Reactie plaatsen 
 
Waardering:
  • 0 stemmen - gemiddelde waardering is 0
  • 1
  • 2
  • 3
  • 4
  • 5
Search Engine resulta are being redirected.
18-04-2010, 03:19
Bericht: #1
Search Engine resulta are being redirected.
Hi,

When I use search engines such as google or yahoo I am redirected to advertising websites. My anti-virus program is ZoneAlarm. Any help would be much appreciated.

Here is my HiJackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:59 PM, on 17/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0C8DA4-495A-4574-865B-73E063742C83}: NameServer = 208.67.222.222,208.67.220.220
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7284 bytes

Thanks,

Oren
Alle berichten van deze gebruiker zoeken
Reageren op dit bericht
19-04-2010, 20:16
Bericht: #2
RE: Search Engine resulta are being redirected.
Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Microsoft MVP - Consumer Security [Afbeelding: mvp.gif]
Assistant Director of Research @ Malwarebytes [Afbeelding: mbammini.png]
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.

[Afbeelding: MiekiemoesBlog.2.gif]
De website van deze gebruiker bezoeken Alle berichten van deze gebruiker zoeken
Reageren op dit bericht
20-04-2010, 04:54
Bericht: #3
New HijackThis and MBAM Logs.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:01 PM, on 19/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0C8DA4-495A-4574-865B-73E063742C83}: NameServer = 208.67.222.222,208.67.220.220
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7287 bytes
======================================
MBAM
Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Database version: 4010

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19/04/2010 10:42:57 PM
mbam-log-2010-04-19 (22-42-57).txt

Scan type: Quick scan
Objects scanned: 113617
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks,

Oren

(19-04-2010 20:16)miekiemoes schreef:  Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Alle berichten van deze gebruiker zoeken
Reageren op dit bericht
20-04-2010, 07:48
Bericht: #4
RE: Search Engine resulta are being redirected.
Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix...e-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Microsoft MVP - Consumer Security [Afbeelding: mvp.gif]
Assistant Director of Research @ Malwarebytes [Afbeelding: mbammini.png]
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.

[Afbeelding: MiekiemoesBlog.2.gif]
De website van deze gebruiker bezoeken Alle berichten van deze gebruiker zoeken
Reageren op dit bericht
22-04-2010, 01:57
Bericht: #5
RE: Search Engine resulta are being redirected.
Hi

Here is my combofix log:
ComboFix 10-04-21.01 - Debbie 21/04/2010 19:08:09.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.360 [GMT -4:00]
Running from: c:\users\Debbie\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Security Suite Anti-Spyware *enabled* (Updated) {F245A209-1085-48B4-B927-35D56015EC60}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3094377688-3367413740-2491208287-500
c:\users\Debbie\AppData\Roaming\EurekaLog
c:\users\Debbie\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 23:29 . 2010-04-21 23:31 -------- d-----w- c:\users\Debbie\AppData\Local\temp
2010-04-21 23:29 . 2010-04-21 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 02:34 . 2010-04-21 02:35 -------- d-----w- c:\program files\Market Samurai
2010-04-20 18:34 . 2010-04-20 18:34 -------- d-----w- c:\users\Debbie\AppData\Roaming\SUPERAntiSpyware.com
2010-04-20 18:34 . 2010-04-20 18:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-18 00:02 . 2010-04-18 00:02 -------- d-----w- c:\program files\Trend Micro
2010-04-15 13:10 . 2010-04-16 02:27 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-14 11:06 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 11:06 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 11:06 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 11:05 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 11:05 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 11:05 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 11:05 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 10:58 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 10:57 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 12:22 . 2010-04-13 12:22 -------- d-----w- c:\users\Debbie\AppData\Roaming\Malwarebytes
2010-04-13 12:21 . 2010-04-13 12:21 -------- d-----w- c:\programdata\Malwarebytes
2010-04-08 20:04 . 2010-04-08 20:05 -------- d-----w- C:\ClickBank-Camp
2010-04-08 20:04 . 2010-04-08 20:04 -------- d-----w- C:\New Folder
2010-04-08 11:34 . 2009-10-12 22:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-03-31 02:13 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 02:13 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-31 00:54 . 2010-03-31 00:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 02:20 . 2010-03-28 02:21 -------- d-----w- C:\Adsense Articles
2010-03-26 15:08 . 2010-03-26 15:08 -------- d-----w- C:\desktop
2010-03-23 22:56 . 2010-03-24 14:10 -------- d-----w- C:\Auto-Blog

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 22:50 . 2009-03-24 14:12 -------- d-----w- c:\users\Debbie\AppData\Roaming\Skype
2010-04-21 20:46 . 2008-10-17 00:24 60744 ----a-w- c:\users\Debbie\g2mdlhlpx.exe
2010-04-21 17:59 . 2008-08-22 22:28 -------- d-----w- c:\users\Debbie\AppData\Roaming\FileZilla
2010-04-21 03:54 . 2010-04-21 10:55 136192 ----a-w- c:\windows\Internet Logs\xDBC0BF.tmp
2010-04-20 11:41 . 2010-04-20 13:57 204288 ----a-w- c:\windows\Internet Logs\xDB1582.tmp
2010-04-17 02:38 . 2010-04-17 12:10 479232 ----a-w- c:\windows\Internet Logs\xDBBAD6.tmp
2010-04-15 12:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-15 12:03 . 2007-05-09 17:05 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 11:43 . 2008-08-23 09:54 42572201 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-04-13 15:30 . 2009-08-26 03:53 -------- d-----w- c:\programdata\Keyword Elite 2.0
2010-04-09 03:18 . 2010-04-09 10:51 326656 ----a-w- c:\windows\Internet Logs\xDB980A.tmp
2010-04-08 11:34 . 2008-01-04 00:10 421535 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-04-08 11:25 . 2007-05-09 17:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 05:49 . 2010-04-05 12:14 71680 ----a-w- c:\windows\Internet Logs\xDB847B.tmp
2010-04-03 21:27 . 2010-04-04 01:23 143872 ----a-w- c:\windows\Internet Logs\xDB84D8.tmp
2010-04-01 04:04 . 2010-04-01 11:03 413696 ----a-w- c:\windows\Internet Logs\xDBCDB.tmp
2010-03-31 00:56 . 2007-05-09 17:23 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 00:52 . 2007-05-09 17:23 -------- d-----w- c:\program files\Java
2010-03-29 15:08 . 2008-09-25 19:31 -------- d-----w- c:\program files\FileZilla FTP Client
2010-03-26 11:51 . 2010-03-09 23:29 -------- d-----w- c:\program files\S3 Ripper
2010-03-24 23:10 . 2008-01-04 00:12 72584 ----a-w- c:\windows\zllsputility.exe
2010-03-24 23:10 . 2008-09-06 00:04 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-24 23:10 . 2008-09-06 00:05 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-03-24 23:10 . 2008-09-06 00:05 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-03-24 14:36 . 2008-03-22 02:49 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-03-24 02:54 . 2010-03-24 10:54 468992 ----a-w- c:\windows\Internet Logs\xDB869C.tmp
2010-03-11 04:14 . 2010-03-11 11:34 194560 ----a-w- c:\windows\Internet Logs\xDB142B.tmp
2010-03-10 22:21 . 2010-03-10 22:21 -------- d-----w- c:\program files\7-Zip
2010-03-10 04:08 . 2010-03-10 11:43 141824 ----a-w- c:\windows\Internet Logs\xDB83BF.tmp
2010-03-07 04:34 . 2010-03-07 12:34 59392 ----a-w- c:\windows\Internet Logs\xDB80C3.tmp
2010-03-06 04:14 . 2010-03-06 12:38 145408 ----a-w- c:\windows\Internet Logs\xDB8304.tmp
2010-03-03 07:09 . 2010-03-03 11:54 715776 ----a-w- c:\windows\Internet Logs\xDB8094.tmp
2010-03-01 15:52 . 2010-03-01 15:52 -------- d-----w- c:\program files\KeywordBlueprint
2010-02-26 01:10 . 2007-09-24 04:32 114056 ----a-w- c:\users\Debbie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:16 . 2009-10-03 08:19 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-11 11:48 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 11:48 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 11:48 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-20 15:43 . 2010-02-20 19:49 787968 ----a-w- c:\windows\Internet Logs\xDB890D.tmp
2010-02-13 16:59 . 2009-10-27 16:51 38784 ----a-w- c:\users\Debbie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-13 16:59 . 2009-08-26 17:51 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-05 20:53 . 2010-02-05 20:53 6493405 ----a-w- c:\programdata\Keyword Elite 2.0\KE_setup2062.exe
2010-02-02 18:03 . 2010-02-02 19:00 87040 ----a-w- c:\windows\Internet Logs\xDB8F43.tmp
2010-02-01 03:37 . 2010-02-01 12:45 147968 ----a-w- c:\windows\Internet Logs\xDB81CC.tmp
2010-01-28 05:27 . 2010-01-28 12:35 53760 ----a-w- c:\windows\Internet Logs\xDB842C.tmp
2010-01-27 03:25 . 2010-01-27 10:59 200704 ----a-w- c:\windows\Internet Logs\xDB8120.tmp
2010-01-25 12:00 . 2010-02-24 12:36 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 12:36 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 12:36 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 12:36 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 12:36 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 12:36 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 12:36 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 12:36 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 12:36 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 12:37 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 11:50 . 2010-01-22 11:50 192748 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-22 03:16 . 2010-01-22 11:20 83456 ----a-w- c:\windows\Internet Logs\xDB819D.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr​opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr​opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr​opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]

c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=c:\windows\pss\MozyHome Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-01-17 21:46 534648 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2006-09-11 06:21 180224 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-03-22 01:23 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-03-13 03:34 154392 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-08 00:49 55416 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 15:06 413696 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-03-13 03:34 138008 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 00:14 34352 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 05:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 16:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-03-13 03:34 133912 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reminder]
2007-05-16 21:20 407672 ----a-w- c:\program files\TOSHIBA\reminder\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-02-15 09:07 4390912 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-01-19 06:24 448632 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 17:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-09 17:23 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-03-23 04:42 438272 ----a-w- c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-11-11 19:17 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-12-20 07:16 411768 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6d,d1,91,d2,4c,3c,ca,01

R3 SASENUM;SASENUM;c:\users\Debbie\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S1 SASDIFSV;SASDIFSV;c:\users\Debbie\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\Debbie\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{BDFFA7BE-FA1F-4BE1-9652-FF80658753EC}.job
- c:\windows\system32\msfeedssync.exe [2008-07-20 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DD0C8DA4-495A-4574-865B-73E063742C83} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\j7888xl2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - component: c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\j7888xl2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\j7888xl2.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\Debbie\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-NDSTray - NDSTray.exe
AddRemove-MKSAP 14 - f:\mksap 14\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 19:31
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x8E6318C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x891f2d24
\Driver\ACPI -> acpi.sys @ 0x85242d68
\Driver\atapi -> atapi.sys @ 0x8538b9b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001b77
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:080016d4
"Dhcpv6State"=dword:00000000
"Dhcpv6InterfaceOptions"=hex:02,00,00,00,00,00,00,00,0e,00,00,00,00,00,00,00,
ff,ff,ff,7f,00,01,00,01,0e,97,f2,5c,00,1b,77,77,35,bc,00,00,17,00,00,00,00,\
"NameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2010-04-21 19:40:13
ComboFix-quarantined-files.txt 2010-04-21 23:40

Pre-Run: 97,735,991,296 bytes free
Post-Run: 105,349,419,008 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4,185
- - End Of File - - 1DC7B24B622B2AC171CB6C296C177385

Thanks again.
================================================

(20-04-2010 07:48)miekiemoes schreef:  Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix...e-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
Alle berichten van deze gebruiker zoeken
Reageren op dit bericht
22-04-2010, 07:32
Bericht: #6
RE: Search Engine resulta are being redirected.
Hi,

Download GMER's application from here:
http://www.majorgeeks.com/GMER_d5198.html
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.

Microsoft MVP - Consumer Security [Afbeelding: mvp.gif]
Assistant Director of Research @ Malwarebytes [Afbeelding: mbammini.png]
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.

[Afbeelding: MiekiemoesBlog.2.gif]
De website van deze gebruiker bezoeken Alle berichten van deze gebruiker zoeken
Reageren op dit bericht
23-04-2010, 01:45
Bericht: #7
RE: Search Engine resulta are being redirected.
Hi Miekiemoes,

Here is my ROOTKIT Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-22 19:34:31
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Debbie\AppData\Local\Temp\kfryapog.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x85399000]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8904E000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89097000, 0x510, 0x40000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74157817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7415BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7414F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7414E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74188395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7415DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7414FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7414FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7417C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7414D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74146853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7414687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74152AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [853959B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort0 [853959B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [853959B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 [853959B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}@Dhcpv6Iaid 285343828
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Dhcpv6Iaid 151001975
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Dhcpv6Iaid 134223572
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}@Dhcpv6Iaid 285343828
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Dhcpv6Iaid 151001975
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@NameServer
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Domain
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Dhcpv6Iaid 134223572
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@NameServer
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Domain
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Thanks,

Oren

===============================================

(22-04-2010 07:32)miekiemoes schreef:  Hi,

Download GMER's application from here:
http://www.majorgeeks.com/GMER_d5198.html
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
Alle berichten van deze gebruiker zoeken
Reageren op dit bericht
23-04-2010, 08:03
Bericht: #8
RE: Search Engine resulta are being redirected.
Hi,

Please download and run the following removal tool:
http://download.norman.no/public/Norman_...leaner.exe
(This also as a test how it behaves on Vista)

* Double-click on Norman_TDSS_Cleaner.exe to run the tool.
* Read the agreement and click Accept.
* When the program window opens, click Start scan.
* After the scan has finished, a log file named NFix_date_time (i.e. NFix_2010-04-22_00-32-32.log) will be created on your desktop with the results.
* Copy and paste the contents of that file in your next reply.



Note: In some cases you may be prompted to restart the computer to completely remove an infection.

Microsoft MVP - Consumer Security [Afbeelding: mvp.gif]
Assistant Director of Research @ Malwarebytes [Afbeelding: mbammini.png]
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.

[Afbeelding: MiekiemoesBlog.2.gif]
De website van deze gebruiker bezoeken Alle berichten van deze gebruiker zoeken
Reageren op dit bericht
Reactie plaatsen 


Ga naar locatie:


Gebruikers die deze discussie lezen: 1 gast(en)