 2010-09-24 14:43 -------- d-----w- c:\program files\Oberon Media
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\25364\AcrobatUpdater.exe
2010-09-15 18:05 . 2010-09-21 20:20 -------- d-----w- c:\program files\ePSXe
2010-09-15 18:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 18:01 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 18:00 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 18:00 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 15:58 . 2006-11-02 16:07 739334 ----a-w- c:\windows\system32\perfh013.dat
2010-10-09 15:58 . 2006-11-02 16:07 154380 ----a-w- c:\windows\system32\perfc013.dat
2010-10-05 23:22 . 2009-02-24 13:28 1356 ----a-w- c:\users\OEM\AppData\Local\d3d9caps.dat
2010-10-01 23:30 . 2010-03-28 18:11 -------- d-----w- c:\users\OEM\AppData\Roaming\Skype
2010-10-01 22:01 . 2010-03-28 18:28 -------- d-----w- c:\users\OEM\AppData\Roaming\skypePM
2010-09-29 22:33 . 2010-03-21 19:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-25 15:06 . 2010-02-04 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-24 14:45 . 2009-12-14 20:54 -------- d-----w- c:\program files\DVDVideoSoft
2010-09-24 14:45 . 2009-12-14 20:54 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-16 06:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-13 19:06 . 2010-09-08 16:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-13 19:06 . 2010-08-17 17:47 -------- d-----w- c:\programdata\DivX
2010-09-13 19:06 . 2009-12-12 20:56 -------- d-----w- c:\program files\DivX
2010-09-13 19:05 . 2010-08-17 17:47 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-08 15:43 . 2010-09-08 15:43 8854 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\UNINST_Uninstall_A_6DBDF86321744BD1995E5AE429061628.exe
2010-09-08 15:43 . 2010-09-08 15:43 8854 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\UNINST_Uninstall_A_5CAD3F3805754F51802458079D007DB0.exe
2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut6_BA9B78AAD4D74D899FC31371F4CAD435.exe
2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut4_39BDABECE51744048888DD4DF87A5697.exe
2010-09-08 15:43 . 2010-09-08 15:43 318 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\ARPPRODUCTICON.exe
2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut5_F98FECF1C3B4443E80DF2C064AC43102.exe
2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut3_3BB3017CA22E4CC7B5DA0A4D3F71BDC5.exe
2010-09-08 15:43 . 2010-09-08 15:43 25214 ----a-r- c:\users\OEM\AppData\Roaming\Microsoft\Installer\{D820BECD-97D3-4942-B6CF-1B670CA7690C}\NewShortcut2_9FE2138D7B36411B9F9982BE58CEBBD6.exe
2010-09-08 15:43 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-08 15:43 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-08 15:43 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-08 15:43 . 2010-09-08 15:43 -------- d-----w- c:\program files\ABN AMRO e.dentifier2
2010-08-30 15:19 . 2009-10-21 21:15 -------- d-----w- c:\program files\CyberLink
2010-08-12 17:58 . 2010-02-04 20:20 -------- d-----w- c:\programdata\Yahoo!
2010-08-12 17:54 . 2010-08-12 17:54 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-02 19:02 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" -hide -runkey
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" -h
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664]
R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
R3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 99968]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-08-21 645120]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 iprip;RIP-listener;c:\windows\System32\svchost.exe [2008-01-19 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 12:37]
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 12:37]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\OEM\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\g7oedlsy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(592)
c:\windows\System32\guard32.dll
- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\guard32.dll
.
Voltooingstijd: 2010-10-09 18:14:01
ComboFix-quarantined-files.txt 2010-10-09 16:14
Pre-Run: 67,405,008,896 bytes beschikbaar
Post-Run: 67,833,802,752 bytes beschikbaar
- - End Of File - - 5C8FDB3465D81E4F5CE49EDFF61252EF
-
Bedankt voor het reageren. Ik heb zojuist een Malwarebytes scan uitgevoerd, hieronder het logje.
Malwarebytes' Anti-Malware 1.46
Databaseversie: 4774
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
09/10/2010 16:59:14
mbam-log-2010-10-09 (16-59-14).txt
Scantype: Volledige scan (C:\|D:\|E:\|F:\|)
Objecten gescand: 223024
Verstreken tijd: 1 uur/uren, 16 minuut/minuten, 54 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
---------- Post toegevoegd om 15:11 ---------- Vorige post was om 15:01 ----------
De HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:14:04, on 09/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\OEM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\OEM\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 5026 bytes
En de website waar ik de eerste HJT log naar toe had gekopieerd was die van HJT zelf. www.hijackthis.de
Er worden nog steeds zomaar websites geopend, en emails verstuurd vanuit mijn account. Het icoontje is al wel verwijderd van mijn desktop.
-
Ik ben er vanochtend achtergekomen dat ook ik het doelwit ben geworden van dat Antimalware gebeuren. Ik heb op het internet een beetje rondgekeken en heb inmiddels ook al Malwarebytes Antimalware gedownload en uitgevoerd, deze had 32 infecties gevonden en verwijderd. Na het restarten kreeg ik al gelijk de Doctor voor mijn neus.
Ook heb ik Hijackthis gedownload, en mijn logfile op die site gekopieerd maar volgens hun is er niets aan de hand terwijl er dus echt wel wat is.
Ik heb nog steeds mijn Logfile. Zou iemand mij aub kunnen verder helpen? Ik word hier langzaamaan een beetje moedeloos van..
---------- Post toegevoegd om 13:41 ---------- Vorige post was om 13:40 ----------
Hierbij mijn logje.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:26:25, on 08/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [v700bin00mod.exe] C:\Users\OEM\AppData\Roaming\A569BA6FB13B9CC79461E5487C08EAFC\v700bin00mod.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\OEM\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 5170 bytes
Welke geinstalleerde progs mogen weg?
HELP! Antimalware Doctor
in Archief Bestrijding malware & virussen
Geplaatst:
Thank you! Alles ziet er weer goed uit en ik krijg geen rare meldingen meer. Ik had nog een vraagje, is die CCleaner handig voor normaal gebruik? Om de zoveel tijd analyseren en schoonmaken, helpt dit mijn systeem ook?
En voor de rest, vriendelijk bedankt voor alle hulp. Nu weet ik iig waar ik moet zijn als ik weer een probleem heb.