Ga naar inhoud

trojaans paard agent 2

laurens123
 Delen

Aanbevolen berichten

kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Doe het volgende. Het downloaden mag je overslaan aangezien je dat al gedaan hebt en wacht dan op verdere instructies.

Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Dubbelklik op HijackThis.msi

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

HijackThis zal openen na het installeren.

Klik op "Do a systemscan and save a logfile".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “uitvoeren als administrator". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis.

Link naar reactie
Delen op andere sites
laurens123 Nieuweling

laurens123

Geplaatst:
  • Auteur
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:52:24, on 26/08/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\ico.exe

C:\Windows\System32\nvraidservice.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sagem Photo Easy\AzAgent.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\luc en sabien\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conime.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\Pmxmiced.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gepersonaliseerde startpagina

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: Nova-DU Toolbar - {782360ec-f998-485e-b688-0339e1e396fc} - C:\Program Files\Nova-DU\tbNova.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {03BA5A07-4317-4DBC-8AC9-B290817B2124} - C:\ProgramData\d3dx9_2632.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Nova-DU Toolbar - {782360ec-f998-485e-b688-0339e1e396fc} - C:\Program Files\Nova-DU\tbNova.dll

O2 - BHO: Mirar - {8B9FD26F-1136-46A0-A33A-5A3A08D1374C} - C:\Windows\system32\winaf78.dll (file missing)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: IEComLS Class - {BFE90A83-BE7F-465F-BF14-FEBB82B76369} - C:\Program Files\Easy Computing\Multi Talen Woordenboek Pro 3\TTLSComIE.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Mirar - {8B9FD26E-1136-46A0-A33A-5A3A08D1374C} - C:\Windows\system32\winaf78.dll (file missing)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Nova-DU Toolbar - {782360ec-f998-485e-b688-0339e1e396fc} - C:\Program Files\Nova-DU\tbNova.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Captcha5] rundll "C:\Program Files\captcha5.dll",captcha

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Sagem Photo Easy\AzAgent.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\luc en sabien\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"Street Skate 2 - Spele.nl - De leukste spelletjes site van Nederland!"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1756559709-630398735-3469334339-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Home')

O4 - HKUS\S-1-5-21-1756559709-630398735-3469334339-1000\..\Run: [bitTorrent DNA] "C:\Users\luc en sabien\Program Files\DNA\btdna.exe" (User 'Home')

O4 - HKUS\S-1-5-21-1756559709-630398735-3469334339-1000\..\Run: [RTHDBPL] C:\Users\Home\AppData\Roaming\SystemProc\lsass.exe (User 'Home')

O4 - HKUS\S-1-5-21-1756559709-630398735-3469334339-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Home')

O4 - HKUS\S-1-5-21-1756559709-630398735-3469334339-1000\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Home')

O4 - HKUS\S-1-5-21-1756559709-630398735-3469334339-1001\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile (User 'Jill')

O4 - S-1-5-21-1756559709-630398735-3469334339-1000 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Home')

O4 - S-1-5-21-1756559709-630398735-3469334339-1000 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Home')

O4 - S-1-5-21-1756559709-630398735-3469334339-1000 User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Home')

O4 - S-1-5-21-1756559709-630398735-3469334339-1000 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Home')

O4 - S-1-5-21-1756559709-630398735-3469334339-1001 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Jill')

O4 - S-1-5-21-1756559709-630398735-3469334339-1001 User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Jill')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\S

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\jswpsapi.exe

O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 18186 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop NFAgent

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete NFAgent

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Nova-DU Toolbar - {782360ec-f998-485e-b688-0339e1e396fc} - C:\Program Files\Nova-DU\tbNova.dll

O2 - BHO: (no name) - {03BA5A07-4317-4DBC-8AC9-B290817B2124} - C:\ProgramData\d3dx9_2632.dll (file missing)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Nova-DU Toolbar - {782360ec-f998-485e-b688-0339e1e396fc} - C:\Program Files\Nova-DU\tbNova.dll

O2 - BHO: Mirar - {8B9FD26F-1136-46A0-A33A-5A3A08D1374C} - C:\Windows\system32\winaf78.dll (file missing)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Mirar - {8B9FD26E-1136-46A0-A33A-5A3A08D1374C} - C:\Windows\system32\winaf78.dll (file missing)

O3 - Toolbar: Nova-DU Toolbar - {782360ec-f998-485e-b688-0339e1e396fc} - C:\Program Files\Nova-DU\tbNova.dll

O4 - HKLM\..\Run: [Captcha5] rundll "C:\Program Files\captcha5.dll",captcha

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"Street Skate 2 - Spele.nl - De leukste spelletjes site van Nederland!"

O4 - Global Startup: BTTray.lnk = ?

O20 - AppInit_DLLs: C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTE M32\DDRAW32.DLL,C:\W INDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\ DDRAW32.DLL,C:\WINDO WS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRA W32.DLL,C:\WINDOWS\S YSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32. DLL,C:\WINDOWS\SYSTE M32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL, C:\WINDOWS\SYSTEM32\ DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\W INDOWS\SYSTEM32\DDRA W32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDO WS\SYSTEM32\DDRAW32. DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\S YSTEM32\DDRAW32.DLL, C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTE M32\DDRAW32.DLL,C:\W INDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\DDRAW32.DLL,C:\WINDOWS\SYSTEM32\ DDRAW32.DLL,C:\WINDO WS\S

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende programma AskBarDis via Software (indien aanwezig) of verwijder anders volgende vetgedrukte map C:\Program Files\AskBarDis

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6 Update 21.

  • Scroll omlaag naar : "Java Platform Standard Edition".
  • Klik op de "Download JRE" knop aan de rechterkant.
  • In het uitklapmenu rechts naast Platform, selecteer Windows
  • Vink aan: "I agree to the Java SE Runtime Environment 6u21 with JavaFX License Agreement", en klik op Continue.
  • De pagina zal herladen.
  • Klik op de jre-6u21-windows-i586.exe link ONDER Available Files en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  • Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u21-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
laurens123 Nieuweling

laurens123

Geplaatst:
  • Auteur
Geplaatst:

hier de hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:40:57, on 26/08/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\ico.exe

C:\Windows\System32\nvraidservice.exe

C:\Windows\system32\conime.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sagem Photo Easy\AzAgent.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\luc en sabien\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\System32\Pmxmiced.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gepersonaliseerde startpagina

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: IEComLS Class - {BFE90A83-BE7F-465F-BF14-FEBB82B76369} - C:\Program Files\Easy Computing\Multi Talen Woordenboek Pro 3\TTLSComIE.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Sagem Photo Easy\AzAgent.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\luc en sabien\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe

O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\jswpsapi.exe

O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 13698 bytes

en de malware scan:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4483

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18928

26/08/2010 16:20:59

mbam-log-2010-08-26 (16-20-59).txt

Scantype: Snelle scan

Objecten gescand: 167246

Verstreken tijd: 12 minuut/minuten, 56 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 15

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 6

Bestanden geïnfecteerd: 121

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NFR.sys (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PDRV (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nfr.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ppdrv (Worm.KoobFace) -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

C:\Users\luc en sabien\AppData\Roaming\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.

C:\Users\luc en sabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\ProgramData\bidispl32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\browseui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\cdosys32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\CertEnroll32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\clusapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\credui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\cryptdlg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\C_ISCII32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\d3d10_132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\D3DCompiler_3432.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\D3DCompiler_4132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\d3dim32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\d3dx10_3332.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\d3dx9_3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\D3DX9_4232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\dbnetlib32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\DDEML32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\ddrawex32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\dmscript32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\dnsapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\dpnet32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\dsauth32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\dskquoui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\dxtmsft32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\ProgramData\fdco132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Program Files\captcha5.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\173A.tmp (Trojan.Alureon) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\1780.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\18BB.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\1ED5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\21A3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\224E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\23F6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\6BE3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\E504.tmp (Rogue.ControlCenter) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\E81E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\zpskon_1276698885.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\CBF5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\EADB.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\D181.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\DE9B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\711C.tmp (Trojan.Alureon) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\7179.tmp (Rogue.ControlCenter) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\73CA.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\77AE.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\7AFD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\7B4B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\7D5C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\80B6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\85F8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\8D79.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\8DCE.tmp (Rogue.ControlCenter) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\934.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\9DA6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\9ED3.tmp (Rogue.ControlCenter) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\9FC7.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\A0E.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\A9AC.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\AF84.tmp (Rogue.ControlCenter) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\F21C.tmp (Rogue.ControlCenter) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\F95C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\FC47.tmp (Rogue.ControlCenter) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\FE2C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\32A8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\371D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\43F6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\456A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\4BEE.tmp (Rogue.ControlCenter) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\5198.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\5523.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\5824.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\5AFD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\5E36.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\6057.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\62D9.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\64DC.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\6805.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Local\Temp\38EC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Local\Temp\E33C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Local\Temp\F372.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Local\Temp\FCFE.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Local\Temp\zpskon_1276695964.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Local\Temp\A101.tmp (Trojan.Alureon) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Local\Temp\AB8E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Home\downloads\setup.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\luc en sabien\AppData\Roaming\DealAssistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Jill\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.

C:\Users\luc en sabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.

C:\Users\Home\AppData\Local\Temp\zpskon_1276711890.exe (Worm.Koobface) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\05154484910053.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\0535049569854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\0535748485197.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\097101524998102.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\0995154505553.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\05154484910053.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\0535049569854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\0995154505553.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\0995651495449.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\luc en sabien\Local Settings\Application Data\0535049569854.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\luc en sabien\Local Settings\Application Data\097101524998102.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\luc en sabien\Local Settings\Application Data\0995154505553.xxe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\rdr_1276692031.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\rdr_1276692448.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\rdr_1276774519.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\rdr_1276774928.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\rdr_1276860793.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Home\Local Settings\Application Data\rdr_1276861170.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\rdr_1276689614.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\rdr_1276690046.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\rdr_1276774297.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\rdr_1277120666.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\rdr_1277120998.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\rdr_1277124490.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Users\Jill\Local Settings\Application Data\rdr_1277124810.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Windows\lgo (Koobface.Trace) -> Quarantined and deleted successfully.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Oeps ... Malwarebytes heeft een behoorlijke berg rotzooi van de PC gehaald. Nog even dit :

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop NFAgent

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete NFAgent

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070

Klik op 'Fix checked' om de items te verwijderen.

Hang een nieuw logje van HijackThis in je volgende bericht.

Laat dan AVG opnieuw scannen. Benieuwd wat die nog te vertellen heeft ?

Link naar reactie
Delen op andere sites
laurens123 Nieuweling

laurens123

Geplaatst:
  • Auteur
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:32:21, on 27/08/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\ico.exe

C:\Windows\System32\nvraidservice.exe

C:\Windows\System32\Pmxmiced.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sagem Photo Easy\AzAgent.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\system32\conime.exe

C:\Users\luc en sabien\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gepersonaliseerde startpagina

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: IEComLS Class - {BFE90A83-BE7F-465F-BF14-FEBB82B76369} - C:\Program Files\Easy Computing\Multi Talen Woordenboek Pro 3\TTLSComIE.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Sagem Photo Easy\AzAgent.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\luc en sabien\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe

O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\wirelesscm.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\jswpsapi.exe

O23 - Service: NFAgent - Unknown owner - C:\Program Files\system\smss.exe (file missing)

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 13451 bytes

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.