Eline
-
Items
12 -
Registratiedatum
-
Laatst bezocht
Eline's prestaties
-
Kan iemand naar mijn Logje kijken?
Eline reageerde op Eline's topic in Archief Bestrijding malware & virussen
Ziezo! Dankjewel voor de snelle hulp! -
Kan iemand naar mijn Logje kijken?
Eline reageerde op Eline's topic in Archief Bestrijding malware & virussen
Dat zit al iets beter denk ik nu.. Dankjewel! -
Kan iemand naar mijn Logje kijken?
Eline reageerde op Eline's topic in Archief Bestrijding malware & virussen
Ziezo, dit is was Combofix wist te vertellen: ComboFix 11-12-15.02 - Hannes 15/12/2011 18:00:00.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.3000.930 [GMT 1:00] Gestart vanuit: c:\users\Hannes\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Hannes\AppData\Roaming\Microsoft\Windows\Recent\Elektromagnetische beveiliging.docx c:\users\Hannes\AppData\Roaming\Microsoft\Windows\Recent\fortis.url . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))) . . 2011-12-15 17:10 . 2011-12-15 17:10 -------- d-----w- c:\users\Hannes\AppData\Local\temp 2011-12-15 17:10 . 2011-12-15 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-15 13:32 . 2011-12-15 13:32 -------- d-----w- c:\users\Hannes\AppData\Roaming\Malwarebytes 2011-12-15 13:30 . 2011-12-15 13:30 -------- d-----w- c:\programdata\Malwarebytes 2011-12-15 13:30 . 2011-12-15 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-15 13:30 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-15 13:13 . 2011-12-15 13:13 388096 ----a-r- c:\users\Hannes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-15 13:13 . 2011-12-15 13:13 -------- d-----w- c:\program files\Trend Micro 2011-12-15 13:04 . 2011-12-15 13:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19B0FA7A-82B4-483D-BAA5-065B14360A6C}\offreg.dll 2011-12-13 20:14 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-13 20:14 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-13 20:13 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-13 20:13 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-13 20:13 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19B0FA7A-82B4-483D-BAA5-065B14360A6C}\mpengine.dll 2011-12-13 20:13 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-11-18 16:40 . 2011-12-15 13:05 -------- d-----w- c:\users\Hannes\AppData\Local\Spotify 2011-11-18 16:06 . 2011-12-15 13:20 -------- d-----w- c:\users\Hannes\AppData\Roaming\Spotify . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 13:18 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-09-20 21:02 . 2011-11-09 10:32 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-12-09 05:20 . 2011-05-07 12:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify"="c:\users\Hannes\AppData\Roaming\Spotify\Spotify.exe" [2011-11-14 6860960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "Skytel"="Skytel.exe" [2008-08-04 1833504] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2010-08-12 07:21 2060288 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2008-04-11 22:22 196608 ----a-w- c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series] 2005-02-02 02:00 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIADE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent] 2008-03-21 19:56 143360 ----a-w- c:\program files\CyberLink\PowerCinema\PCMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] 2008-03-31 09:51 172032 ----a-w- c:\program files\CyberLink\PlayMovie\PMVService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-02-02 35712] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-04 717296] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720] S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MBAMPROTECTOR . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC . Inhoud van de 'Gedeelde Taken' map . 2011-12-15 c:\windows\Tasks\Recovery DVD Creator-Gebruiker.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-10-30 09:13] . 2011-12-15 c:\windows\Tasks\Uitgebreide garantie-Gebruiker.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-10-30 09:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\x3481vem.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-15 18:10 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . Voltooingstijd: 2011-12-15 18:13:44 ComboFix-quarantined-files.txt 2011-12-15 17:13 . Pre-Run: 85.517.848.576 bytes beschikbaar Post-Run: 85.950.238.720 bytes beschikbaar . - - End Of File - - C3FF96DABA03330A61AEFBF224B2300C -
Kan iemand naar mijn Logje kijken?
Eline reageerde op Eline's topic in Archief Bestrijding malware & virussen
Wow, fantastisch! Dankjewel! Dit is het logje dat ik ervan kreeg: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:16:15, on 15/12/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\Hannes\AppData\Roaming\Spotify\spotify.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\dfrgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spotify] "C:\Users\Hannes\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 6963 bytes -
Kan iemand naar mijn Logje kijken?
Eline plaatste een topic in Archief Bestrijding malware & virussen
Mijn computer loopt de laatste tijd al wat trager dan hij zou moeten dus dacht ik om er een Hijack op los te laten. (Ik heb al schijfopruiming gedaan en Mbam laten lopen.) Het eerste probleem is dat ik geen logjes kan opslaan van Hijack this. Als ik rechtermuisklik op Hijack this dan krijg ik de optie niet om het als administartor te runnen. Als ik verder ga krijg ik het volgende bericht: Kan het bestand Hijackthis.log niet vinden en krijg ik een lege kladblok te zien. Iemand een ideetje? Eline -
Ok dit heb ik allemaal gedaan. Super bedankt voor de hulp!
-
Dit is de log van a-squared, ik heb deze 2 bestanden in quarantaine gezet: C:\Program Files\Unlocker\eBay_shortcuts_1016.exe Ontdekt: Adware.Win32.ADON!A2 C:\Program Files\Windows Sidebar\Gadgets\SidebarSkins1.53.gadget\skins.exe Ontdekt: Trojan.Win32.Autoit!IK a-squared Free - Versie 4.5 Laatste Update: N/A Scan instellingen: Scan type: Slimme Scan Objecten: Geheugen, Sporen, Cookies, C:\Windows\, C:\Program Files Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan starten: 24-12-2009 16:55:20 c:\program files\webteh\bsplayer Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\bslib Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\doc Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\insfiles Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\lang Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\media Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\plugins Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\sdk Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\delphi Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\skins Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\skins\base Ontdekt: Trace.Directory.BSplayer!A2 c:\program files\webteh\bsplayer\bplay.exe Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\bslib\bslib.dll Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\bspfilters.sam Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\bsplay.exe Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\bsplayer.exe Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\bsplayer.exe.manifest Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\bsrendv2.dll Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\changes.txt Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\doc\cmdline.txt Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\doc\ini_files.html Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\insfiles\bspmlib.dat Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\insfiles\eq.xml Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\plugins\oldskin.dll Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\bsp.h Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\bsp.pas Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\bspplg.h Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\bspplg.pas Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\base\plist.ini Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\base\prevd.bmp Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\base\rgn.dat Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\base\rgnfs.dat Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\base\skin.ini Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\base\skinfs.ini Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\bat lite.bsz Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\bsplayer.v1.bsz Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\mediabox v-1.bsz Ontdekt: Trace.File.BSplayer!A2 c:\program files\webteh\bsplayer\skins\mediabox v-2.bsz Ontdekt: Trace.File.BSplayer!A2 Value: HKEY_USERS\S-1-5-21-1188333865-199926069-3203039508-1000\Software\BST\bsplayerv1 --> AppPath Ontdekt: Trace.Registry.BSplayer!A2 Value: HKEY_USERS\S-1-5-21-1188333865-199926069-3203039508-1000\Software\BST\bsplayerv1 --> AppVer Ontdekt: Trace.Registry.BSplayer!A2 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies\gebruiker@bluestreak[1].txt Ontdekt: Trace.TrackingCookie.bluestreak!A2 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies\gebruiker@bs.serving-sys[2].txt Ontdekt: Trace.TrackingCookie.bs.serving-sys!A2 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies\gebruiker@com[1].txt Ontdekt: Trace.TrackingCookie.com!A2 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies\gebruiker@doubleclick[2].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies\gebruiker@metriweb[1].txt Ontdekt: Trace.TrackingCookie.metriweb!A2 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies\gebruiker@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2 C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Cookies\gebruiker@tradedoubler[2].txt Ontdekt: Trace.TrackingCookie.tradedoubler!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1250179915268000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1250179952615000 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1250255069558001 Ontdekt: Trace.TrackingCookie.myspace.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1250691411396000 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1250702422124000 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1250702422125000 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1250704207241000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1250788483960000 Ontdekt: Trace.TrackingCookie.adserv!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1251909282521000 Ontdekt: Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1251996777380000 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1251996777380001 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1251996777380002 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252000602339000 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252000602552000 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252436316511000 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252514734495000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252514734495001 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252514926875000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252514988019000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252515008328001 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252515008486000 Ontdekt: Trace.TrackingCookie.www2.addfreestats.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603645424000 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603645964001 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603645970000 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603647721001 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603647722000 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603647951000 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603647952000 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603647952001 Ontdekt: Trace.TrackingCookie.about.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252603648618002 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252763896200000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252763896200001 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252764735835000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252830883580000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252830883580001 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252830968436000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252858265824000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252858607372000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252871745932000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1252871745932001 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1253035557089000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1253435562477000 Ontdekt: Trace.TrackingCookie.www.adspace.be!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1253436822430000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1254928402977000 Ontdekt: Trace.TrackingCookie.web4.realtracker!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1254928472345000 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1254928472345001 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1254928472345002 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1254928473927000 Ontdekt: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1255025487272001 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1255286165188000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1255628131504001 Ontdekt: Trace.TrackingCookie.ad.adtoma.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1255628131505000 Ontdekt: Trace.TrackingCookie.ad.adtoma.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1255628131505001 Ontdekt: Trace.TrackingCookie.ad.adtoma.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1255628131505002 Ontdekt: Trace.TrackingCookie.ad.adtoma.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1255628131505003 Ontdekt: Trace.TrackingCookie.ad.adtoma.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1255628131505004 Ontdekt: Trace.TrackingCookie.ad.adtoma.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256240713820001 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256240716033006 Ontdekt: Trace.TrackingCookie.tracking.publicidees.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256240716033007 Ontdekt: Trace.TrackingCookie.tracking.publicidees.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256240716314002 Ontdekt: Trace.TrackingCookie.tracking.publicidees.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256240716314004 Ontdekt: Trace.TrackingCookie.tracking.publicidees.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256240725780000 Ontdekt: Trace.TrackingCookie.sales.liveperson.net!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256240725908000 Ontdekt: Trace.TrackingCookie.sales.liveperson.net!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256240745630000 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256459353934000 Ontdekt: Trace.TrackingCookie.lycos.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1256459356118000 Ontdekt: Trace.TrackingCookie.ads.lycos.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1257508530773000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1257512274218000 Ontdekt: Trace.TrackingCookie.ad.adtoma.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1257792360323000 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1257797032689000 Ontdekt: Trace.TrackingCookie.be.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1257932773894000 Ontdekt: Trace.TrackingCookie.sales.liveperson.net!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1257934846111000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1258572444638000 Ontdekt: Trace.TrackingCookie.www.netpoll.nl!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1258572634804000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1258642614536000 Ontdekt: Trace.TrackingCookie.stat.dealtime!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1258809580300001 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1258809906796000 Ontdekt: Trace.TrackingCookie.go.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088559783000 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088559783001 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088559783002 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088559840000 Ontdekt: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088559840001 Ontdekt: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088559840002 Ontdekt: Trace.TrackingCookie.trafficmp.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088559855000 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088565591000 Ontdekt: Trace.TrackingCookie.sales.liveperson.net!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088615464001 Ontdekt: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088615635000 Ontdekt: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088615651001 Ontdekt: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088666350001 Ontdekt: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088666350003 Ontdekt: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088666568002 Ontdekt: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088666568004 Ontdekt: Trace.TrackingCookie.clicktorrent.info!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088912437000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259088912437001 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259095413476003 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259095413477000 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259358241594000 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259423088514001 Ontdekt: Trace.TrackingCookie.ads.ookla.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259423255035001 Ontdekt: Trace.TrackingCookie.ads.ookla.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259423396673000 Ontdekt: Trace.TrackingCookie.stats1.clicktracks!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259423396674000 Ontdekt: Trace.TrackingCookie.stats1.clicktracks!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259423396675001 Ontdekt: Trace.TrackingCookie.stats1.clicktracks!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259423396675002 Ontdekt: Trace.TrackingCookie.stats1.clicktracks!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259614622193002 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259614948289000 Ontdekt: Trace.TrackingCookie.www3.addfreestats.com!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259616285621000 Ontdekt: Trace.TrackingCookie.ww3.shoshkeles!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259616290464001 Ontdekt: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\cookies.sqlite:1259708177404001 Ontdekt: Trace.TrackingCookie.login.tracking101.com!A2 C:\Program Files\Infogrames\RollerCoaster Tycoon 2\rct2.exe Ontdekt: Riskware.Hacktool.Crack.tycoon!IK C:\Program Files\Unlocker\eBay_shortcuts_1016.exe Ontdekt: Adware.Win32.ADON!A2 C:\Program Files\Windows Sidebar\Gadgets\SidebarSkins1.53.gadget\skins.exe Ontdekt: Trojan.Win32.Autoit!IK Gescand Bestanden: 142381 Sporen: 552420 Cookies: 1491 Processen: 52 Gevonden Bestanden: 3 Sporen: 56 Cookies: 134 Processen: 0 Registersleutels: 0 Scan einde: 24-12-2009 18:18:54 Scan tijd: 1:23:34
-
Dit zegt Jotti: eBay_shortcuts_1016.exe - Jotti's malware scan en stel dat de link niet werkt: Dit bestand is al eerder gescand. De resultaten van deze scan worden hieronder getoond. Bestandsnaam: eBay_shortcuts_1016.exe Status: Scan voltooid. 2 uit 21 scanners vonden malware. Scan genomen op: zo 25 okt 2009 09:18:37 (CET) Permalink Extra informatie Bestandsgrootte: 61772 bytes Bestandstype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 25bacc8b5eff6ce21247aa497a76899b SHA1: ba6c6840226b65fedee212ea4cdf0dff3cd70dee Packer (Drweb): BINARYRES
-
Zo ik heb Combofix eens gerunt. Dit is het logje ervan: ComboFix 09-12-22.07 - Gebruiker 23-12-2009 15:27:58.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.31.1043.18.1919.1367 [GMT 1:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Aanwezig AV is actief . (((((((((((((((((((( Bestanden Gemaakt van 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))) . 2009-12-23 14:55 . 2009-12-23 14:55 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2009-12-23 14:09 . 2009-12-23 14:09 -------- d-----w- c:\program files\uTorrent 2009-12-23 14:08 . 2009-12-23 14:13 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\uTorrent 2009-12-23 11:44 . 2009-12-23 11:44 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes 2009-12-23 11:44 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-23 11:44 . 2009-12-23 11:44 -------- d-----w- c:\programdata\Malwarebytes 2009-12-23 11:44 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-23 11:44 . 2009-12-23 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\program files\Trend Micro 2009-12-14 21:54 . 2009-12-19 20:35 14 ----a-w- c:\windows\popcinfo.dat 2009-12-14 21:15 . 2009-12-14 21:15 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Zylom 2009-12-14 21:15 . 2009-12-14 21:15 -------- d-----w- c:\programdata\Zylom 2009-12-14 21:15 . 2009-10-26 14:45 102400 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll 2009-12-14 21:15 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll 2009-12-14 21:15 . 2009-12-15 18:29 -------- d-----w- c:\program files\Zylom Games 2009-12-14 12:28 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-14 12:28 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-14 12:28 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-12-14 12:19 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll 2009-12-14 12:19 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll 2009-12-14 12:17 . 2009-12-14 12:17 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\AVG8 2009-12-07 14:02 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-12-01 06:42 . 2008-01-21 02:21 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL 2009-11-29 12:24 . 2009-11-29 12:24 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\SharePod 2009-11-28 16:00 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-28 15:50 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2009-11-28 15:50 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll 2009-11-28 15:50 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys 2009-11-28 15:49 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-23 14:24 . 2008-01-21 06:39 670308 ----a-w- c:\windows\system32\perfh013.dat 2009-12-23 14:24 . 2008-01-21 06:39 127900 ----a-w- c:\windows\system32\perfc013.dat 2009-12-14 12:30 . 2009-04-30 05:50 -------- d-----w- c:\programdata\Microsoft Help 2009-12-10 20:50 . 2009-08-29 10:39 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\LimeWire 2009-11-29 11:06 . 2009-04-29 16:25 -------- d-----w- c:\program files\Microsoft Silverlight 2009-11-21 06:40 . 2009-12-14 12:21 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-14 12:21 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 06:34 . 2009-12-14 12:21 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 04:59 . 2009-12-14 12:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-10 17:30 . 2009-08-13 16:20 -------- d-----w- c:\program files\Windows Live 2009-11-10 17:30 . 2009-11-10 17:30 -------- d-----w- c:\program files\Microsoft 2009-11-06 14:11 . 2009-11-06 14:11 -------- d-----w- c:\program files\Webteh 2009-11-02 19:42 . 2009-10-29 18:12 195456 ------w- c:\windows\system32\MpSigStub.exe 2008-12-21 12:02 . 2008-12-21 12:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ------- Sigcheck ------- [-] 2008-11-29 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-25 6691360] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-30 949376] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2008-05-29 212992] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-12-21 630784] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-23 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [30-4-2009 6:50 15424] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [23-6-2008 20:28 208896] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [29-4-2009 17:35 717296] S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [22-12-2008 11:49 40848] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [22-12-2008 11:49 38288] S4 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\System32\drivers\cmiucr.SYS [22-12-2008 11:48 93056] S4 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\System32\drivers\hcw99rc.sys [22-12-2008 11:49 10368] S4 hptmv;hptmv;c:\windows\System32\drivers\hptmv.sys [22-12-2008 11:49 71968] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [22-12-2008 11:49 47496] S4 ioatdma;Intel® QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [22-12-2008 11:49 36480] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [22-12-2008 11:49 75672] S4 m5287;m5287;c:\windows\System32\drivers\m5287.sys [22-12-2008 11:49 104320] S4 m5288;m5288;c:\windows\System32\drivers\m5288.sys [22-12-2008 11:49 211072] S4 m5289;m5289;c:\windows\System32\drivers\m5289.sys [22-12-2008 11:49 52480] S4 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\System32\drivers\modrc.sys [22-12-2008 11:49 13056] S4 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [22-12-2008 11:49 137728] S4 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\System32\drivers\NBv834x.sys [22-12-2008 11:49 104992] S4 rr172x;rr172x;c:\windows\System32\drivers\rr172x.sys [22-12-2008 11:49 90400] S4 rr2522;rr2522;c:\windows\System32\drivers\rr2522.sys [22-12-2008 11:49 112160] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [22-12-2008 11:49 110128] S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [22-12-2008 11:49 68912] S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [22-12-2008 11:49 76208] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sys [22-12-2008 11:49 207152] S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [22-12-2008 11:49 210736] S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [22-12-2008 11:49 20632] S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [22-12-2008 11:49 56984] S4 WinTVCIUSB;Hauppauge WinTV-CI USB (11xxx);c:\windows\System32\drivers\hcw11.sys [22-12-2008 11:49 91136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 08:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\iqpl3k1e.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - HKU-Default-Run-SkinClock - c:\program files\Desktop Tray Clock\DTClock.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-12-23 15:55 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Voltooingstijd: 2009-12-23 16:00:21 ComboFix-quarantined-files.txt 2009-12-23 15:00 Pre-Run: 223.018.479.616 bytes beschikbaar Post-Run: 223.590.084.608 bytes beschikbaar - - End Of File - - E82DF9EDEC34A9E0C246E68E319A7631
-
Ik krijg nog steeds de melding van NOD dat hij deze vindt. File C:\Program Files\Unlocker\eBay_shortcuts_1016.exe is infected with a variant of Win32/Adware.ADON application. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. maar ik krijg de optie niet om het te deleten...
-
Dankje voor het snelle antwoord! Hier zijn beide logjes. Malwarebytes heeft niks gevonden maar voor alle zekerheid steek ik het logje er ook maar bij. Malwarebytes' Anti-Malware 1.42 Database versie: 3414 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18865 23-12-2009 12:58:42 mbam-log-2009-12-23 (12-58-42).txt Scan type: Snelle Scan Objecten gescand: 97000 Verstreken tijd: 12 minute(s), 33 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) En dan ook nog eens het HJT logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:03:16, on 23-12-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Mouse Driver\StartAutorun.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Mouse Driver\KMConfig.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [skinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [skinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user') O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user') O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 6359 bytes
-
Mijn pc loopt al een tijdje trager. Kan het zijn dat er een virus op zit? Na scannen met NOD32 vindt hij nog steeds deze file "C:\Program Files\Unlocker\eBay_shortcuts_1016.exe - a variant of Win32/Adware.ADON application" die ik niet kan verwijderen. Kan iemand mijn HJT eens bekijken? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:07, on 22-12-2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Mouse Driver\StartAutorun.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mouse Driver\KMConfig.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Mouse Driver\KMProcess.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Eset\nod32.exe C:\Westwood\SUN\SUN.EXE C:\Westwood\SUN\game.exe C:\Westwood\SUN\game.ICD C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [skinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [skinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Default user') O4 - .DEFAULT User Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user') O4 - .DEFAULT User Startup: RUN.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing) O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe -- End of file - 6841 bytes
