antivirus.startpagina.nl

security shield

  • Anonymous avatar

    Bernhard

    Sinds vandaag krijgen wij continu de melding van security shield dat de computer groot gevaar loopt. Er zijn hierover al enkele vragen gesteld, maar daarmee kom ik er niet uit. kan iemand mij hierbij helpen.

    Ik heb het Stappenplan voor het verwijderen van virussen en malware gevolgd en het programma MBam en HijackThis gedownload, echter iedere keer als ik 1 van de programma's open, dan springt security shield er tussen en verhinderd het programma te openen.

    Heeft iemand een advies hoe dit te omzeilen.

  • Anonymous avatar

    Jos H

    Volg de volgende link.

    http://antimalwarehelp.blogspot.com/2010/08/voer-exact-de-procedure-uit-zoals.html

  • Anonymous avatar

    vuurvliegje

    Probeer eens in veilige modus met netwerkondersteuning.

    Vuurvliegje.

  • Anonymous avatar

    Bernhard

    Na het volgen van de link heb ik instructies overgeschreven, printen ging ook al niet meer!

    Opgestart in veilige modus en RKill uitgevoerd, helaas na de scan liep de computer vast en opnieuw opstarten.

    Vervolgens in veilige modus MBam uitgevoerd, er werden diverse bestande gedetecteerd, zie log.

    Daarna TDSSkiller uitgevoerd en 1 gedetecteerd bestand verwijderd, zie log.

    Na opnieuw opstarten werkt de computer weer !

    Bedankt !

    Logbestand MBam

    Malwarebytes' Anti-Malware 1.50.1.1100

    www.malwarebytes.org

    Databaseversie: 5679

    Windows 5.1.2600 Service Pack 3 (Safe Mode)

    Internet Explorer 8.0.6001.18702

    5-2-2011 7:12:29

    mbam-log-2011-02-05 (07-12-29).txt

    Scantype: Volledige scan (C:\|)

    Objecten gescand: 358250

    Verstreken tijd: 1 uur/uren, 5 minuut/minuten, 38 seconde(n)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 4

    Registerwaarden geïnfecteerd: 1

    Registerdata geïnfecteerd: 0

    Mappen geïnfecteerd: 0

    Bestanden geïnfecteerd: 17

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:

    HKEY_CLASSES_ROOT\CLSID\{01E69986-A054-4C52-ABE8-EF63DF1C5211} (Adware.Softomate) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{C7F09647-C6D3-4a92-B358-7AFE2BED7C87} (Adware.Softomate) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\XBTB06823.XBTB06823.1 (Adware.Softomate) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\XBTB06823.XBTB06823 (Adware.Softomate) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmartIndex (Trojan.Agent.Gen) -> Value: SmartIndex -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Logbestand TDSSkiller

    2011/02/05 07:28:49.0484 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

    2011/02/05 07:28:49.0484 ================================================================================

    2011/02/05 07:28:49.0484 SystemInfo:

    2011/02/05 07:28:49.0484

    2011/02/05 07:28:49.0484 OS Version: 5.1.2600 ServicePack: 3.0

    2011/02/05 07:28:49.0484 Product type: Workstation

    2011/02/05 07:28:49.0484 ComputerName: GEBRUIKE-1AF6AD

    2011/02/05 07:28:49.0484 UserName: Administrator

    2011/02/05 07:28:49.0484 Windows directory: C:\WINDOWS

    2011/02/05 07:28:49.0484 System windows directory: C:\WINDOWS

    2011/02/05 07:28:49.0484 Processor architecture: Intel x86

    2011/02/05 07:28:49.0484 Number of processors: 2

    2011/02/05 07:28:49.0484 Page size: 0x1000

    2011/02/05 07:28:49.0484 Boot type: Safe boot with network

    2011/02/05 07:28:49.0484 ================================================================================

    2011/02/05 07:28:49.0890 Initialize success

    2011/02/05 07:28:55.0562 ================================================================================

    2011/02/05 07:28:55.0562 Scan started

    2011/02/05 07:28:55.0562 Mode: Manual;

    2011/02/05 07:28:55.0562 ================================================================================

    2011/02/05 07:28:57.0109 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

    2011/02/05 07:28:57.0171 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

    2011/02/05 07:28:57.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

    2011/02/05 07:28:57.0375 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

    2011/02/05 07:28:57.0703 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

    2011/02/05 07:28:57.0937 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

    2011/02/05 07:28:57.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

    2011/02/05 07:28:58.0156 ati2mtag (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

    2011/02/05 07:28:58.0281 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

    2011/02/05 07:28:58.0343 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

    2011/02/05 07:28:58.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

    2011/02/05 07:28:58.0515 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

    2011/02/05 07:28:58.0562 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

    2011/02/05 07:28:58.0671 BTHPORT (29ff6a865782d0f5b8e7fa1ffab4182b) C:\WINDOWS\system32\Drivers\BTHport.sys

    2011/02/05 07:28:58.0843 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

    2011/02/05 07:28:58.0890 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

    2011/02/05 07:28:59.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

    2011/02/05 07:28:59.0140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

    2011/02/05 07:28:59.0171 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

    2011/02/05 07:28:59.0546 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

    2011/02/05 07:28:59.0656 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

    2011/02/05 07:28:59.0718 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

    2011/02/05 07:28:59.0765 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

    2011/02/05 07:28:59.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

    2011/02/05 07:28:59.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

    2011/02/05 07:29:00.0109 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

    2011/02/05 07:29:00.0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

    2011/02/05 07:29:00.0218 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

    2011/02/05 07:29:00.0250 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

    2011/02/05 07:29:00.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

    2011/02/05 07:29:00.0437 FNETURPX (784ffba7ee5c5f3a396407e4712f72f0) C:\WINDOWS\system32\drivers\FNETURPX.SYS

    2011/02/05 07:29:00.0562 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

    2011/02/05 07:29:00.0609 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

    2011/02/05 07:29:00.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

    2011/02/05 07:29:00.0750 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

    2011/02/05 07:29:00.0937 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

    2011/02/05 07:29:01.0015 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

    2011/02/05 07:29:01.0093 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

    2011/02/05 07:29:01.0171 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

    2011/02/05 07:29:01.0296 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

    2011/02/05 07:29:01.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

    2011/02/05 07:29:01.0718 IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys

    2011/02/05 07:29:01.0984 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

    2011/02/05 07:29:02.0046 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

    2011/02/05 07:29:02.0093 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

    2011/02/05 07:29:02.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

    2011/02/05 07:29:02.0265 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

    2011/02/05 07:29:02.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

    2011/02/05 07:29:02.0343 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

    2011/02/05 07:29:02.0406 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

    2011/02/05 07:29:02.0468 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

    2011/02/05 07:29:02.0515 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

    2011/02/05 07:29:02.0562 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

    2011/02/05 07:29:02.0828 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

    2011/02/05 07:29:02.0890 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

    2011/02/05 07:29:03.0125 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys

    2011/02/05 07:29:03.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

    2011/02/05 07:29:03.0250 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

    2011/02/05 07:29:03.0281 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

    2011/02/05 07:29:03.0359 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

    2011/02/05 07:29:03.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

    2011/02/05 07:29:03.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

    2011/02/05 07:29:03.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

    2011/02/05 07:29:03.0781 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

    2011/02/05 07:29:03.0859 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

    2011/02/05 07:29:03.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

    2011/02/05 07:29:03.0968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

    2011/02/05 07:29:04.0000 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

    2011/02/05 07:29:04.0046 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

    2011/02/05 07:29:04.0093 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

    2011/02/05 07:29:04.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

    2011/02/05 07:29:04.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

    2011/02/05 07:29:04.0234 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

    2011/02/05 07:29:04.0312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

    2011/02/05 07:29:04.0359 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

    2011/02/05 07:29:04.0468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

    2011/02/05 07:29:04.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

    2011/02/05 07:29:04.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

    2011/02/05 07:29:04.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

    2011/02/05 07:29:04.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

    2011/02/05 07:29:04.0765 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

    2011/02/05 07:29:04.0812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

    2011/02/05 07:29:04.0875 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

    2011/02/05 07:29:04.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

    2011/02/05 07:29:04.0968 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

    2011/02/05 07:29:05.0000 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

    2011/02/05 07:29:05.0093 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

    2011/02/05 07:29:05.0203 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

    2011/02/05 07:29:05.0593 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

    2011/02/05 07:29:05.0640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

    2011/02/05 07:29:05.0687 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

    2011/02/05 07:29:05.0796 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys

    2011/02/05 07:29:06.0031 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

    2011/02/05 07:29:06.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

    2011/02/05 07:29:06.0156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

    2011/02/05 07:29:06.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

    2011/02/05 07:29:06.0265 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

    2011/02/05 07:29:06.0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

    2011/02/05 07:29:06.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

    2011/02/05 07:29:06.0468 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

    2011/02/05 07:29:06.0531 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

    2011/02/05 07:29:06.0687 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys

    2011/02/05 07:29:06.0765 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

    2011/02/05 07:29:06.0843 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

    2011/02/05 07:29:06.0953 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

    2011/02/05 07:29:07.0000 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

    2011/02/05 07:29:07.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

    2011/02/05 07:29:07.0250 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

    2011/02/05 07:29:07.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

    2011/02/05 07:29:07.0406 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

    2011/02/05 07:29:07.0500 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

    2011/02/05 07:29:07.0718 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

    2011/02/05 07:29:07.0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

    2011/02/05 07:29:08.0000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

    2011/02/05 07:29:08.0125 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

    2011/02/05 07:29:08.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

    2011/02/05 07:29:08.0281 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

    2011/02/05 07:29:08.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

    2011/02/05 07:29:08.0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

    2011/02/05 07:29:08.0625 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

    2011/02/05 07:29:08.0750 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

    2011/02/05 07:29:08.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

    2011/02/05 07:29:08.0906 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

    2011/02/05 07:29:08.0984 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

    2011/02/05 07:29:09.0031 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

    2011/02/05 07:29:09.0125 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

    2011/02/05 07:29:09.0187 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    2011/02/05 07:29:09.0234 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

    2011/02/05 07:29:09.0296 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

    2011/02/05 07:29:09.0390 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

    2011/02/05 07:29:09.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

    2011/02/05 07:29:09.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

    2011/02/05 07:29:09.0906 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

    2011/02/05 07:29:10.0046 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

    2011/02/05 07:29:10.0062 ================================================================================

    2011/02/05 07:29:10.0062 Scan finished

    2011/02/05 07:29:10.0062 ================================================================================

    2011/02/05 07:29:10.0093 Detected object count: 1

    2011/02/05 07:30:03.0171 \HardDisk0 - will be cured after reboot

    2011/02/05 07:30:03.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

    2011/02/05 07:30:14.0781 Deinitialize success

  • Anonymous avatar

    Ben

    Hallo,

    Plaats nog even het hele Mbam logje?(hij is niet compleet)

    En een nieuw Haijck This logje.

    Ben

  • Anonymous avatar

    Bernhard

    Onderstaand opnieuw mijn log bestand, hopelijk compleet ?-)

    Bernhard

    Malwarebytes' Anti-Malware 1.50.1.1100

    www.malwarebytes.org

    Databaseversie: 5679

    Windows 5.1.2600 Service Pack 3 (Safe Mode)

    Internet Explorer 8.0.6001.18702

    5-2-2011 7:12:29

    mbam-log-2011-02-05 (07-12-29).txt

    Scantype: Volledige scan (C:\|)

    Objecten gescand: 358250

    Verstreken tijd: 1 uur/uren, 5 minuut/minuten, 38 seconde(n)

    Geheugenprocessen geïnfecteerd: 0

    Geheugenmodulen geïnfecteerd: 0

    Registersleutels geïnfecteerd: 4

    Registerwaarden geïnfecteerd: 1

    Registerdata geïnfecteerd: 0

    Mappen geïnfecteerd: 0

    Bestanden geïnfecteerd: 17

    Geheugenprocessen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:

    HKEY_CLASSES_ROOT\CLSID\{01E69986-A054-4C52-ABE8-EF63DF1C5211} (Adware.Softomate) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{C7F09647-C6D3-4a92-B358-7AFE2BED7C87} (Adware.Softomate) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\XBTB06823.XBTB06823.1 (Adware.Softomate) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\XBTB06823.XBTB06823 (Adware.Softomate) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmartIndex (Trojan.Agent.Gen) -> Value: SmartIndex -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:

    c:\documents and settings\Eigenaar\application data\Adobe\plugs\kb11301671.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

    c:\documents and settings\Eigenaar\local settings\application data\lhqaxiulfl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    c:\documents and settings\Eigenaar\local settings\temporary internet files\Content.IE5\IR0AMZ78\flash4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    c:\documents and settings\Eigenaar\local settings\temporary internet files\Content.IE5\LIWB1442\flash4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    c:\documents and settings\robert\application data\Adobe\plugs\kb4289375.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

    c:\documents and settings\robert\bureaublad\err.log4246984 (Trojan.Agent) -> Quarantined and deleted successfully.

    c:\documents and settings\robert\local settings\temporary internet files\Content.IE5\Q555ZRLA\exe.php (Trojan.Agent) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{ca6733d4-9153-47ee-9d7c-3de394caf58e}\RP1045\A0201131.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

    c:\WINDOWS\msp2ns05.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

    c:\WINDOWS\Temp\i9uh50kt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    c:\documents and settings\Eigenaar\menu start\programma's\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.

    c:\documents and settings\robert\menu start\programma's\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.

    c:\documents and settings\Eigenaar\application data\Adobe\plugs\kb11289656.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    c:\documents and settings\Eigenaar\application data\Adobe\plugs\kb11342062.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    c:\documents and settings\robert\application data\Adobe\plugs\kb4277453.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    c:\documents and settings\robert\application data\Adobe\plugs\kb4331265.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    c:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

  • Anonymous avatar

    fazantje

    Hoi Bernard,

    Wat Ben denk ik bedoelde is dat je MBAM even opnieuw laat draaien en dat nieuwe logje samen met een nieuw HijackThis logje hier plaatst.

    Graag nu in normale modus;)

    Succes,

    Huib;)

  • Anonymous avatar

    Bernhard

    Onderstaand het nieuwe logbestand na een scan van MBam.

    Ik hoor graag jullie reactie.

    Groet,

    Bernhard.

    logbestand

    Malwarebytes' Anti-Malware 1.50.1.1100

    www.malwarebytes.org

    Database version: 5679

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

    5-2-2011 17:01:06

    mbam-log-2011-02-05 (17-01-06).txt

    Scan type: Full scan (C:\|)

    Objects scanned: 364719

    Time elapsed: 2 hour(s), 27 minute(s), 37 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 4

    Registry Values Infected: 4

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 4

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211} (Adware.Softomate) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Registry Values Infected:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Value: {C5428486-50A0-4A02-9D20-520B59A9F9B2} -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Value: {C5428486-50A0-4A02-9D20-520B59A9F9B3} -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Value: {C5428486-50A0-4a02-9D20-520B59A9F9B3} -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Value: {C5428486-50A0-4a02-9D20-520B59A9F9B2} -> Quarantined and deleted successfully.

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    c:\system volume information\_restore{ca6733d4-9153-47ee-9d7c-3de394caf58e}\RP1048\A0205246.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{ca6733d4-9153-47ee-9d7c-3de394caf58e}\RP1048\A0205247.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{ca6733d4-9153-47ee-9d7c-3de394caf58e}\RP1048\A0205248.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{ca6733d4-9153-47ee-9d7c-3de394caf58e}\RP1048\A0205249.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

  • Anonymous avatar

    Bernhard

    Onderstaand nog de hijack logbestand.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 17:51:16, on 5-2-2011

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\PcCloneEX\PcCloneEX.EXE

    C:\Program Files\programma's\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

    C:\Program Files\IncrediMail\Bin\IncMail.exe

    C:\Program Files\IncrediMail\Bin\ImApp.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program

    Files\IncrediMail_MediaBar_2\tbInc1.dll

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart

    Web Printing\hpswp_printenhancer.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google

    Toolbar\GoogleToolbar_32.dll

    O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program

    Files\iMeshMediabarTb\iMeshMediaBarDx.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

    Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

    Toolbar\msntb.dll

    O2 - BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program

    Files\IncrediMail_MediaBar_2\tbInc1.dll

    O2 - BHO: XBTP06823 - {D65AAE3F-C06B-4971-B73B-61B989163215} - C:\PROGRA~1\BIJBEL~1\BIJBEL~1.DLL (file

    missing)

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

    Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital

    Imaging\Smart Web Printing\hpswp_BHO.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

    Toolbar\msntb.dll

    O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program

    Files\iMeshMediabarTb\iMeshMediaBarDx.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

    Toolbar\GoogleToolbar_32.dll

    O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program

    Files\IncrediMail_MediaBar_2\tbInc1.dll

    O4 - HKLM\..\Run: RTHDCPL.EXE

    O4 - HKLM\..\Run: ALCMTR.EXE

    O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: D:\Setup.exe

    O4 - HKLM\..\Run: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: “E:\quick\QTTask.exe” -atboottime

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

    O4 - HKCU\..\Run: C:\Program Files\programma's\Uniblue\RegistryBooster 2\RegistryBooster.exe

    /S

    O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”

    O4 - HKCU\..\Run: rundll32.exe “C:\WINDOWS\msp2ns05.dll”,Startup

    O4 - HKCU\..\RunOnce: C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update

    -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; BijbelBar; GTB6.6; Mozilla/4.0 (compatible; MSIE

    6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"

    -“http://files.keygames.com/games/dcr/sweet_arts/”

    O4 - HKCU\..\RunOnce: C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe

    O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)

    O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)

    O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\programma's\microsoft office\Office\OSA9.EXE

    O4 - Global Startup: PC Clone EX.LNK = C:\Program Files\PcCloneEX\PcCloneEX.EXE

    O4 - Global Startup: ymetray.lnk = C:\Program Files\programma's\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google

    Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

    Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe

    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) -

    http://bribus.2020.net/Core/Player/2020PlayerAX_Win32.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -

    http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

    C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

    C:\WINDOWS\system32\browseui.dll

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

    Device Support\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Google Updateservice (gupdate1ca013c41192374) (gupdate1ca013c41192374) - Google Inc. - C:\Program

    Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    End of file - 10464 bytes

  • Anonymous avatar

    fazantje

    Hoi Bernhard,

    Ik zie geen virusscanner, download Avast gratis versie:

    http://www.av.eu/nl/avast_antivirus_producten/avast_Free_Antivirus

    Verder zie ik verschillende toolbars:

    Google Toolbar - MediaBar - Windows Live Toolbar.

    Verwijder deze welke je niet gebruikt. Dit doe je in: Start - configuratiescherm - software.

    Verwijder hier ook Ad-Aware van Lavasoft. Dit programma kan jou computer enorm vertragen.

    Start HijackThis en klik op “scan” en vink de volgende regel aan:

    O4 - HKCU\..\Run: rundll32.exe “C:\WINDOWS\msp2ns05.dll”,Startup

    Sluit alle vensters, behalve HijackThis en klik op fix checked.

    Start de computer opnieuw op en plaats een nieuw HijackThis logje.

    Vertel ook even hoe het met jou probleem is.

    Succes,

    Huib;)