Ga naar inhoud

Politie virus

Mango
 Delen

Aanbevolen berichten

Mango Bijdrager

Mango

Geplaatst:
Geplaatst:

Beste,

Ik had een paar weken geleden het politie virus, nu heeft mijn vader het ook. Hier zijn logje van Hitmanpro:

HitmanPro 3.7.3.194
www.hitmanpro.com

  Computer name . . . . : ESTLS104053
  Windows . . . . . . . : 6.1.1.7601.X86/4
  User name . . . . . . : NT AUTHORITY\SYSTEM
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-05-20 10:46:31
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 33s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 2
  Traces  . . . . . . . : 55

  Objects scanned . . . : 1,210,875
  Files scanned . . . . : 58,389
  Remnants scanned  . . : 342,884 files / 809,602 keys

Malware _____________________________________________________________________

  C:\Program Files\Yontoo\YontooIEClient.dll
     Size . . . . . . . : 197,920 bytes
     Age  . . . . . . . : 84.5 days (2013-02-24 23:24:50)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : 5DA9DA1648BAE0F19137BA19D5E41743A7FDB0D8309898797CE47C03357B189B
     Product  . . . . . : Yontoo Runtime
     Publisher  . . . . : Yontoo LLC
     Description  . . . : Yontoo Runtime
     Version  . . . . . : 1.10.01
     Copyright  . . . . : Copyright (c) 2011 Yontoo LLC.  All rights reserved.
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
   > Emsisoft . . . . . : Adware.Win32.Yontoo.AMN!A2
     Fuzzy  . . . . . . : 97.0
     Startup
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
     References
        HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
        HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\
        HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\
        HKLM\SOFTWARE\Classes\YontooIEClient.Layers\
        HKU\S-1-5-21-3877897231-801669177-1469586255-24500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\

  C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
     Size . . . . . . . : 454,144 bytes
     Age  . . . . . . . : 84.5 days (2013-02-24 23:24:50)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : 1D25C1AF5C7A3A9A7CFBB899F22A3D015A928B42BC7F43E52EBF5056551065EB
   > Emsisoft . . . . . : Adware.Win32.Yontoo.AMN!A2
     Fuzzy  . . . . . . : 106.0


Suspicious files ____________________________________________________________

  C:\ProgramData\76zjefo.dat
     Size . . . . . . . : 110,592 bytes
     Age  . . . . . . . : 1.5 days (2013-05-18 21:40:27)
     Entropy  . . . . . : 6.6
     SHA-256  . . . . . : D10E6976F9D06C5CA02B7CCDAB3B77C295F8544E65D1180A704A99B3FFEFF253
     Product  . . . . . : Microsoft® Windows® Operating System
     Publisher  . . . . : Microsoft Corporation
     Description  . . . : Atm Epvc Install DLL
     Version  . . . . . : 5.1.2600.0
     Copyright  . . . . : © Microsoft Corporation. All rights reserved.
     Service  . . . . . : Winmgmt
     Fuzzy  . . . . . . : 51.0
        The file name extension of this program is not common.
        This file was most recently added as automatic startup.
        Uses the Startup folder in the Start Menu to run each time the user logs on.
        Starts automatically as a service during system bootup.
        Uses the Windows Registry to run each time the user logs on.
        Program starts automatically without user intervention.
        Time indicates that the file appeared recently on this computer.
        The file is in use by one or more active processes.
     Startup
        C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
        HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
        HKU\S-1-5-21-3877897231-801669177-1469586255-24500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
     Forensic Cluster
        -47.6s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\G1HRSG43.txt
        -47.6s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\NSERQPK5.txt
        -47.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\processflightqry[5].htm
        -45.6s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\ZVL4EXRS.txt
        -45.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\gadoormetboeken[1].gif
        -45.5s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\S4NVFI57.txt
        -45.3s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\5A87YQFV.txt
        -45.3s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\O03FWQJA.txt
        -45.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\visited[1].gif
        -45.3s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\SNSPQM4A.txt
        -45.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\schedule_bg7_2[1].gif
        -45.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\schedule_bg7_5[1].gif
        -45.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\schedule_bg_empty7[1].gif
        -45.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\schedule_bg7_1[1].gif
        -43.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\71e5b141d1[9]
        -42.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\creative[7].jsonp
        -41.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\i[2].txt
        -41.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\st[2]
        -40.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\imp[4]
        -40.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\iframe3[1].htm
        -39.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\8gcf744Waxolp752[1].htm
        -37.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\search[2].htm
        -30.6s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\index[1].htm
        -30.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\jquery.min[2].js
        -30.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\lp.3244[1].css
        -29.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\support[1].js
        -29.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\bg[1].jpg
        -29.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\bg_form[1].png
        -29.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\bg_girl2[1].jpg
        -29.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\regform[1].js
        -29.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\submit[1].png
        -28.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\messages_registration[1].js
        -28.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\counter[1].htm
        -28.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\autofilling.funn[1].js
        -28.0s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\M0sgMn0BXMD10TFk0BtgY0PFWd0Snkt05UW80t3tJ0yNLt0D7eP0wven0n0lp0d1SF0YCtw0LXMK0zz960dUZc0E7at0ul6t0wC0L0oTvr05lyi0KYCE0BIsy04c3R09sOM12yJV0Zomi0SB2z[1].htm
        -27.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\logo[2].png
        -27.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\bg_footer2[1].png
        -27.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\slogan[1].png
        -27.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\ed2[1].swf
        -27.6s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\kyofeyag[1].html
        -27.6s C:\Users\Stefano Capitanio\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stat.easydate.biz\
        -27.6s C:\Users\Stefano Capitanio\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stat.easydate.biz\settings.sol
        -27.6s C:\Users\Stefano Capitanio\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
        -27.6s C:\Users\Stefano Capitanio\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5US3R7TS\stat.easydate.biz\
        -27.6s C:\Users\Stefano Capitanio\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5US3R7TS\stat.easydate.biz\images\
        -27.6s C:\Users\Stefano Capitanio\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5US3R7TS\stat.easydate.biz\images\ed2.swf\
        -27.6s C:\Users\Stefano Capitanio\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5US3R7TS\stat.easydate.biz\images\ed2.swf\srfp_28.sol
        -27.0s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\pdfx[1].html
        -26.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\bhqzfu[1].html
        -26.6s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\SD2IGAPM.txt
        -26.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\fnts[1].html
        -20.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\EPzWV[1].eot
        -17.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\jovf[1].html
        -8.3s C:\Users\Stefano Capitanio\AppData\Local\Temp\jar_cache5150577693533343309.tmp
        -2.9s C:\Users\Stefano Capitanio\AppData\Local\Temp\0.8400041962097492.bfg
        -2.5s C:\Windows\Prefetch\JP2LAUNCHER.EXE-42754454.pf
        -2.1s C:\Users\Stefano Capitanio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\46a3c6bf-4f9c338f
        -2.1s C:\Users\Stefano Capitanio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\46a3c6bf-4f9c338f.idx
        -1.7s C:\Windows\Prefetch\JAVA.EXE-066C5985.pf
        -1.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\kyofeyag[2].html
        -0.1s C:\ProgramData\rundll32.exe
         0.0s C:\ProgramData\76zjefo.dat
         3.4s C:\ProgramData\ofejz67.pad
         4.6s C:\ProgramData\as98213.txt
         4.8s C:\Quarantine\7dd51215281f34b0.bup
         6.5s C:\Windows\Prefetch\RUNDLL32.EXE-EBECA161.pf
         6.7s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
         6.8s C:\Windows\Prefetch\RUNDLL32.EXE-EBECA13C.pf
         6.8s C:\ProgramData\McAfee\Common Framework\AgentEvents\20130518214033574800000000AC0.txml
         8.2s C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf
         9.3s C:\Windows\Prefetch\RUNDLL32.EXE-EBECA186.pf
        11.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\acr_depnx_error[1]
        11.8s C:\Windows\Prefetch\RUNDLL32.EXE-EBECA117.pf
        12.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\acr[1]
        12.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\red_x[1]
        12.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\bullet[1]
        12.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\main[1].html
        14.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\brand[2]
        15.1s C:\Windows\Prefetch\RUNDLL32.EXE-EBECA1AB.pf
        15.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=1368906041577;misc=1368906041577[1]
        15.3s C:\Windows\Prefetch\RUNDLL32.EXE-EBECA1F5.pf
        15.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\AdId=8953884;BnId=12;itime=906040674;key=key1+key2+key3+key4;nodecode=yes;link=[1]
        16.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\FEB15_Bupa%20Int%20-%20Get%20A%20Quote%20-%2030%20Secs%20-%20728x90[1].swf
        16.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\ADTECH;loc=100;target=_blank;grp=1368906041577;misc=1368906043340[1]
        16.6s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\ADTECH;loc=100;target=_blank;grp=1368906041577;misc=1368906043512[1]
        17.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\ADTECH;loc=100;target=_blank;grp=1368906041577;misc=1368906044292[1]
        17.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\ADTECH;loc=100;target=_blank;misc=1368906044432[1]
        17.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\ADTECH;loc=100;target=_blank;grp=[group];misc=1368906044775[1]
        17.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\bdr2__[1].gif
        18.0s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\u6QPaOchmhM[1].htm
        18.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\vonage_227161_final_01[1].jpg
        18.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=1368906041577;misc=1368906045150[1]
        18.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\likebox[1].htm
        18.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\13f35_be8f[1].jpg
        18.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\13ead_88fa[1].jpg
        18.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\13f2d_b3ba[1].jpg
        18.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\AdId=8953884;BnId=13;itime=906043072;key=key1+key2+key3+key4;nodecode=yes;link=[1]
        18.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\195626_100000284857521_1447576048_q[1].jpg
        18.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\48773_589976486_674363087_q[1].jpg
        18.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\624068_1657050534_771470215_q[1].jpg
        18.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\211490_100002207186000_6917111_q[1].jpg
        18.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\FEB15_Bupa%20Int%20-%20Find%20Out%20More%20NEW%20-%2030%20Secs%20-%20120x600[1].swf
        19.0s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\161880_100001870251990_136350863_q[1].jpg
        19.0s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=1368906041577;misc=1368906045914[1]
        19.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\ADTECH;loc=100;target=_blank;grp=1368906041577;misc=1368906046212[1]
        19.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\watch-strings-en_GB-vfloS7TQG[1].xml
        19.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\ADTECH;loc=100;target=_blank;grp=1368906041577;misc=1368906046321[1]
        19.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\crossdomain[2].xml
        19.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\safe_image[1].jpg
        19.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\267625_10151497848932600_1565594850_n[1].jpg
        20.0s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\941546_10151493115247600_1135248158_n[1].png
        20.0s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\179962_10151497848927600_1091016716_n[1].jpg
        20.0s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\943681_10151494529952600_2090120174_n[1].png
        20.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\557870_10151497849022600_65642210_n[1].jpg
        20.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\safe_image[2].jpg
        20.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\941565_10151490224222600_1346889520_n[1].png
        20.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\923038_10151492698442600_1914801765_n[1].jpg
        20.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=1368906041577;misc=1368906047226[1]
        20.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\hqdefault[1].jpg
        20.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\969276_10151496075742600_1726108414_n[1].png
        20.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\safe_image[1].jpg
        20.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\safe_image[2].png
        20.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\safe_image[1].jpg
        20.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\ADTECH;loc=100;target=_blank;grp=1368906041577;misc=1368906047335[1]
        20.6s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{D5ED5693-BFF2-11E2-AE85-402CF41CB5D7}.dat
        20.6s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\ADTECH;loc=100;target=_blank;grp=1368906041577;misc=1368906047569[1]
        20.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{D5ED5694-BFF2-11E2-AE85-402CF41CB5D7}.dat
        20.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\ads[2].htm
        20.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\bgr_footer[1].png
        20.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\bgr_inside_ttl[1].gif
        20.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\bgr_inside[1].gif
        20.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\bgr_inside_div[1].gif
        20.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\expatica_logo_icon[1].gif
        20.9s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\iframe[1].htm
        21.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\small_2146610179[1].jpg
        21.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\small_1168374910[1].jpg
        21.2s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\small_1239253467[1].jpg
        21.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\small_392490866[1].jpg
        21.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\s[1].htm
        22.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\pixel[1].htm
        22.2s C:\Windows\Prefetch\CTFMON.EXE-AF4187A6.pf
        22.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\favicon[4].ico
        22.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\si[1].htm
        22.5s C:\Users\Stefano Capitanio\AppData\Roaming\Microsoft\Windows\Cookies\RTA4PL1S.txt
        23.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\Gj2ad6O09TZ[1].png
        25.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\getData[3].html
        26.5s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\extension[5].js
        28.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\ancbanner_general_728x90_264[3].htm
        28.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\sf_main[2].htm
        29.3s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\creative[8].jsonp
        29.6s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\i[7].txt
        29.7s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\st[7]
        30.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\imp[6]
        30.8s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQF70R63\f779499d58f9453da0dbd5055738b03b[1].swf
        35.1s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56DBT6FG\WUAhotphoto[1].jpg
        35.7s C:\Windows\Prefetch\RUNDLL32.EXE-EBECA1D0.pf
        37.3s C:\Windows\Prefetch\RUNDLL32.EXE-E4D382E6.pf
        43.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGNFXPII\AMD1a[1].jpg
        51.4s C:\Users\Stefano Capitanio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8DCMIVL1\HSBC_expatkids_hot[1].jpg


Potential Unwanted Programs _________________________________________________

  C:\Program Files\Yontoo\ (Yontoo)
  C:\Program Files\Yontoo\sqlite3.exe (Yontoo)
     Size . . . . . . . : 465,408 bytes
     Age  . . . . . . . : 84.5 days (2013-02-24 23:24:50)
     Entropy  . . . . . : 6.5
     SHA-256  . . . . . : F7B2783B68E6B991EEDAB07F6B2BFF0E6594E19AD470EDAA89618BC9ED367B3C
     Fuzzy  . . . . . . : 12.0

  C:\Program Files\Yontoo\Y2Desktop.Updater.exe (Yontoo)
     Size . . . . . . . : 23,552 bytes
     Age  . . . . . . . : 84.5 days (2013-02-24 23:24:50)
     Entropy  . . . . . : 5.6
     SHA-256  . . . . . : 967B7FA83171485DA1EEF51DB2A21FD17DFB4846E1F700C83E516BD40A542DCA
     Product  . . . . . : Y2Desktop.Updater
     Publisher  . . . . : Microsoft
     Description  . . . : Y2Desktop.Updater
     Version  . . . . . : 1.0.0.0
     Copyright  . . . . : Copyright © Microsoft 2013
     Service  . . . . . : Yontoo Desktop Updater
     Fuzzy  . . . . . . : 5.0
     Startup
        HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater\

  C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
  C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (Yontoo)
  C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (Yontoo)
  C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (Yontoo)
     Size . . . . . . . : 228,496 bytes
     Age  . . . . . . . : 84.5 days (2013-02-24 23:24:50)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : 1E03B1B06BBFFABBA51D1981F6361A8BDAC9902EF2F99BCA832674A20163E684
     Product  . . . . . : Tarma® Installer
     Publisher  . . . . : Tarma Software Research Pty Ltd
     Description  . . . : Tarma® Installer
     Version  . . . . . : 2011.08.09.0847U
     Copyright  . . . . : © 1990-2011 Tarma Software Research Pty Ltd
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -7.0

  C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (Yontoo)
  C:\Users\Stefano Capitanio\AppData\Roaming\Funmoods\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo)
  HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
  HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
  HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
  HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\ (Funmoods)
  HKLM\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
  HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
  HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
  HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
  HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1\ (Funmoods)
  HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
  HKLM\SOFTWARE\Classes\s\ (Softonic)
  HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
  HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
  HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo)
  HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo)
  HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo)
  HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo)
  HKLM\SOFTWARE\Funmoods\ (Funmoods)
  HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo)
  HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}\ (Funmoods)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)

Alvast Bedankt,

Marco

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

1. Download HijackThis. (klik er op)

De download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere PC en het bestand met een USB-stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Dit kan je HIER doen.

Sla deze op in een nieuwe map op de C schijf (bvb C:\\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

3. Na het plaatsen van je logje wordt dit door een expert nagekeken en hij begeleidt jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.