Re: irritante reclame 'over' mn internetpagina
Dit is t logje voor het opstarten van mn pc... anders weet ik niet of ik het nog wel terug kan vinden
[hjt]
malwarebytes' anti-malware 1.44
database versie: 3769
windows 6.0.6001 service pack 1
internet explorer 8.0.6001.18882
21-2-2010 15:36:06
mbam-log-2010-02-21 (15-36-06).txt
scan type: snelle scan
objecten gescand: 118065
verstreken tijd: 10 minute(s), 43 second(s)
geheugenprocessen genfecteerd: 0
geheugenmodulen genfecteerd: 0
registersleutels genfecteerd: 6
registerwaarden genfecteerd: 2
registerdata bestanden genfecteerd: 1
mappen genfecteerd: 1
bestanden genfecteerd: 12
geheugenprocessen genfecteerd:
(geen kwaadaardige items gevonden)
geheugenmodulen genfecteerd:
(geen kwaadaardige items gevonden)
registersleutels genfecteerd:
hkey_current_user\software\xml (trojan.fakealert) -> quarantined and deleted successfully.
hkey_current_user\software\microsoft\handle (malware.trace) -> quarantined and deleted successfully.
hkey_current_user\software\roua3o12pw (trojan.fakealert) -> quarantined and deleted successfully.
hkey_current_user\software\toy5knq8oc (trojan.fakealert) -> quarantined and deleted successfully.
hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\
{c47e3810-0bf2-3504-07d9-45b68ffbc98d} (adware.adrotator) -> quarantined and deleted successfully.
hkey_classes_root\clsid\
{c47e3810-0bf2-3504-07d9-45b68ffbc98d} (adware.adrotator) -> quarantined and deleted successfully.
registerwaarden genfecteerd:
hkey_current_user\software\microsoft\windows\currentversion\run\regedit32 (trojan.agent) -> quarantined and deleted successfully.
hkey_current_user\software\microsoft\windows\currentversion\run\toy5knq8oc (trojan.fakealert) -> quarantined and deleted successfully.
registerdata bestanden genfecteerd:
hkey_current_user\software\microsoft\windows nt\currentversion\winlogon\shell (hijack.shell) -> bad: (
c:\recycler\s-1-5-21-9200893393-5820728169-688067099-6137\vesita.exe,explorer.exe,
c:\recycler\s-1-5-21-9044879347-1875135080-004465964-8865\wnzip32.exe) good: (explorer.exe) -> quarantined and deleted successfully.
mappen genfecteerd:
c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811 (trojan.agent) -> quarantined and deleted successfully.
bestanden genfecteerd:
c:\recycler\s-1-5-21-9200893393-5820728169-688067099-6137\vesita.exe (worm.autorun.b) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\_voidb126.tmp (rootkit.tdss) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\_voidee74.tmp (rootkit.tdss) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\wecsnxamro.exe (trojan.hiloti) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\wescmxoran.exe (trojan.downloader.se2010) -> quarantined and deleted successfully.
c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\desktop.ini (trojan.agent) -> quarantined and deleted successfully.
c:\programdata\mswintmp.dat (malware.trace) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\sshnas21.dll (trojan.downloader) -> quarantined and deleted successfully.
c:\windows\tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (trojan.downloader) -> quarantined and deleted successfully.
c:\users\ellen\oashdihasidhasuidhiasdhiashdiuasdhasd (malware.trace) -> quarantined and deleted successfully.
c:\windows\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (trojan.downloader) -> quarantined and deleted successfully.
c:\windows\system32\7d1b4d83-c7d4-ff85-177a-4c7f8fb9b4ef.dll (adware.adrotator) -> delete on reboot.
[/hjt]
--- automatische edit ---
toch gevonden na het opstarten!
[hjt]
malwarebytes' anti-malware 1.44
database versie: 3769
windows 6.0.6001 service pack 1
internet explorer 8.0.6001.18882
21-2-2010 15:36:06
mbam-log-2010-02-21 (15-36-06).txt
scan type: snelle scan
objecten gescand: 118065
verstreken tijd: 10 minute(s), 43 second(s)
geheugenprocessen genfecteerd: 0
geheugenmodulen genfecteerd: 0
registersleutels genfecteerd: 6
registerwaarden genfecteerd: 2
registerdata bestanden genfecteerd: 1
mappen genfecteerd: 1
bestanden genfecteerd: 12
geheugenprocessen genfecteerd:
(geen kwaadaardige items gevonden)
geheugenmodulen genfecteerd:
(geen kwaadaardige items gevonden)
registersleutels genfecteerd:
hkey_current_user\software\xml (trojan.fakealert) -> quarantined and deleted successfully.
hkey_current_user\software\microsoft\handle (malware.trace) -> quarantined and deleted successfully.
hkey_current_user\software\roua3o12pw (trojan.fakealert) -> quarantined and deleted successfully.
hkey_current_user\software\toy5knq8oc (trojan.fakealert) -> quarantined and deleted successfully.
hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\
{c47e3810-0bf2-3504-07d9-45b68ffbc98d} (adware.adrotator) -> quarantined and deleted successfully.
hkey_classes_root\clsid\
{c47e3810-0bf2-3504-07d9-45b68ffbc98d} (adware.adrotator) -> quarantined and deleted successfully.
registerwaarden genfecteerd:
hkey_current_user\software\microsoft\windows\currentversion\run\regedit32 (trojan.agent) -> quarantined and deleted successfully.
hkey_current_user\software\microsoft\windows\currentversion\run\toy5knq8oc (trojan.fakealert) -> quarantined and deleted successfully.
registerdata bestanden genfecteerd:
hkey_current_user\software\microsoft\windows nt\currentversion\winlogon\shell (hijack.shell) -> bad: (
c:\recycler\s-1-5-21-9200893393-5820728169-688067099-6137\vesita.exe,explorer.exe,
c:\recycler\s-1-5-21-9044879347-1875135080-004465964-8865\wnzip32.exe) good: (explorer.exe) -> quarantined and deleted successfully.
mappen genfecteerd:
c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811 (trojan.agent) -> quarantined and deleted successfully.
bestanden genfecteerd:
c:\recycler\s-1-5-21-9200893393-5820728169-688067099-6137\vesita.exe (worm.autorun.b) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\_voidb126.tmp (rootkit.tdss) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\_voidee74.tmp (rootkit.tdss) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\wecsnxamro.exe (trojan.hiloti) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\wescmxoran.exe (trojan.downloader.se2010) -> quarantined and deleted successfully.
c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\desktop.ini (trojan.agent) -> quarantined and deleted successfully.
c:\programdata\mswintmp.dat (malware.trace) -> quarantined and deleted successfully.
c:\users\ellen\appdata\local\temp\sshnas21.dll (trojan.downloader) -> quarantined and deleted successfully.
c:\windows\tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (trojan.downloader) -> quarantined and deleted successfully.
c:\users\ellen\oashdihasidhasuidhiasdhiashdiuasdhasd (malware.trace) -> quarantined and deleted successfully.
c:\windows\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (trojan.downloader) -> quarantined and deleted successfully.
c:\windows\system32\7d1b4d83-c7d4-ff85-177a-4c7f8fb9b4ef.dll (adware.adrotator) -> delete on reboot.
[/hjt]