Vraag & Antwoord

Beveiliging & privacy

controle MBAM

Anoniem
Abraham54
12 antwoorden
  • Malware op systeem; graag advies.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:44:18, on 31-7-2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16800)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\marga\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5738&r=27361210j106l0318z105t4841b54q
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5738&r=27361210j106l0318z105t4841b54q
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5738&r=27361210j106l0318z105t4841b54q
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Dropbox.lnk = marga\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TriDef Service (TriDefService) - Unknown owner - C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 12957 bytes

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Databaseversie: 7336

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    31-7-2011 12:27:17
    mbam-log-2011-07-31 (12-27-17).txt

    Scantype: Snelle scan
    Objecten gescand: 166887
    Verstreken tijd: 2 minuut/minuten, 19 seconde(n)

    Geheugenprocessen geïnfecteerd: 1
    Geheugenmodulen geïnfecteerd: 1
    Registersleutels geïnfecteerd: 21
    Registerwaarden geïnfecteerd: 2
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 9
    Bestanden geïnfecteerd: 14

    Geheugenprocessen geïnfecteerd:
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> 4592 -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.HotBar.Gen) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.HotBar.Gen) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\Users\marga\AppData\Local\Temp\nszA6E5.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Wat verder te doen?
  • Waarom is SP1 voor Windows 7 nog niet geïnstalleerd?
    En waarom heb je nog geen update gedaan naar IE9 - want dat is ook een systeemupdate!


    Je mag het volgende doen:

    [b:ecaade2743]Welk programma[/b:ecaade2743]: ComboFix
    [b:ecaade2743]Waarvoor/waarom[/b:ecaade2743]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:ecaade2743]Moeilijkheidsgraad[/b:ecaade2743]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:ecaade2743]Downloadlokatie[/b:ecaade2743]: Dit programma absoluut naar het bureaublad downloaden!
    [b:ecaade2743]Download ComboFix via één van deze locaties[/b:ecaade2743]:
    [list:ecaade2743][*:ecaade2743][b:ecaade2743]Bleepingcomputer[/b:ecaade2743]
    [*:ecaade2743][b:ecaade2743]ForoSpyware[/b:ecaade2743]
    [*:ecaade2743][b:ecaade2743]Geekstogo[/b:ecaade2743][/list:u:ecaade2743]
    [b:ecaade2743]Hier[/b:ecaade2743] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:ecaade2743]Hier[/b:ecaade2743] en [b:ecaade2743]hier[/b:ecaade2743] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:ecaade2743]Voor alle duidelijkheid nogmaals[/b:ecaade2743]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:ecaade2743]Opmerkingen[/b:ecaade2743]:
    [list:ecaade2743][*:ecaade2743] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:ecaade2743]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:ecaade2743]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ecaade2743]
    [b:ecaade2743]ComboFix is opgestart[/b:ecaade2743]:
    [list:ecaade2743][*:ecaade2743]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:ecaade2743]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:ecaade2743]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:ecaade2743]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:ecaade2743]Post de inhoud van dit logbestand in je volgende bericht.
    [*:ecaade2743]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ecaade2743]
    [b:ecaade2743]Belangrijke opmerking[/b:ecaade2743]:
    [list:ecaade2743][*:ecaade2743][b:ecaade2743]
  • Dank voor je snelle reactie; ik ben nu op mijn vakantie adres in Portugal.
    De beheerder heeft dus problemen op zijn laptop.
    Via jou probeer ik hem te helpen.

    Ik ga morgenvroeg aan de slag met Combofix, etc. en zal je dan de resultaten sturen.
  • ComboFix 11-07-31.04 - marga 01-08-2011 16:20:14.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.351.1043.18.4091.2789 [GMT 1:00]
    Executando de: c:\users\marga\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\Temp\log.txt
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2011-07-01 to 2011-08-01 ))))))))))))))))))))))))))))
    .
    .
    2011-08-01 15:19 . 2011-08-01 15:19 ——– d—–w- C:\32788R22FWJFW
    2011-08-01 06:27 . 2011-08-01 06:27 ——– d—–w- c:\windows\system32\SPReview
    2011-08-01 06:26 . 2011-08-01 06:26 ——– d—–w- c:\windows\system32\EventProviders
    2011-07-31 11:36 . 2011-07-31 11:36 388096 —-a-r- c:\users\marga\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-07-31 11:36 . 2011-07-31 11:36 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-07-31 11:19 . 2011-07-31 11:19 ——– d—–w- c:\users\marga\AppData\Roaming\Malwarebytes
    2011-07-31 11:19 . 2011-07-06 18:52 41272 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-31 11:19 . 2011-07-31 11:19 ——– d—–w- c:\programdata\Malwarebytes
    2011-07-31 11:19 . 2011-07-31 11:19 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-07-31 11:19 . 2011-07-06 18:52 25912 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-21 10:02 . 2011-07-21 10:05 ——– d—–w- C:\cf3d6be4148893cf6291c50300387089
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-01 06:39 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2011-08-01 06:39 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2011-07-15 07:47 . 2010-12-29 08:26 87456 —-a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-07-15 07:47 . 2010-12-29 08:26 33152 —-a-w- c:\windows\system32\LMIport.dll
    2011-07-15 07:47 . 2010-12-29 08:26 80768 —-a-w- c:\windows\system32\LMIinit.dll
    2011-06-03 05:57 . 2011-07-13 07:05 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2011-05-28 03:30 . 2011-06-16 10:20 1638912 —-a-w- c:\windows\system32\mshtml.tlb
    2011-05-28 02:53 . 2011-06-16 10:20 1638912 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-24 11:42 . 2011-06-29 07:59 404480 —-a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:40 . 2011-06-29 07:59 64512 —-a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:40 . 2011-06-29 07:59 44544 —-a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:39 . 2011-06-29 07:59 145920 —-a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37 . 2011-06-29 07:59 252928 —-a-w- c:\windows\SysWow64\drvinst.exe
    2011-05-04 05:25 . 2011-06-29 07:59 2315776 —-a-w- c:\windows\system32\tquery.dll
    2011-05-04 05:22 . 2011-06-29 07:59 2223616 —-a-w- c:\windows\system32\mssrch.dll
    2011-05-04 05:22 . 2011-06-29 07:59 778752 —-a-w- c:\windows\system32\mssvp.dll
    2011-05-04 05:22 . 2011-06-29 07:59 491520 —-a-w- c:\windows\system32\mssph.dll
    2011-05-04 05:22 . 2011-06-29 07:59 75264 —-a-w- c:\windows\system32\msscntrs.dll
    2011-05-04 05:22 . 2011-06-29 07:59 288256 —-a-w- c:\windows\system32\mssphtb.dll
    2011-05-04 05:19 . 2011-06-29 07:59 591872 —-a-w- c:\windows\system32\SearchIndexer.exe
    2011-05-04 05:19 . 2011-06-29 07:59 249856 —-a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-05-04 05:19 . 2011-06-29 07:59 113664 —-a-w- c:\windows\system32\SearchFilterHost.exe
    2011-05-04 04:34 . 2011-06-29 07:59 1549312 —-a-w- c:\windows\SysWow64\tquery.dll
    2011-05-04 04:32 . 2011-06-29 07:59 666624 —-a-w- c:\windows\SysWow64\mssvp.dll
    2011-05-04 04:32 . 2011-06-29 07:59 1401344 —-a-w- c:\windows\SysWow64\mssrch.dll
    2011-05-04 04:32 . 2011-06-29 07:59 337408 —-a-w- c:\windows\SysWow64\mssph.dll
    2011-05-04 04:32 . 2011-06-29 07:59 197120 —-a-w- c:\windows\SysWow64\mssphtb.dll
    2011-05-04 04:32 . 2011-06-29 07:59 59392 —-a-w- c:\windows\SysWow64\msscntrs.dll
    2011-05-04 04:28 . 2011-06-29 07:59 427520 —-a-w- c:\windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:28 . 2011-06-29 07:59 164352 —-a-w- c:\windows\SysWow64\SearchProtocolHost.exe
    2011-05-04 04:28 . 2011-06-29 07:59 86528 —-a-w- c:\windows\SysWow64\SearchFilterHost.exe
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-08-07 09:18 120104 —-a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
    "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
    "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
    "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    .
    c:\users\marga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\marga\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Serviço Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 135664]
    R3 gupdatem;Serviço Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 135664]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 TriDefService;TriDef Service;c:\program files (x86)\TriDef 3D\TriDef\Common\TriDefService.exe [2009-09-15 1327104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-07-15 375176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
    S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    .
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 15:36]
    .
    2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 15:36]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-08-07 09:19 137512 —-a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-13 200704]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Scan Suplementar ——-
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5738&r=27361210j106l0318z105t4841b54q
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    ——————— CHAVES DO REGISTRO BLOQUEADAS ———————
    .
    [HKEY_USERS\S-1-5-21-1562620929-3118729753-2077044618-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1562620929-3118729753-2077044618-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Outros Processos em Execução ————————
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2011-08-01 16:32:51 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2011-08-01 15:32
    .
    Pré-execução: 258.321.195.008 bytes beschikbaar
    Pós execução: 258.893.914.112 bytes beschikbaar
    .
    - - End Of File - - 98453EAB6DCC7E7C642620B78E5E82E3
  • Hoi Jos, laat de machine nu het volgende ondergaan:

    [b:b11ff9a7d1]Doe de ESET online scan (Klik).[/b:b11ff9a7d1]
    [list:b11ff9a7d1]
    [*:b11ff9a7d1]Klik op de knop [b:b11ff9a7d1]ESET Online Scanner[/b:b11ff9a7d1]
    [*:b11ff9a7d1]Zet een vinkje bij [b:b11ff9a7d1]YES, I accept the Terms of Use[/b:b11ff9a7d1]
    [*:b11ff9a7d1]Klik op [b:b11ff9a7d1]Start[/b:b11ff9a7d1]
    [*:b11ff9a7d1]Sta het ActiveX control toe om te installeren.
    [*:b11ff9a7d1]Klik op [b:b11ff9a7d1]"Advanced settings"[/b:b11ff9a7d1]
    [*:b11ff9a7d1]Zet een vinkje bij de volgende opties:
    [list:b11ff9a7d1][*:b11ff9a7d1][b:b11ff9a7d1]Remove found threats[/b:b11ff9a7d1]
    [*:b11ff9a7d1][b:b11ff9a7d1]Scan archives[/b:b11ff9a7d1]
    [*:b11ff9a7d1][b:b11ff9a7d1]Scan for potentially unwanted applications[/b:b11ff9a7d1]
    [*:b11ff9a7d1][b:b11ff9a7d1]Scan for potentially unsafe applications[/b:b11ff9a7d1]
    [*:b11ff9a7d1][b:b11ff9a7d1]Enable Anti-Stealth technology [/b:b11ff9a7d1][/list:u:b11ff9a7d1]
    [*:b11ff9a7d1]Klik op [b:b11ff9a7d1]Start[/b:b11ff9a7d1]
    [*:b11ff9a7d1]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:b11ff9a7d1]Je mag het venster sluiten wanneer de scan klaar is.
    [*:b11ff9a7d1]Gebruik [b:b11ff9a7d1]Kladblok[/b:b11ff9a7d1] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:b11ff9a7d1]log.txt[/b:b11ff9a7d1]
    [*:b11ff9a7d1]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:b11ff9a7d1]
    N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Eset deed er erg lang over, ongeveer anderhalf uur.

    Log:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK

    Met schijfopruiming computer opgeschoond.
  • Hoe draait Windows nu?
  • Windows draait weer goed.
    Nog even defragmenteren en beveiliging optimaliseren .
    Alle malware is nu verwijderd?
  • Hoi Jos, daar Eset ook niks meer gevonden heeft, ga ik er van uit, dat die Windows weer OK is.

    ComboFix mag nu verwijderd worden:
    [list:ff799fabb6][*:ff799fabb6] ga daarvoor naar Start - Uitvoeren
    [*:ff799fabb6] kopieer en plak hierin het volgende: [b:ff799fabb6]Combofix /Uninstall[/b:ff799fabb6]
    [*:ff799fabb6] klik daarna op [b:ff799fabb6]OK[/b:ff799fabb6].
    [*:ff799fabb6] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:ff799fabb6]

    Voorbeeld:

    [img:ff799fabb6]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:ff799fabb6]

    Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

    [i:ff799fabb6]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:ff799fabb6]

    Doe ook nog een test, om te kijken hoe je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:ff799fabb6].
    [list:ff799fabb6][*:ff799fabb6] Klik/dubbelklik op [b:ff799fabb6]SecurityCheck.exe[/b:ff799fabb6] en let op de instrukties in het zwarte venster.
    [*:ff799fabb6] Een Kladblok document genaamd [b:ff799fabb6]checkup.txt[/b:ff799fabb6] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:ff799fabb6] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:ff799fabb6]
    Post de inhoud van [b:ff799fabb6]checkup.txt [/b:ff799fabb6]in je volgende post.
  • Bovenstaande uitgevoerd, hierbij het logbestand van de security check:

    Results of screen317's Security Check version 0.99.18
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    [b:d0b7634184]``````````````````````````````
    [u:d0b7634184]Antivirus/Firewall Check:[/u:d0b7634184][/b:d0b7634184]
    avast! Free Antivirus
    ESET Online Scanner v3
    [size=1:d0b7634184]WMI entry may not exist for antivirus; attempting automatic update.[/size:d0b7634184]
    [b:d0b7634184]```````````````````````````````
    [u:d0b7634184]Anti-malware/Other Utilities Check:[/u:d0b7634184][/b:d0b7634184]
    Malwarebytes' Anti-Malware
    Adobe Flash Player
    [b:d0b7634184]````````````````````````````````
    Process Check:
    [u:d0b7634184]objlist.exe by Laurent[/u:d0b7634184][/b:d0b7634184]
    system32 AvastSvc.exe -?-
    AVAST Software Avast AvastUI.exe
    [b:d0b7634184]``````````End of Log````````````[/b:d0b7634184]
  • Omdat er bij de Adobe Flashplayer geen versienummer staat het volgende:

    er zijn twee onderdelen in Windows, die altijd de nieuwste versie dienen te zijn en dat zijn Java runtime en Adobe Flash Player.
    Waarom: in die nieuwste versies zijn altijd de ontdekte veiligheidsrisico's uitverbeterd en ook dat vaak het tool zelf beter funktioneert!

    Wat mij zelf opgevallen is, dat update je de Flash Player, dan bijft de oude versie ook geïnstalleerd en dat is niet de bedoeling!

    Ten behoeve van Flash Player in Windows:

    ga nu eerst naar Configuratiescherm
    [list:d8826cfa52][*:d8826cfa52][b:d8826cfa52]Software[/b:d8826cfa52] - Windows 2000/Windows XP
    [*:d8826cfa52][b:d8826cfa52]Programma's en onderdelen[/b:d8826cfa52] - Windows Vista en Windows 7[/list:u:d8826cfa52]

    en verwijder daar vervolgens [b:d8826cfa52]Adobe Flashplayer Active X…..[/b:d8826cfa52]

    ga vervolgens met Internet Explorer naar http://get.adobe.com/nl/flashplayer/ om de nieuwste Flasplayer te laten installeren;
    (wil je de [b:d8826cfa52]Gratis Google Toolbar (optioneel) (2,12 MB)[/b:d8826cfa52] niet erbij hebben, haal dan eerst het vinkje weg!).


    [b:d8826cfa52]Belangrijk[/b:d8826cfa52]: gebruik je ook andere browsers dan verwijder je eerst via dezelfde weg de [b:d8826cfa52]Adobe Flashplayer Plugins[/b:d8826cfa52] en daarna gebruik je dan die andere browsers telkens via hetzelfde internetadres om de nieuwste Flashplayer Plugins te downloaden en na afsluiten van de betreffende browser de nieuwe plugin te installeren![/notice]
  • Bovenstaande uitgevoerd!!
    Dank voor je hulp en tot een volgende keer.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.