Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Hi All,

2 problemen eigenlijk

1. De mappen op mijn externe hardeschijf zijn opeens snelkoppelingen geworden

2. Ik heb Malware Byte geinstaleerd maar hij blijft elke keer een nieuw setup scherm geven alsof ik het nog niet geinstaleerd heb. Wie o wie kan helpen

hier onder hjackthis logje

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:55:01, on 18-10-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

C:\Windows\System32\SvcHost.exe

C:\Windows\System32\SvcHost.exe

C:\Windows\System32\SvcHost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

c:\Program Files\Microsoft Silverlight\4.0.60831.0\agcp.exe

c:\Program Files\Microsoft Silverlight\4.0.60831.0\agcp.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-ESTCJ.exe" /REG /REGSVRMODE

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: BgGamingMonitor.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--

End of file - 10562 bytes

  • Reacties 23
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop WPFFontCache_v0400

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete WPFFontCache_v0400

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)

O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-ESTCJ.exe" /REG /REGSVRMODE

Klik op 'Fix checked' om de items te verwijderen.

Verwijder dezee map (indien nog aanwezig) : C:\Program Files\Ask.com

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Geplaatst:

Beide problemen blijven helaas bestaan

tevens 2 regels in hjackthis zijn niet verwijderd. Graag een nieuwe oplossing als jullie die weten.

zie hier me 2 nieuwe logjes:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:27:00, on 19-10-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

C:\Windows\System32\SvcHost.exe

C:\Windows\System32\SvcHost.exe

C:\Windows\System32\SvcHost.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe

C:\Program Files\NewsLeecher\newsLeecher.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: BgGamingMonitor.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--

End of file - 9706 bytes

Malware Log:

Malwarebytes' Anti-Malware 1.51.2.1300

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 7976

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

19-10-2011 14:35:08

mbam-log-2011-10-19 (14-35-08).txt

Scantype: Snelle scan

Objecten gescand: 198711

Verstreken tijd: 9 minuut/minuten, 31 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geplaatst:

Die 2 lijntjes zijn "schoonheidsfoutjes", die mogen blijven staan indien ze in je nieuwe log terugkeren.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Geplaatst: (aangepast)

Bij deze mijn logje van combofix. Helaas na opnieuw opstarten is wederom de setup van malware terug gekomen en de snelkoppelingen zijn ook nog niet weg. (kan het misschien liggen aan het feit dat deze snelkoppelingen staan op een externe harde schijf? Staat het virus misschien op de externe schijf?)

ComboFix 11-10-19.03 - Gebruiker 19-10-2011 15:15:54.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3327.1677 [GMT 2:00]

Gestart vanuit: c:\users\Gebruiker\Desktop\Combofix.exe

AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}

FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}

SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard

c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard\SetupWizard.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard\Verwijder SetupWizard.lnk

c:\users\Gebruiker\AppData\Roaming\6330.exe

c:\windows\jestertb.dll

F:\Autorun.inf

G:\Autorun.inf

G:\setup.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-19 to 2011-10-19 ))))))))))))))))))))))))))))))

.

.

2011-10-19 13:30 . 2011-10-19 13:31 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp

2011-10-19 13:30 . 2011-10-19 13:30 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2011-10-19 13:30 . 2011-10-19 13:30 -------- d-----w- c:\users\Mcx1(451)\AppData\Local\temp

2011-10-19 13:30 . 2011-10-19 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-18 16:51 . 2011-10-18 16:51 709968 ----a-w- c:\windows\is-ESTCJ.exe

2011-10-17 17:41 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-13 21:03 . 2011-09-29 07:28 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-10-13 20:46 . 2011-10-13 20:47 -------- d-----w- C:\0bd6b3d17fc0f523874d226a

2011-10-13 20:32 . 2011-10-13 20:32 -------- d-----w- c:\program files\iPod

2011-10-13 20:24 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 20:24 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 20:24 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 20:24 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 20:20 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-09-23 15:57 . 2011-10-13 20:00 -------- d-----w- c:\program files\QuickTime

2011-09-23 15:53 . 2011-10-13 20:00 -------- d-----w- c:\program files\Apple Software Update

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 13:14 . 2011-10-19 13:14 23220224 ----a-w- c:\users\Gebruiker\AppData\Roaming\Jplmlv.exe

2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-21 20:05 . 2011-08-21 20:05 155992 ----a-w- c:\windows\system32\BGLsp.dll

2011-08-20 23:46 . 2011-08-20 18:02 53248 ----a-w- c:\windows\system32\ssosskin.dll

2011-08-02 18:48 . 2011-08-28 17:08 2469248 ----a-w- c:\windows\system32\BootMan.exe

2011-07-29 11:54 . 2011-08-28 17:08 86408 ----a-w- c:\windows\system32\setupempdrv03.exe

2011-07-29 11:54 . 2011-08-28 17:08 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys

2011-07-29 11:54 . 2011-08-28 17:08 14216 ----a-w- c:\windows\system32\epmntdrv.sys

2011-07-29 11:54 . 2011-08-28 17:08 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll

2009-09-12 22:05 . 2009-09-12 22:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-12 22:06 . 2009-09-12 22:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-12 22:06 . 2009-09-12 22:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-12 22:06 . 2009-09-12 22:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-12 22:06 . 2009-09-12 22:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-12 22:07 . 2009-09-12 22:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-12 22:06 . 2009-09-12 22:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-12 22:06 . 2009-09-12 22:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 12:33 . 2009-08-14 12:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-12 22:06 . 2009-09-12 22:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-09-29 07:28 . 2011-10-13 21:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2011-07-07 1620824]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 13:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-07-09 15:37 13939816 ----a-w- c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-07-09 15:37 110696 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-02 06:36 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-26 717296]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2011-05-20 125784]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1343400]

S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-10-12 34920]

S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2011-04-10 61152]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-26 218176]

S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2011-05-02 215624]

S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2011-05-02 20040]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2011-09-17 338264]

S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]

S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]

S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]

S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]

S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]

S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2011-05-20 320344]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]

S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2010-10-12 328296]

S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2011-10-13 288600]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]

S3 netr73;Stuurprogramma voor 802.11 b/g draadloze USB-adapter voor Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire

BullGuard_LowPriv REG_MULTI_SZ BsBrowser

BullGuard_Main REG_MULTI_SZ BsMain

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\BGLsp.dll

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\m5bbc1us.default\

FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{C0D70ED8-D984-40C3-9666-8939CE76EA13} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

AddRemove-D-Link CIF Webcam - c:\windows\CleanDev.exe

AddRemove-Libox - c:\program files\Libox\1.4.0.8\uninst.exe

.

.

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Jplmlv"="c:\\Users\\Gebruiker\\AppData\\Roaming\\Jplmlv.exe"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(704)

c:\windows\system32\BgGamingMonitor.dll

.

- - - - - - - > 'lsass.exe'(628)

c:\windows\system32\BgGamingMonitor.dll

.

Voltooingstijd: 2011-10-19 15:34:37

ComboFix-quarantined-files.txt 2011-10-19 13:34

.

Pre-Run: 321.237.753.856 bytes beschikbaar

Post-Run: 321.860.722.688 bytes beschikbaar

.

- - End Of File - - 8D29E7160F3DAB44ADD2366D5FE6CEE8

aangepast door osj
Geplaatst:

Laten we er eens een online-scanner op los (met externe schijf aangesloten uiteraard) :

Ga naar de site van de .

  • Klik op de knop ESET Online Scanner
  • Zet een vinkje bij YES, I accept the Terms of Use
  • Klik op Start
  • Sta het ActiveX control toe om te installeren.
  • Klik op "Advanced settings"
  • Zet een vinkje bij de volgende opties:
    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Klik op Start

    [*]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.

    [*]Je mag het venster sluiten wanneer de scan klaar is.

    [*]Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\Program Files\EsetOnlineScanner\log.txt

    [*]Kopieer en plak de inhoud van dit logje in je volgende bericht.

Geplaatst: (aangepast)

Erg vreemd maar ik kan de hele site niet openen. Alsof de site offline ie gehaald ofzo. Is er een andere manier om deze online scan te doen?

Ben ondertussen ff verder gaan zoeken op google en vind dat het het Recycler virus is. Kent iemand die?

als ik naar de snelkoppelingen krijg heb ik dit soort koppelingen:

%windir%\system32\cmd.exe /c "start %cd%RECYCLER\e621ca05.exe &&%windir%\explorer.exe %cd%

ik hoop dat iemand de oplossing weet

aangepast door osj
Geplaatst: (aangepast)

Download Flash_Disinfector naar je bureaublad.

Indien je tijdens de aanwezigheid van deze infectie USB-apparaten hebt gebruikt, sluit deze dan aan op je pc, zodat de tool deze ook kan desïnfecteren.

Dubbelklik vervolgens op Flash_Disinfector.exe om de tool te starten.

Je bureaublad en icoontjes zullen even verdwijnen. Dit is normaal.

Nadat de tool zijn werk heeft uitgevoerd, herstart je computer.

aangepast door kape
link gewijzigd
Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.