• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Ook ING virus sinowal?

Status
Niet open voor verdere reacties.

ngerende

Nieuw lid
Lid geworden
19 jun 2011
Berichten
6
Waarderingsscore
0
[hjt]
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:01:43, on 25-10-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\users\cenn\appdata\roaming\t-mobile internet manager\ouc.exe
c:\program files (x86)\avira\antivir desktop\avgnt.exe
c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
c:\program files (x86)\common files\java\java update\jusched.exe
c:\program files (x86)\openoffice.org 3\program\soffice.exe
c:\program files (x86)\openoffice.org 3\program\soffice.bin
c:\program files (x86)\samsung\samsung recovery solution 4\wcscheduler.exe
c:\program files (x86)\samsung\easy display manager\dmhkcore.exe
c:\program files (x86)\samsung\samsung support center\ssckbdhk.exe
c:\program files (x86)\lavasoft\ad-aware\aawtray.exe
c:\program files (x86)\yahoo!\messenger\ymsgr_tray.exe
c:\program files (x86)\samsung\easyspeedupmanager\easyspeedupmanager.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://samsung.msn.com[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.yahoo.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://samsung.msn.com[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
f2 - reg:system.ini: userinit=userinit.exe
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: windows live id sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: windows live messenger companion helper - {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files (x86)\windows live\companion\companioncore.dll
o2 - bho: bing bar bho - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
o3 - toolbar: @c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [microsoft default manager] c:\program files (x86)\microsoft\search enhancement pack\default manager\defmgr.exe -resume
o4 - hklm\..\run: [ucam_menu] c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [quicktime task] c:\program files (x86)\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [avgnt] c:\program files (x86)\avira\antivir desktop\avgnt.exe /min
o4 - hklm\..\run: [datacardmonitor] c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files (x86)\common files\java\java update\jusched.exe
o4 - hkcu\..\run: [hw_openeye_ouc_t-mobile internet manager] c:\program files (x86)\t-mobile\t-mobile internet manager\updatedog\ouc.exe
o4 - hkcu\..\run: [messenger (yahoo!)] c:\progra~2\yahoo!\messenger\yahoomessenger.exe -quiet
o4 - hkcu\..\run: [{681710c1-7398-c007-f1e4-156eac416f99}] c:\users\cenn\appdata\roaming\qofu\yhip.exe
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o4 - startup: openoffice.org 3.3 .lnk = c:\program files (x86)\openoffice.org 3\program\quickstart.exe
o9 - extra button: @c:\program files (x86)\windows live\companion\companionlang.dll,-600 - {0000036b-c524-4050-81a0-243669a86b9f} - c:\program files (x86)\windows live\companion\companioncore.dll
o9 - extra button: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1004 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1003 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra button: clickpotato - {b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} - c:\program files (x86)\clickpotatolite\bin\10.0.701.0\clickpotatolitesabho.dll (file missing)
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o17 - hklm\system\ccs\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o17 - hklm\system\ccs\services\tcpip\..\{8a8d298f-85c5-40bc-bcf6-82d6d59bc2a9}: nameserver = 192.168.1.254
o17 - hklm\system\cs1\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o17 - hklm\system\cs2\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll
o18 - protocol: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files (x86)\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files (x86)\avira\antivir desktop\avguard.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: lavasoft ad-aware service - lavasoft limited - c:\program files (x86)\lavasoft\ad-aware\aawservice.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: rezip - unknown owner - c:\windows\syswow64\rezip.exe
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
o23 - service: yahoo! updater (yahooauservice) - yahoo! inc. - c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe
--
end of file - 10600 bytes

[/hjt]
 
Re: ING virus sinowal

???? ??? Windows Live
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?? Messenger
???????? ?????????? Windows Live
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
„Messenger“ pagalbine priemone
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
888casino
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 - Nederlands
Alice Greenfingers
Apple Application Support
Apple Software Update
Atheros Client Installation Program
Avira AntiVir Personal - Free Antivirus
BankTrans
BatteryLifeExtender
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bonbon Quest
Cake Mania
Catalyst Control Center - Branding
Complment Messenger
Complemento Messenger
CyberLink YouCam
CyberLink YouCam
D3DX10
Daycare Nightmare
Doplnok programu Messenger
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
Flip Words
Fotogalerija Windows Live
Galapago
Galeria de Fotografias do Windows Live
Galera fotogrfica de Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Gem Shop
Google Earth
HiJackThis
Insaniquarium Deluxe
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java(TM) 6 Update 29
Junk Mail filter update
KeePass Password Safe 1.13
Kruidvat fotoservice
Mahjong Escape Ancient China
Malwarebytes' Anti-Malware versie 1.51.2.1300
Marvell Miniport Driver
Mesh Runtime
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger Companion
Messenger ksro
Messenger Pratilac
Messenger Suradnik
Messenger-kumppani
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 nl)
MSVCRT
MSVCRT_amd64
OpenOffice.org 3.3
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pomocnik Messenger
Pošta Windows Live
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 4.2
Slingo
SopCast 3.4.0
Spremljevalec Messenger
T-Mobile Internet Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
User Guide
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ?? ???
Windows Live ???
Windows Live ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live fotoattelu galerija
Windows Live Fotogalria
Windows Live Fotogalerie
Windows Live Fotogalerie
Windows Live Foto-galerija
Windows Live Fotogalleri
Windows Live Fotograf Galerisi
Windows Live Fottr
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Paralar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Liven asennustykalu
Windows Liven shkposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 8018

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25-10-2011 19:34:33
mbam-log-2011-10-25 (19-34-33).txt

Scantype: Snelle scan
Objecten gescand: 183215
Verstreken tijd: 5 minuut/minuten, 2 seconde(n)

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 42
Registerwaarden genfecteerd: 5
Registerdata genfecteerd: 0
Mappen genfecteerd: 9
Bestanden genfecteerd: 10

Geheugenprocessen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels genfecteerd:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40af-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ed-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registerwaarden genfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{681710C1-7398-C007-F1E4-156EAC416F99} (Trojan.ZbotR.Gen) -> Value: {681710C1-7398-C007-F1E4-156EAC416F99} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.1.71.0 (Adware.HotBar) -> Value: ShopperReports 3.1.71.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790673BD765A5337A099 (Malware.Trace) -> Value: SRS_IT_E8790673BD765A5337A099 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registerdata genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen genfecteerd:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.701.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.701.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.701.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.701.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Bestanden genfecteerd:
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.701.0\copyright.txt (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.701.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.



[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:45:13, on 25-10-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\program files (x86)\samsung\samsung recovery solution 4\wcscheduler.exe
c:\program files (x86)\samsung\samsung support center\ssckbdhk.exe
c:\program files (x86)\samsung\easy display manager\dmhkcore.exe
c:\program files (x86)\lavasoft\ad-aware\aawtray.exe
c:\users\cenn\appdata\roaming\t-mobile internet manager\ouc.exe
c:\program files (x86)\openoffice.org 3\program\soffice.exe
c:\program files (x86)\avira\antivir desktop\avgnt.exe
c:\program files (x86)\openoffice.org 3\program\soffice.bin
c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
c:\program files (x86)\common files\java\java update\jusched.exe
c:\program files (x86)\yahoo!\messenger\ymsgr_tray.exe
c:\program files (x86)\mozilla firefox\firefox.exe
c:\program files (x86)\samsung\easyspeedupmanager\easyspeedupmanager.exe
c:\program files (x86)\mozilla firefox\plugin-container.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://samsung.msn.com[/noparse]
r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.yahoo.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://samsung.msn.com[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
f2 - reg:system.ini: userinit=userinit.exe,
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: windows live id sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: windows live messenger companion helper - {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files (x86)\windows live\companion\companioncore.dll
o2 - bho: bing bar bho - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
o3 - toolbar: @c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\6.0.2282.0\npwinext.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
o4 - hklm\..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
o4 - hklm\..\run: [microsoft default manager] c:\program files (x86)\microsoft\search enhancement pack\default manager\defmgr.exe -resume
o4 - hklm\..\run: [ucam_menu] c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe
o4 - hklm\..\run: [quicktime task] c:\program files (x86)\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [avgnt] c:\program files (x86)\avira\antivir desktop\avgnt.exe /min
o4 - hklm\..\run: [datacardmonitor] c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files (x86)\common files\java\java update\jusched.exe
o4 - hkcu\..\run: [hw_openeye_ouc_t-mobile internet manager] c:\program files (x86)\t-mobile\t-mobile internet manager\updatedog\ouc.exe
o4 - hkcu\..\run: [messenger (yahoo!)] c:\progra~2\yahoo!\messenger\yahoomessenger.exe -quiet
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o4 - startup: openoffice.org 3.3 .lnk = c:\program files (x86)\openoffice.org 3\program\quickstart.exe
o9 - extra button: @c:\program files (x86)\windows live\companion\companionlang.dll,-600 - {0000036b-c524-4050-81a0-243669a86b9f} - c:\program files (x86)\windows live\companion\companioncore.dll
o9 - extra button: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1004 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1003 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o17 - hklm\system\ccs\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o17 - hklm\system\ccs\services\tcpip\..\{8a8d298f-85c5-40bc-bcf6-82d6d59bc2a9}: nameserver = 192.168.1.254
o17 - hklm\system\cs1\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o17 - hklm\system\cs2\services\tcpip\..\{08cc8e6a-835a-46d8-813a-ae824f66a0fb}: nameserver = 195.241.77.55
o18 - protocol: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll
o18 - protocol: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files (x86)\avira\antivir desktop\sched.exe
o23 - service: avira antivir guard (antivirservice) - avira gmbh - c:\program files (x86)\avira\antivir desktop\avguard.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: lavasoft ad-aware service - lavasoft limited - c:\program files (x86)\lavasoft\ad-aware\aawservice.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: rezip - unknown owner - c:\windows\syswow64\rezip.exe
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
o23 - service: yahoo! updater (yahooauservice) - yahoo! inc. - c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe
--
end of file - 10441 bytes

[/hjt]
 
Hallo ngerende, zoals jij gezien zal hebben, heb ik een nieuwe topic voor jou aangemaakt.

Want post nooit jou probleem in andermans topic, omdat je van mening bent dat je hetzelfde probleem hebt.
Want: er is geen Windows die gelijk is aan een andere Windows!

Overigens:
a055.gif
, welkom op dit fijne forum.

Denk jij inderdaad last te hebben van Mebroot/Sinowal?


Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:
  • Lees alle instrukties goed door.
  • Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
  • Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
  • Gebruik altijd n scanner per keer, nooit meerdere tegelijk gebruiken.
  • Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
  • De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.

Stap 1
Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop Fix checked klikt!


Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop Do a Scan only,

o9 - extra button: clickpotato - {b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} - c:\program files (x86)\clickpotatolite\bin\10.0.701.0\clickpotatolitesabho.dll (file missing)

  • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
  • Sluit nu de webbrowser en vervolgens klik je daarna op de knop Fix checked
  • Klik hierna HijackThis op uit.
Stap 2
Welk programma: Microsoft Safety Scanner
Waarvoor/waarom: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.
Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.
Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.
Dowload de Microsoft Safety Scanner hier.

Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

Scannen:
  • Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'.
  • Het scannen duurt wel even, dus wees geduldig.

Stap 3
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Download Malwarebytes MBAM via n van deze locaties:
Allereerst:
  • Al meteen na de installatie wil 'MBAM' zijn database opwaarderen toestaan dus.
  • Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
Malwarebytes MBAM opstarten:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
  • Let op:
    • Malwarebytes verstrekt nu de volledige versie van MBAM.
    • Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    • Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    • Zodoende zal MBAM als gratis versie verder te gebruiken zijn
mbam2.png


  • Doe ook nog het volgende:
    • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".

Scannen:
  • Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
  • Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
  • Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
Infecties gevonden:
  • Klik nu eerst op OK om de melding weg te klikken
  • Klik vervolgens rechtsonder op de knop Bekijk resultaten.
  • Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
  • Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.
MBAM-Log:
  • Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.


Stap 4
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
  • een nieuw Hijackthis-log
  • MBAM scanlog
Tevens een Uninstall-lijst posten:
  • start HijackThis,
  • klik op de knop Open the Misc Tools section,
  • klik op de knop Open Uninstall Manager,
  • Klik op de knop Save.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan