Ga naar inhoud

Geen internet, Maar toch weer wel?


Aanbevolen berichten

Goedenmiddag.

Ik heb sinds een korte tijd steeds problemen met het internet.

Maar het gekke is, alles werkt gewoon.

Me mail/msn en alles werkt gewoon.

Maar internet explorder doet het gewoon niet.

Om een pagina te laden doet die echt 3 uur over voor die is geladen.

Iets in me computer of dergelijke zit gewoon niet goed.

Want ik heb nog 2 computers in me huis en die werken wel gewoon. (Zoals je ziet).

Dus graag HELP!:adore:

Link naar reactie
Delen op andere sites

We zullen eerst kijken of er een malware is.

Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “uitvoeren als administrator". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:25:23, on 30-1-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\RelevantKnowledge\rlvknlg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\FRONTP~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{84A5742F-AD87-4190-BCB0-9F38BE27D43B}: NameServer = 4.2.2.2

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regrc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 5765 bytes

Dit kwam er te staan.

Alleen onder de scan kwam er wel wat in beeld.

Over dat er bestanden in C:// zitten ofzo die hij niet kan scannen (weet het niet meer precies.)

Hoop dat je me kan helpen!

Link naar reactie
Delen op andere sites

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop RelevantKnowledge

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete RelevantKnowledge

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Hijack This

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:42:37, on 30-1-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\FRONTP~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{84A5742F-AD87-4190-BCB0-9F38BE27D43B}: NameServer = 4.2.2.2

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regrc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 5635 bytes

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversie: 5640

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

30-1-2011 19:36:23

mbam-log-2011-01-30 (19-36-23).txt

Scantype: Snelle scan

Objecten gescand: 148753

Verstreken tijd: 18 minuut/minuten, 0 seconde(n)

Geheugenprocessen geïnfecteerd: 3

Geheugenmodulen geïnfecteerd: 1

Registersleutels geïnfecteerd: 10

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 1

Mappen geïnfecteerd: 7

Bestanden geïnfecteerd: 102

Geheugenprocessen geïnfecteerd:

c:\Windows\Temp\mrtB65.tmp\stdrt.exe (Trojan.FakeMS) -> 2128 -> Unloaded process successfully.

c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> 2836 -> Unloaded process successfully.

c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> 3764 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

c:\program files\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Mappen geïnfecteerd:

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge (Spyware.MarketScore) -> Delete on reboot.

c:\program files\relevantknowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\program files\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot.

c:\Windows\Temp\mrtB65.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\install\redist\windowsinstaller-kb893803-v2-x86.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\install\redist\windowsserver2003-kb898715-ia64-enu.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\install\redist\windowsserver2003-kb898715-x64-enu.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\install\redist\windowsserver2003-kb898715-x86-enu.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\install\redist\windowsxp-kb898715-x64-enu.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\~os1A27.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\~os1A27.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\~os1A27.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

c:\Users\paul\AppData\Local\Temp\~os1A27.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt1110.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt14F6.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt157.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt15E0.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt189E.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt209A.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt34A6.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt3C73.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt5263.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt55C.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt5E93.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt5F1F.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt6B4F.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt6BBC.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt8094.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt845B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt84C8.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt87D4.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt8989.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt89C7.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtBF77.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtC4F.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtC84D.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtCEC3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtD142.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtD46D.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtD5A5.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtD8A2.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtDA95.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtDAE3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtDB60.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtDCE6.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtDDB1.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtE252.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtE35B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtE3B9.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtE619.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtE751.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtE935.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtEB28.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtEB29.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtF4F8.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtF6AD.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtFC19.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtFCA6.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrt8F24.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtBF0A.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtF0D3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtA3DC.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtA42A.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtA717.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtA811.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtA939.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtAAAF.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtABD8.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtACA3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtAD8D.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtAE77.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtAEF3.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtB03B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtB17.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtB46F.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtB5B7.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtB7AA.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtB9AD.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtBAE5.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtBB62.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtBC7B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Temp\mrtBCF7.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DL_ (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\nscf.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\program files\relevantknowledge\components\rlxg.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites

Zoals je zelf al zal gemerkt hebben, heeft Malwarebytes een berg rotzooi van je PC gehaald. Dit mag je nu nog doen :

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "FLEXnet Licensing Manager"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "FLEXnet Licensing Manager"

Druk op Enter.

Maak dan een nieuw logje met HijackThis en Malwarebytes en hang beiden in je volgende bericht.

Link naar reactie
Delen op andere sites

Goedemiddag,

Hierbij stuur ik mijn nieuwe file's.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversie: 5648

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

31-1-2011 16:19:26

mbam-log-2011-01-31 (16-19-16).txt

Scantype: Snelle scan

Objecten gescand: 148239

Verstreken tijd: 10 minuut/minuten, 37 seconde(n)

Geheugenprocessen geïnfecteerd: 1

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 2

Geheugenprocessen geïnfecteerd:

c:\Windows\Temp\mrtBB52.tmp\stdrt.exe (Trojan.FakeMS) -> 2720 -> No action taken.

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\Windows\Temp\mrtBB52.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken.

c:\Windows\Temp\mrtE474.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:57:04, on 31-1-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\FRONTP~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{84A5742F-AD87-4190-BCB0-9F38BE27D43B}: NameServer = 4.2.2.2

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regrc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 5635 bytes

M.V.G

Link naar reactie
Delen op andere sites

Heb je dit uitgevoerd :

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "FLEXnet Licensing Manager"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "FLEXnet Licensing Manager"

Druk op Enter.

... want dat staat nog in je nieuwe log ?

Bij Malwarebytes moet je ook kiezen voor "verwijderen". De melding "no action taken" wijst er normaal op dat je dit niet hebt gedaan. Laat MBAM opnieuw scannen en kies nu wél voor "verwijderen". Hang daarna een nieuw log van HijackThis en Malwarebytes in je volgende bericht.

Link naar reactie
Delen op andere sites

Goedemiddag,

Hier zijn de file's.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversie: 5648

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

31-1-2011 17:01:51

mbam-log-2011-01-31 (17-01-51).txt

Scantype: Snelle scan

Objecten gescand: 148381

Verstreken tijd: 9 minuut/minuten, 29 seconde(n)

Geheugenprocessen geïnfecteerd: 1

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

c:\Windows\Temp\mrtDA66.tmp\stdrt.exe (Trojan.FakeMS) -> 2620 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\Windows\Temp\mrtDA66.tmp\stdrt.exe (Trojan.FakeMS) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:51:05, on 31-1-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\FRONTP~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{84A5742F-AD87-4190-BCB0-9F38BE27D43B}: NameServer = 4.2.2.2

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regrc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 5635 bytes

M.V.G

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.