bureaublad iconen wit vierkant te zien met gekleurde bollet

videofan · 23 juli 2011

Hallo forum.

Sinds kort is er op de plaats waar er een snelkoppeling staat deze bedekt.

Op de plaats waar de foto hoort te zijn een wit vierkant te zien met gekleurde bolletje en vierkantje erin. (een soort enveloppe).

Als ik op eigenschappen zie ik de originele foto.

Klik dan op toepassen staat op het bureaublad weer die witte envelop er over heen.

Zogezegd sinds kort maar ik weet niet welk programma hiervoor verantwoordelijk is geweest.

Iemand een idee voor mij?

De onderste is de originele de bovenste zo staat het op mijn bureaublad.

Dasle · 23 juli 2011

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

2. Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Dit (KLIK) filmpje kan je helpen om een hijackthis logje te plaatsen.

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

videofan · 23 juli 2011

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:19:11, on 23-7-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe

E:\Program Files (x86)\Roboform gegevens\robotaskbaricon.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

E:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\VMware\VMware Player\hqtray.exe

E:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe

C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe

c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\northstar\smartcopy\smartcopy.exe

c:\program files (x86)\northstar\smartlauncher\smartlauncher.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

E:\Program Files (x86)\TC UP v5.2a\TC UP.exe

E:\Program Files (x86)\TC UP v5.2a\totalcmd.exe

C:\Program Files (x86)\Internet Explorer\IEUser.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

H:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wiki kijkert 8.0

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {b80f591e-fe9a-46cf-a13e-180377240586} - (no file)

O1 - Hosts: ::1 localhost

O1 - Hosts: 204.9.178.11 typepad.com

O1 - Hosts: 74.13.12.32 istockphoto.com

O1 - Hosts: 208.914.0.38 yfrog.com

O1 - Hosts: 123.125.5.22 126.com

O1 - Hosts: 174.36.28.11 SlideShare.com

O1 - Hosts: 213.238.60.19 xing.com

O1 - Hosts: 59.16.98.139 seesaa.net

O1 - Hosts: 184.72.23.170 hootsuite.com

O1 - Hosts: 211.151.160.16 soku.com

O1 - Hosts: 72.321.12.222 metacafe.com

O1 - Hosts: 204.11.19.13 tribalfusion.com

O1 - Hosts: 207.154.104.31 tripadvisor.com

O1 - Hosts: 216.52.240.133 ustream.tv

O1 - Hosts: 174.36.244.132 linkwithin.com

O1 - Hosts: 121.67.23.61 scan.novirusthanks.org

O1 - Hosts: 209.172.34.139 imagevenue.com

O1 - Hosts: 91.206.212.220 booking.com

O1 - Hosts: 118.69.21.6 vnexpress.net

O1 - Hosts: 208.85.40.80 pandora.com

O1 - Hosts: 194.16.21.157 softonic.com

O1 - Hosts: 208.83.23.15 match.com

O1 - Hosts: 202.57.69.84 nwt.com

O1 - Hosts: 65.11.53.80 nttnavi.com

O1 - Hosts: 72.51.41.235 nrk.no

O1 - Hosts: 110.16.19.157 nozonedata.com

O1 - Hosts: 76.16.3.21 nachtagenten.com

O1 - Hosts: 195.82.240.124 musicmatch.com

O1 - Hosts: 70.52.56.13 moscowtimes.com

O1 - Hosts: 124.217.235.76 gsn.com

O1 - Hosts: 61.178.63.198 mgd.com

O1 - Hosts: 174.142.214.25 mediastorm.hu

O1 - Hosts: 38.113.207.59 media-servers.com

O1 - Hosts: 116.66.206.161 m5prod.com

O1 - Hosts: 74.175.65.66 lupa.com

O1 - Hosts: 207.20.66.53 liveintercom.com

O1 - Hosts: 71.96.135.201 keenspace.com

O1 - Hosts: 202.51.17.37 jetsoftware.com

O1 - Hosts: 60.21.54.08 jamba.com

O1 - Hosts: 222.161.3.13 ir.com

O1 - Hosts: 200.24.22.70 investopedia.com

O1 - Hosts: 202.149.24.216 choiceradio.com

O1 - Hosts: 91.206.23.22 booking.com

O1 - Hosts: 118.69.251.6 vnexpress.net

O1 - Hosts: 141.76.5.18 chip.com

O1 - Hosts: 128.06.192.15 redv.net

O1 - Hosts: 194.42.170.124 cgi.com

O1 - Hosts: 199.26.24.66 centcomm.com

O1 - Hosts: 202.19.241.26 digitalnook.com

O1 - Hosts: 60.251.19.134 domainfactory.com

O1 - Hosts: 222.161.5.103 dvdfocomm.nu

O1 - Hosts: 157.95.58.15 e-kolay.com

O1 - Hosts: 85.29.213.15 eurosport.com

O1 - Hosts: 189.104.19.61 f1cd.com

O1 - Hosts: 125.162.912.234 free6.com

O1 - Hosts: 80.81.19.20 cdsoftware.com

O1 - Hosts: 85.29.23.115 adware-delete.com

O1 - Hosts: 69.89.221.135 hbv.com

O1 - Hosts: 92.48.210.39 protectorsuite.com

O1 - Hosts: 128.31.3.16 howstuffworks.com

O1 - Hosts: 85.249.23.17 hyena.com

O1 - Hosts: 219.19.18.59 zinfo.com204.9.178.11 typepad.com

O1 - Hosts: 74.13.12.32 istockphoto.com

O1 - Hosts: 208.914.0.38 yfrog.com

O1 - Hosts: 123.125.5.22 126.com

O1 - Hosts: 174.36.28.11 SlideShare.com

O1 - Hosts: 213.238.60.19 xing.com

O1 - Hosts: 59.16.98.139 seesaa.net

O1 - Hosts: 184.72.23.170 hootsuite.com

O1 - Hosts: 211.151.160.16 soku.com

O1 - Hosts: 72.321.12.222 metacafe.com

O1 - Hosts: 204.11.19.13 tribalfusion.com

O1 - Hosts: 207.154.104.31 tripadvisor.com

O1 - Hosts: 216.52.240.133 ustream.tv

O1 - Hosts: 174.36.244.132 linkwithin.com

O1 - Hosts: 121.67.23.61 scan.novirusthanks.org

O1 - Hosts: 209.172.34.139 imagevenue.com

O1 - Hosts: 91.206.212.220 booking.com

O1 - Hosts: 118.69.21.6 vnexpress.net

O1 - Hosts: 208.85.40.80 pandora.com

O1 - Hosts: 194.16.21.157 softonic.com

O1 - Hosts: 208.83.23.15 match.com

O1 - Hosts: 202.57.69.84 nwt.com

O1 - Hosts: 65.11.53.80 nttnavi.com

O1 - Hosts: 72.51.41.235 nrk.no

O1 - Hosts: 110.16.19.157 nozonedata.com

O1 - Hosts: 76.16.3.21 nachtagenten.com

O1 - Hosts: 195.82.240.124 musicmatch.com

O1 - Hosts: 70.52.56.13 moscowtimes.com

O1 - Hosts: 124.217.235.76 gsn.com

O1 - Hosts: 61.178.63.198 mgd.com

O1 - Hosts: 174.142.214.25 mediastorm.hu

O1 - Hosts: 38.113.207.59 media-servers.com

O1 - Hosts: 116.66.206.161 m5prod.com

O1 - Hosts: 74.175.65.66 lupa.com

O1 - Hosts: 207.20.66.53 liveintercom.com

O1 - Hosts: 71.96.135.201 keenspace.com

O1 - Hosts: 202.51.17.37 jetsoftware.com

O1 - Hosts: 60.21.54.08 jamba.com

O1 - Hosts: 222.161.3.13 ir.com

O1 - Hosts: 200.24.22.70 investopedia.com

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll

O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"

O4 - HKLM\..\Run: [RemoteControl] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Ashampoo Core Tuner] "C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe"

O4 - HKLM\..\Run: [HDD Regenerator] "C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe"

O4 - HKCU\..\Run: [RoboForm] "E:\Program Files (x86)\Roboform gegevens\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [HKCU] C:\Users\Wil\AppData\Roaming\install\Svchost.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Yadis] c:\program files (x86)\codessentials\yadis\yadis.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe

O4 - HKCU\..\Run: [sandboxieControl] "i:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "e:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKLM\..\Policies\Explorer\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe

O8 - Extra context menu item: Formulieren opslaan - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

O8 - Extra context menu item: Invul Formulieren - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html

O8 - Extra context menu item: Menu aanpassen - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: RoboForm Werkbalk - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html

O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PDFill\DownloadPDF.exe

O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan) - http://ax.emsisoft.com/emsisoft_webscan.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: WLControl.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ashampoo CoreTuner Helper Service (acthelper) - Ashampoo Development GmbH & Co. KG - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - i:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe

O23 - Service: TomTomHOMEService - TomTom - e:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 21895 bytes

kape · 23 juli 2011

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {b80f591e-fe9a-46cf-a13e-180377240586} - (no file)

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe

O4 - HKCU\..\Run: [HKCU] C:\Users\Wil\AppData\Roaming\install\Svchost.exe

O4 - HKCU\..\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe

O4 - HKLM\..\Policies\Explorer\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/1477...ex-2.2.5.7.cab

O20 - AppInit_DLLs: WLControl.dll

Klik op 'Fix checked' om de items te verwijderen.

Download MVPS Hosts.

Unzip het programma naar een door u bepaalde locatie.

Windows XP

Klik op mvps.bat en kies voor “uitvoeren” om mvps.bat op te starten (*).

Druk op toets om door te gaan.

Van het bestaande bestand HOSTS op de standaardlocatie C:\windows\system32\drivers\etc wordt een backup gemaakt met de naam HOSTS.MVP

Dan wordt het bestand vervangen door de actuele MVPS Hosts-versie.

(*) Windows Vista en Windows 7 gebruikers moeten rechtsklikken op mvps.bat en kiezen voor ”uitvoeren als administrator” om mvps.bat op te starten.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

videofan · 23 juli 2011