Resultaten 1 tot 6 van de 6

Onderwerp: searchnu verwijderen

  1. #1

    searchnu verwijderen

    Korte (duidelijke!) omschrijving van het probleem:
    hoe doe ik dat?

    Malwarebytes' Anti-Malware log:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org


    Databaseversie: v2012.11.13.02


    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    taeke :: TAEKE-PC [administrator]


    13-11-2012 11:49:26
    mbam-log-2012-11-13 (12-01-19).txt


    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 187557
    Verstreken tijd: 10 minuut/minuten, 52 seconde(n)


    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)


    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)


    Registersleutels gedetecteerd: 10
    HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Geen actie ondernomen.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLa -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLa -> Geen actie ondernomen.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLa -> Geen actie ondernomen.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLa -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Geen actie ondernomen.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Geen actie ondernomen.


    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)


    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)


    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)


    Bestanden gedetecteerd: 1
    C:\Users\taeke\AppData\Local\Temp\VidSaver15_20120508.exe (Adware.GamePlayLabs) -> Geen actie ondernomen.


    (einde)



    HijackThis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 13:48:13, on 13-11-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal


    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Users\taeke\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\TeamViewer\Version7\TeamViewer.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\tbuTor.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\tbuTor.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\tbuTor.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [KPNAssistentUpdater] C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Google Update] "C:\Users\taeke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = taeke\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe


    --
    End of file - 5800 bytes

  2. #2
    Hoi,

    1.
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    Download AdwCleaner by Xplode naar het bureaublad.



    • Sluit alle openstaande vensters.
    • Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
    • Voor XP: Gewoon dubbelklikken op AdwCleaner.
    • Klik vervolgens op Verwijderen.
    • Klik bij AdwCleaner – Informatie op OK
    • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK


    Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.
    Nadat de PC opnieuw is opgestart, opent een logfile.
    Post aansluitend de inhoud van dit log in je volgende bericht.

    2.
    Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
    DDS - Bleeping Computer download.
    DDS - Bleeping Computer download.
    DDS - Infospyware.




    DDS is een diagnosetool en maakt gebruik van scripts.

    Schakel je beveiligings software uit voordat je DDS uitvoert!
    (hier of hier) kan je lezen hoe je dat doet.

    Dubbelklik op DDS om de tool te starten.

    Er worden nu automatisch twee log bestanden op het bureablad opgeslagen.
    • DDS.txt
    • Attach.txt (Plaats deze alleen indien hierom wordt gevraagd!)


    Post het DDS in het volgende bericht.

  3. #3

    vervolg searchnu

    Dankjewel zo ver. hierbij de logs.

    # AdwCleaner v2.007 - Logfile created 11/16/2012 at 15:24:19
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : taeke - TAEKE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\taeke\Downloads\AdwCleaner (2).exe
    # Option [Delete]




    ***** [Services] *****




    ***** [Files / Folders] *****


    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\ConduitEngine
    Folder Deleted : C:\Program Files\uTorrentBar_NL
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\taeke\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\taeke\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\taeke\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\taeke\AppData\LocalLow\uTorrentBar_NL


    ***** [Registry] *****


    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar_NL
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{623094A5-012C-4A1A-BD26-8AD72C80A6DA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{623094A5-012C-4A1A-BD26-8AD72C80A6DA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65AE04B3-F905-4081-8711-BB37F4F3D280}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09D3CB7-645C-43ED-9D69-B2B76900E0D1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775FDB-6972-41F9-AE51-8326E38CB206}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{623094A5-012C-4A1A-BD26-8AD72C80A6DA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar
    Key Deleted : HKLM\Software\uTorrentBar_NL
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{87775FDB-6972-41F9-AE51-8326E38CB206}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{87775FDB-6972-41F9-AE51-8326E38CB206}]


    ***** [Internet Browsers] *****


    -\\ Internet Explorer v8.0.7601.17514


    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com


    -\\ Google Chrome v23.0.1271.64


    File : C:\Users\taeke\AppData\Local\Google\Chrome\User Data\Default\Preferences


    Deleted [l.22] : urls_to_restore_on_startup = [ "hxxp://www.google.com/ig", "hxxp://www.searchnu.com/406" ]
    Deleted [l.2117] : urls_to_restore_on_startup = [ "hxxp://www.google.com/ig", "hxxp://www.searchnu.com/406" ]

    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 8.0.7601.17514
    Run by taeke at 15:47:32 on 2012-11-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.894.183 [GMT 1:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Users\taeke\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\taeke\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    uRun: [Google Update] "c:\users\taeke\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [KPNAssistentUpdater] c:\program files\kpn\kpn update\KPNAssistentUpdater.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    StartupFolder: c:\users\taeke\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\taeke\appdata\roaming\dropbox\bin\Dropbox.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 212.54.35.25 212.54.40.25
    TCP: Interfaces\{4D202E9E-2A12-47CA-A229-FB66D85BFD7F} : DHCPNameServer = 212.54.35.25 212.54.40.25
    TCP: Interfaces\{4D202E9E-2A12-47CA-A229-FB66D85BFD7F}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{4D202E9E-2A12-47CA-A229-FB66D85BFD7F}\A5967676F66324432334 : DHCPNameServer = 212.54.35.25 212.54.40.25
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-18 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-4 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-4 20696]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-4 57688]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-4-1 44768]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-11-13 2848168]
    R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2010-9-12 286208]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-23 15872]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-12 1343400]
    SUnknown TsUsbFlt;TsUsbFlt; [x]
    SUnknown tsusbhub;tsusbhub; [x]
    .
    =============== Created Last 30 ================
    .
    2012-11-16 14:48:14 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3cdef473-e3d7-45b8-b4db-9cd1ccbfc693}\offreg.dll
    2012-11-16 14:15:59 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-16 14:15:59 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-16 14:15:59 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-16 14:11:51 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-16 14:11:50 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-16 14:11:30 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-16 14:11:29 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-16 14:11:09 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-16 14:11:06 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-16 14:11:04 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-13 11:52:04 -------- d-----w- c:\program files\TeamViewer
    2012-11-13 11:12:29 388096 ----a-r- c:\users\taeke\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-11-13 11:12:29 -------- d-----w- c:\program files\Trend Micro
    2012-11-13 10:47:24 -------- d-----w- c:\users\taeke\appdata\roaming\Malwarebytes
    2012-11-13 10:46:52 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-13 10:46:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 10:46:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-11-13 10:33:37 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3cdef473-e3d7-45b8-b4db-9cd1ccbfc693}\mpengine.dll
    2012-11-02 07:45:24 -------- d-----r- c:\users\taeke\Dropbox
    2012-10-28 12:19:20 773968 ----a-w- c:\windows\system32\msvcr100.dll
    .
    ==================== Find3M ====================
    .
    2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-24 16:57:48 981504 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 15:20:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11-9-2010 20:59:52
    System Uptime: 16-11-2012 15:33:37 (0 hours ago)
    .
    Motherboard: Packard Bell BV | | EasyNote MZ36
    Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U23 | 797/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 147 GiB total, 24,089 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Aangifte inkomstenbelasting 2010
    Aangifte inkomstenbelasting 2011
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4) - Nederlands
    µTorrent
    Audacity 1.3.12 (Unicode)
    avast! Free Antivirus
    calibre
    Dropbox
    Google Chrome
    HiJackThis
    LAME v3.98.3 for Audacity
    Malwarebytes Anti-Malware versie 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Access MUI (Dutch) 2010
    Microsoft Office Excel MUI (Dutch) 2010
    Microsoft Office Groove MUI (Dutch) 2010
    Microsoft Office InfoPath MUI (Dutch) 2010
    Microsoft Office OneNote MUI (Dutch) 2010
    Microsoft Office Outlook MUI (Dutch) 2010
    Microsoft Office PowerPoint MUI (Dutch) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proofing (Dutch) 2010
    Microsoft Office Publisher MUI (Dutch) 2010
    Microsoft Office Shared MUI (Dutch) 2010
    Microsoft Office Word MUI (Dutch) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    SopCast 3.5.0
    SORAG Huiswerk
    Spotify
    TeamViewer 7
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Usenet.nl
    VLC media player 1.1.10
    Windows Media Player Firefox Plugin
    WinRAR
    .
    ==== End Of File ===========================



    .
    ============= FINISH: 15:49:14,50 ===============





    *************************


    AdwCleaner[S1].txt - [5321 octets] - [16/11/2012 15:24:19]


    ########## EOF - C:\AdwCleaner[S1].txt - [5381 octets] ##########

  4. #4
    Is searchnu al uit je browser verdwenen?

  5. #5
    ja inderdaad!nog eens bedankt!

  6. #6
    Graag gedaan. Dan mag je wederom de gebruikte tools weer verwijderen.

    1.
    Next, Next, Volgende.
    Lees ook dit eens door: http://www.minatica.be/content/2723-Next-Next-Volgende

    2.
    Systeemherstel.
    Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
    Hoe u de herstelpunten verwijderd leest u hier.

    3.
    Installeren van essentiële updates.
    Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
    Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

    4.
    Pas op voor 'Phishing' berichten.
    Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
    Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
    Meer informatie leest u hier

    5.
    Wachtwoorden wijzigen
    De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.
    Meer informatie hierover leest u hier

    6.
    Risico's bij het downloaden
    Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
    Meer informatie hierover leest u hier

    7.
    Preventie informatie & het gebruik van beveiligings software.
    Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.
    Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.

    Dat was alles.

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen
  •