Het is nu do jun 20, 2013 2:40 am

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles

Alle tijden zijn GMT + 1 uur [ Zomertijd ]



Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  Pagina 1 van 1
  [ 8 berichten ] 
  Afdrukweergave Vorig onderwerp | Volgend onderwerp 
Auteur Bericht
fuel888
 Berichttitel: FunMoods verwijdering
BerichtGeplaatst: vr jul 13, 2012 2:44 pm 
Offline
Lid

Geregistreerd: vr jul 13, 2012 2:40 pm
Berichten: 4
Besturingssysteem: windows 7
Bescherming: MSE
Hallo,

Na het stappenplan gevolgd te hebben, heb ik onderstaande logfile.
Alvast hartelijk bedankt voor de moeite om mij te helpen 8)

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.06

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Molari :: MOLARI-HTPC [administrator]

Protection: Enabled

13-7-2012 13:57:56
mbam-log-2012-07-13 (13-57-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204947
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Molari\Downloads\Media_Player_Classic_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Molari\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
C:\Program Files\libFLAC.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\mpciconlib.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

(end)
Omhoog
 Profiel  
 
kape
BerichtGeplaatst: za jul 14, 2012 6:09 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: za jul 14, 2007 10:22 am
Berichten: 10467
Woonplaats: Kapellen (B)
Download HijackThis

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".
Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten
Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".
Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.
Omhoog
 Profiel  
 
fuel888
BerichtGeplaatst: za jul 14, 2012 6:38 pm 
Offline
Lid

Geregistreerd: vr jul 13, 2012 2:40 pm
Berichten: 4
Besturingssysteem: windows 7
Bescherming: MSE
Dank je wel voor je hulp.

Hieronder volgt de logfile van HijackThis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:35:22, on 14-7-2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEPrev.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files\YouTube Downloader\ytd.exe
C:\Windows\explorer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Molari\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} - mscoree.dll (file missing)
O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 6599 bytes
Omhoog
 Profiel  
 
kape
BerichtGeplaatst: zo jul 15, 2012 7:32 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: za jul 14, 2007 10:22 am
Berichten: 10467
Woonplaats: Kapellen (B)
Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll
O2 - BHO: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} - mscoree.dll (file missing)
O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download AdwCleaner by Xplode naar je Bureaublad.
• Sluit alle openstaande vensters
• Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
• Klik vervolgens op Delete
• Klik bij AdwCleaner – Information op OK
• Klik bij AdwCleaner – Restart Required op OK
Alle icoontjes verdwijnen van het Bureaublad, Dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt ) post de inhoud hier in een volgende bericht, samen met een nieuw log van HijackThis.
Omhoog
 Profiel  
 
fuel888
BerichtGeplaatst: zo jul 15, 2012 10:35 pm 
Offline
Lid

Geregistreerd: vr jul 13, 2012 2:40 pm
Berichten: 4
Besturingssysteem: windows 7
Bescherming: MSE
AdwCleaner Logfile:

# AdwCleaner v1.702 - Logfile created 07/15/2012 at 22:20:29
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Molari - MOLARI-HTPC
# Running from : C:\Users\Molari\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Molari\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Molari\AppData\Roaming\Mozilla\Firefox\Profiles\0vi12iwq.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\Program Files\Common Files\spigot
File Deleted : C:\Users\Molari\AppData\Local\funmoods.crx
File Deleted : C:\Users\Molari\AppData\Local\funmoods-speeddial.crx

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10007 --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (nl)

Profile name : default
File : C:\Users\Molari\AppData\Roaming\Mozilla\Firefox\Profiles\0vi12iwq.default\prefs.js

C:\Users\Molari\AppData\Roaming\Mozilla\Firefox\Profiles\0vi12iwq.default\user.js ... Deleted !

Deleted : user_pref("extensions.browserprotect.searchProviderExceptions", "hxxp://en.wikipedia.org/wiki/Specia[...]
Deleted : user_pref("extensions.enabledAddons", "browserprotect@browserprotect.com:1.1.3,{c0c9a2c7-2e5c-4447-b[...]
Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "NL");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "A1C34251A28DB07279B4752F62B53F86");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.id", "6CFDB925727DCA90");
Deleted : user_pref("extensions.funmoods.instlDay", "15522");
Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.221:9:53");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.221:9:53");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.221:9:53");
Deleted : user_pref("extensions.hxxps_everywhere.Blekko", true);
Deleted : user_pref("extensions.hxxps_everywhere.FeedMyInbox", true);
Deleted : user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"35\": {\"id\": \"35\"[...]
Deleted : user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:[...]

*************************

AdwCleaner[S1].txt - [7726 octets] - [15/07/2012 22:20:29]

########## EOF - C:\AdwCleaner[S1].txt - [7854 octets] ##########


HiJackThis Logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:34:51, on 15-7-2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Molari\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 5192 bytes
Omhoog
 Profiel  
 
kape
BerichtGeplaatst: zo jul 15, 2012 10:45 pm 
Offline
Helper
Avatar gebruiker

Geregistreerd: za jul 14, 2007 10:22 am
Berichten: 10467
Woonplaats: Kapellen (B)
En nu nog ergens merkbare sporen van Funmoods :?:
Omhoog
 Profiel  
 
fuel888
BerichtGeplaatst: zo jul 15, 2012 11:17 pm 
Offline
Lid

Geregistreerd: vr jul 13, 2012 2:40 pm
Berichten: 4
Besturingssysteem: windows 7
Bescherming: MSE
kape schreef:
En nu nog ergens merkbare sporen van Funmoods :?:


Nee, Funmoods blijkt gelukkig geheel verdwenen. :D

Hartelijk dank voor uw hulp :!:
Omhoog
 Profiel  
 
kape
BerichtGeplaatst: ma jul 16, 2012 12:02 am 
Offline
Helper
Avatar gebruiker

Geregistreerd: za jul 14, 2007 10:22 am
Berichten: 10467
Woonplaats: Kapellen (B)
Nog even wat restjes opruimen dan.

Download CCleaner.
Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7
• via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
• Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
• Klik op "Toepassen" en "OK".
• Herstart nu de PC.

That's it !
Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  Pagina 1 van 1
  [ 8 berichten ] 

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles

Alle tijden zijn GMT + 1 uur [ Zomertijd ]

Wie is er online

Gebruikers op dit forum: Google [Bot] en 3 gasten

Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling