Vraag & Antwoord

12 antwoorden

Malware op systeem; graag advies.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:18, on 31-7-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\marga\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5738&r=27361210j106l0318z105t4841b54q
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5738&r=27361210j106l0318z105t4841b54q
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5738&r=27361210j106l0318z105t4841b54q
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Dropbox.lnk = marga\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TriDef Service (TriDefService) - Unknown owner - C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

–
End of file - 12957 bytes

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Databaseversie: 7336

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31-7-2011 12:27:17
mbam-log-2011-07-31 (12-27-17).txt

Scantype: Snelle scan
Objecten gescand: 166887
Verstreken tijd: 2 minuut/minuten, 19 seconde(n)

Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 1
Registersleutels geïnfecteerd: 21
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 9
Bestanden geïnfecteerd: 14

Geheugenprocessen geïnfecteerd:
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> 4592 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.HotBar.Gen) -> Delete on reboot.

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesahook.dll (Adware.HotBar.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\marga\AppData\Local\Temp\nszA6E5.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.666.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

Wat verder te doen?

Anoniem 31 juli 2011 11:50

Waarom is SP1 voor Windows 7 nog niet geïnstalleerd?
En waarom heb je nog geen update gedaan naar IE9 - want dat is ook een systeemupdate!

Je mag het volgende doen:

[b:ecaade2743]Welk programma[/b:ecaade2743]: ComboFix
[b:ecaade2743]Waarvoor/waarom[/b:ecaade2743]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
en zo mogelijk op te schonen.
[b:ecaade2743]Moeilijkheidsgraad[/b:ecaade2743]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
[b:ecaade2743]Downloadlokatie[/b:ecaade2743]: Dit programma absoluut naar het bureaublad downloaden!
[b:ecaade2743]Download ComboFix via één van deze locaties[/b:ecaade2743]:
[list:ecaade2743][*:ecaade2743][b:ecaade2743]Bleepingcomputer[/b:ecaade2743]
[*:ecaade2743][b:ecaade2743]ForoSpyware[/b:ecaade2743]
[*:ecaade2743][b:ecaade2743]Geekstogo[/b:ecaade2743][/list:u:ecaade2743]
[b:ecaade2743]Hier[/b:ecaade2743] zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
[b:ecaade2743]Hier[/b:ecaade2743] en [b:ecaade2743]hier[/b:ecaade2743] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

[b:ecaade2743]Voor alle duidelijkheid nogmaals[/b:ecaade2743]: ComboFix dient vanaf het bureaublad gestart te worden.

[b:ecaade2743]Opmerkingen[/b:ecaade2743]:
[list:ecaade2743][*:ecaade2743] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
[*:ecaade2743]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
[*:ecaade2743]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ecaade2743]
[b:ecaade2743]ComboFix is opgestart[/b:ecaade2743]:
[list:ecaade2743][*:ecaade2743]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
[*:ecaade2743]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
[*:ecaade2743]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
[*:ecaade2743]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
[*:ecaade2743]Post de inhoud van dit logbestand in je volgende bericht.
[*:ecaade2743]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ecaade2743]
[b:ecaade2743]Belangrijke opmerking[/b:ecaade2743]:
[list:ecaade2743][*:ecaade2743][b:ecaade2743]

Anoniem 31 juli 2011 13:11

Dank voor je snelle reactie; ik ben nu op mijn vakantie adres in Portugal.
De beheerder heeft dus problemen op zijn laptop.
Via jou probeer ik hem te helpen.

Ik ga morgenvroeg aan de slag met Combofix, etc. en zal je dan de resultaten sturen.

Anoniem 31 juli 2011 16:22

ComboFix 11-07-31.04 - marga 01-08-2011 16:20:14.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.351.1043.18.4091.2789 [GMT 1:00]
Executando de: c:\users\marga\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\log.txt
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-07-01 to 2011-08-01 ))))))))))))))))))))))))))))
.
.
2011-08-01 15:19 . 2011-08-01 15:19 ——– d—–w- C:\32788R22FWJFW
2011-08-01 06:27 . 2011-08-01 06:27 ——– d—–w- c:\windows\system32\SPReview
2011-08-01 06:26 . 2011-08-01 06:26 ——– d—–w- c:\windows\system32\EventProviders
2011-07-31 11:36 . 2011-07-31 11:36 388096 —-a-r- c:\users\marga\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 11:36 . 2011-07-31 11:36 ——– d—–w- c:\program files (x86)\Trend Micro
2011-07-31 11:19 . 2011-07-31 11:19 ——– d—–w- c:\users\marga\AppData\Roaming\Malwarebytes
2011-07-31 11:19 . 2011-07-06 18:52 41272 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-31 11:19 . 2011-07-31 11:19 ——– d—–w- c:\programdata\Malwarebytes
2011-07-31 11:19 . 2011-07-31 11:19 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-31 11:19 . 2011-07-06 18:52 25912 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 10:02 . 2011-07-21 10:05 ——– d—–w- C:\cf3d6be4148893cf6291c50300387089
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-01 06:39 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
2011-08-01 06:39 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
2011-07-15 07:47 . 2010-12-29 08:26 87456 —-a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-15 07:47 . 2010-12-29 08:26 33152 —-a-w- c:\windows\system32\LMIport.dll
2011-07-15 07:47 . 2010-12-29 08:26 80768 —-a-w- c:\windows\system32\LMIinit.dll
2011-06-03 05:57 . 2011-07-13 07:05 44032 —-a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:30 . 2011-06-16 10:20 1638912 —-a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-06-16 10:20 1638912 —-a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 11:42 . 2011-06-29 07:59 404480 —-a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 07:59 64512 —-a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 07:59 44544 —-a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 07:59 145920 —-a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 07:59 252928 —-a-w- c:\windows\SysWow64\drvinst.exe
2011-05-04 05:25 . 2011-06-29 07:59 2315776 —-a-w- c:\windows\system32\tquery.dll
2011-05-04 05:22 . 2011-06-29 07:59 2223616 —-a-w- c:\windows\system32\mssrch.dll
2011-05-04 05:22 . 2011-06-29 07:59 778752 —-a-w- c:\windows\system32\mssvp.dll
2011-05-04 05:22 . 2011-06-29 07:59 491520 —-a-w- c:\windows\system32\mssph.dll
2011-05-04 05:22 . 2011-06-29 07:59 75264 —-a-w- c:\windows\system32\msscntrs.dll
2011-05-04 05:22 . 2011-06-29 07:59 288256 —-a-w- c:\windows\system32\mssphtb.dll
2011-05-04 05:19 . 2011-06-29 07:59 591872 —-a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 05:19 . 2011-06-29 07:59 249856 —-a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 05:19 . 2011-06-29 07:59 113664 —-a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:34 . 2011-06-29 07:59 1549312 —-a-w- c:\windows\SysWow64\tquery.dll
2011-05-04 04:32 . 2011-06-29 07:59 666624 —-a-w- c:\windows\SysWow64\mssvp.dll
2011-05-04 04:32 . 2011-06-29 07:59 1401344 —-a-w- c:\windows\SysWow64\mssrch.dll
2011-05-04 04:32 . 2011-06-29 07:59 337408 —-a-w- c:\windows\SysWow64\mssph.dll
2011-05-04 04:32 . 2011-06-29 07:59 197120 —-a-w- c:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32 . 2011-06-29 07:59 59392 —-a-w- c:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28 . 2011-06-29 07:59 427520 —-a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-29 07:59 164352 —-a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-06-29 07:59 86528 —-a-w- c:\windows\SysWow64\SearchFilterHost.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 —-a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\users\marga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\marga\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Serviço Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 135664]
R3 gupdatem;Serviço Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TriDefService;TriDef Service;c:\program files (x86)\TriDef 3D\TriDef\Common\TriDefService.exe [2009-09-15 1327104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-07-15 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 15:36]
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 15:36]
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 —-a-w- c:\users\marga\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 —-a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-13 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
——- Scan Suplementar ——-
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0816&m=aspire_5738&r=27361210j106l0318z105t4841b54q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
——————— CHAVES DO REGISTRO BLOQUEADAS ———————
.
[HKEY_USERS\S-1-5-21-1562620929-3118729753-2077044618-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1562620929-3118729753-2077044618-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Outros Processos em Execução ————————
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-08-01 16:32:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-08-01 15:32
.
Pré-execução: 258.321.195.008 bytes beschikbaar
Pós execução: 258.893.914.112 bytes beschikbaar
.
- - End Of File - - 98453EAB6DCC7E7C642620B78E5E82E3

Anoniem 1 augustus 2011 15:35

Hoi Jos, laat de machine nu het volgende ondergaan:

[b:b11ff9a7d1]Doe de ESET online scan (Klik).[/b:b11ff9a7d1]
[list:b11ff9a7d1]
[*:b11ff9a7d1]Klik op de knop [b:b11ff9a7d1]ESET Online Scanner[/b:b11ff9a7d1]
[*:b11ff9a7d1]Zet een vinkje bij [b:b11ff9a7d1]YES, I accept the Terms of Use[/b:b11ff9a7d1]
[*:b11ff9a7d1]Klik op [b:b11ff9a7d1]Start[/b:b11ff9a7d1]
[*:b11ff9a7d1]Sta het ActiveX control toe om te installeren.
[*:b11ff9a7d1]Klik op [b:b11ff9a7d1]"Advanced settings"[/b:b11ff9a7d1]
[*:b11ff9a7d1]Zet een vinkje bij de volgende opties:
[list:b11ff9a7d1][*:b11ff9a7d1][b:b11ff9a7d1]Remove found threats[/b:b11ff9a7d1]
[*:b11ff9a7d1][b:b11ff9a7d1]Scan archives[/b:b11ff9a7d1]
[*:b11ff9a7d1][b:b11ff9a7d1]Scan for potentially unwanted applications[/b:b11ff9a7d1]
[*:b11ff9a7d1][b:b11ff9a7d1]Scan for potentially unsafe applications[/b:b11ff9a7d1]
[*:b11ff9a7d1][b:b11ff9a7d1]Enable Anti-Stealth technology [/b:b11ff9a7d1][/list:u:b11ff9a7d1]
[*:b11ff9a7d1]Klik op [b:b11ff9a7d1]Start[/b:b11ff9a7d1]
[*:b11ff9a7d1]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
[*:b11ff9a7d1]Je mag het venster sluiten wanneer de scan klaar is.
[*:b11ff9a7d1]Gebruik [b:b11ff9a7d1]Kladblok[/b:b11ff9a7d1] om het logje te openen. Dit logje vind je in de lokatie C:\Program Files\EsetOnlineScanner\[b:b11ff9a7d1]log.txt[/b:b11ff9a7d1]
[*:b11ff9a7d1]Kopieer en plak de inhoud van dit logje in je volgende bericht.[/list:u:b11ff9a7d1]
N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!

Anoniem 1 augustus 2011 17:20

Eset deed er erg lang over, ongeveer anderhalf uur.

Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Met schijfopruiming computer opgeschoond.

Anoniem 3 augustus 2011 08:23

Hoe draait Windows nu?

Anoniem 3 augustus 2011 10:16

Windows draait weer goed.
Nog even defragmenteren en beveiliging optimaliseren .
Alle malware is nu verwijderd?

Anoniem 4 augustus 2011 11:06

Hoi Jos, daar Eset ook niks meer gevonden heeft, ga ik er van uit, dat die Windows weer OK is.

ComboFix mag nu verwijderd worden:
[list:ff799fabb6][*:ff799fabb6] ga daarvoor naar Start - Uitvoeren
[*:ff799fabb6] kopieer en plak hierin het volgende: [b:ff799fabb6]Combofix /Uninstall[/b:ff799fabb6]
[*:ff799fabb6] klik daarna op [b:ff799fabb6]OK[/b:ff799fabb6].
[*:ff799fabb6] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:ff799fabb6]

Voorbeeld:

[img:ff799fabb6]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:ff799fabb6]

Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

[i:ff799fabb6]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.[/i:ff799fabb6]

Doe ook nog een test, om te kijken hoe je huidige veiligheidssituatie is.

Download naar je bureaublad [b:ff799fabb6].
[list:ff799fabb6][*:ff799fabb6] Klik/dubbelklik op [b:ff799fabb6]SecurityCheck.exe[/b:ff799fabb6] en let op de instrukties in het zwarte venster.
[*:ff799fabb6] Een Kladblok document genaamd [b:ff799fabb6]checkup.txt[/b:ff799fabb6] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
[*:ff799fabb6] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:ff799fabb6]
Post de inhoud van [b:ff799fabb6]checkup.txt [/b:ff799fabb6]in je volgende post.

Anoniem 4 augustus 2011 16:11

Bovenstaande uitgevoerd, hierbij het logbestand van de security check:

Results of screen317's Security Check version 0.99.18
Windows 7 (UAC is enabled)
Internet Explorer 8
[b:d0b7634184]``````````````````````````````
[u:d0b7634184]Antivirus/Firewall Check:[/u:d0b7634184][/b:d0b7634184]
avast! Free Antivirus
ESET Online Scanner v3
[size=1:d0b7634184]WMI entry may not exist for antivirus; attempting automatic update.[/size:d0b7634184]
[b:d0b7634184]```````````````````````````````
[u:d0b7634184]Anti-malware/Other Utilities Check:[/u:d0b7634184][/b:d0b7634184]
Malwarebytes' Anti-Malware
Adobe Flash Player
[b:d0b7634184]````````````````````````````````
Process Check:
[u:d0b7634184]objlist.exe by Laurent[/u:d0b7634184][/b:d0b7634184]
system32 AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
[b:d0b7634184]``````````End of Log````````````[/b:d0b7634184]

Anoniem 10 augustus 2011 10:58

Omdat er bij de Adobe Flashplayer geen versienummer staat het volgende:

er zijn twee onderdelen in Windows, die altijd de nieuwste versie dienen te zijn en dat zijn Java runtime en Adobe Flash Player.
Waarom: in die nieuwste versies zijn altijd de ontdekte veiligheidsrisico's uitverbeterd en ook dat vaak het tool zelf beter funktioneert!

Wat mij zelf opgevallen is, dat update je de Flash Player, dan bijft de oude versie ook geïnstalleerd en dat is niet de bedoeling!

Ten behoeve van Flash Player in Windows:

ga nu eerst naar Configuratiescherm
[list:d8826cfa52][*:d8826cfa52][b:d8826cfa52]Software[/b:d8826cfa52] - Windows 2000/Windows XP
[*:d8826cfa52][b:d8826cfa52]Programma's en onderdelen[/b:d8826cfa52] - Windows Vista en Windows 7[/list:u:d8826cfa52]

en verwijder daar vervolgens [b:d8826cfa52]Adobe Flashplayer Active X…..[/b:d8826cfa52]

ga vervolgens met Internet Explorer naar http://get.adobe.com/nl/flashplayer/ om de nieuwste Flasplayer te laten installeren;
(wil je de [b:d8826cfa52]Gratis Google Toolbar (optioneel) (2,12 MB)[/b:d8826cfa52] niet erbij hebben, haal dan eerst het vinkje weg!).

[b:d8826cfa52]Belangrijk[/b:d8826cfa52]: gebruik je ook andere browsers dan verwijder je eerst via dezelfde weg de [b:d8826cfa52]Adobe Flashplayer Plugins[/b:d8826cfa52] en daarna gebruik je dan die andere browsers telkens via hetzelfde internetadres om de nieuwste Flashplayer Plugins te downloaden en na afsluiten van de betreffende browser de nieuwe plugin te installeren![/notice]

Anoniem 10 augustus 2011 11:03

Bovenstaande uitgevoerd!!
Dank voor je hulp en tot een volgende keer.

Anoniem 10 augustus 2011 11:22

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

controle MBAM

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!