Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Guy
Hallo
telefoontje gehad van mijn broer zit met het gijzelvirus,kan de pc nog opstarten en even blijven de icoontjes staan om dan plaats te maken voor de melding om te betalen omdat hij op een kinderpornosite was.
Kan iemand helpen,
groetjes Guy
Hallo,
Als het het gijzelvirus is doe onderstaande stappen:
Stap 1.
Start de computer op in de veilige modus
• Ga naar start > uitvoeren of type het commando regedit in het zoekvenster van het startmenu bij Windows Vista en 7 gevolgd door enter.
• Navigeer nu in het register naar de onderstaande registersleutel.
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
• Verwijder hier nu de waarde "vasja"
• Herstart de computer nu weer in de normale modus.
Stap 2.
Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
Open de map "EmsisoftEmergencyKit“ en dubbelklik op ”Start.exe"
Klik nu op "Emergency Kit Scanner“ u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op ”Ja"
Als de update gereed is en de melding "Update process is succesvol afgerond“ verschijnt klikt u op ”menu“ en dan op ”Scan PC"
Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde“ u zal nu de volgende melding krijgen maar klik hier op ”Ja"
Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
Herstart nu de computer.
Stap 3.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen dds.scr als administrator uit te voeren "klik met rechtermuisknop : uitvoeren als"
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Stap 4.
Plaats hierna de logjes van:
EmsisoftEmergencyKit
DDS.txt
Gr.Ben
Hallo,
Start op in veilige modus en laat Mbam scannen.(lukt dit niet doe het volgend)
Download het Avira AntiVir Rescue System en sla deze op je bureaublad op.
• Stop een lege CD/DVD in je computer.
• Dubbelklik op rescue_system-common-en.exe.
• Selecteer het station waar de lege CD/DVD in zit.
• Klik op de knop Burn CD om het Avira AntiVir Rescue System op die lege CD/DVD te branden.
Voer deze stappen uit op de geïnfecteerde pc:
• Stop de CD/DVD, met daarop het Avira AntiVir Rescue System, in je geïnfecteerde PC.
• Start die PC opnieuw op.
• Druk op de toets 1 om je computer vanaf de CD/DVD op te starten.
• Het Avira AntiVir Rescue System zal automatisch worden geopend.
• Klik linksonder op de Engelse vlag als je alles in het Duits ziet. Zo wordt de taal Engels.
• Klik links op de knop Configuration.
• Zorg ervoor dat Scan all files onder Scan Mode is geselecteerd.
• Zorg ervoor dat Try to repair infected files en Rename files, if the cannot be removed? onder Action at malware discovery is geselecteerd.
• Klik links op de knop Virus Scanner en klik vervolgens op Start Scanner.
• Het Avira AntiVir Rescue System zal je computer nu gaan scannen. De scan kan veel tijd in beslag nemen.
• Haal de CD/DVD uit je computer als het scannen klaar is en start je computer daarna opnieuw op.
Link: http://www.avira.com/en/download/product/avira-antivir-rescue-system (de iso)
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen dds.scr als administrator uit te voeren "klik met rechtermuisknop : uitvoeren als"
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Plaats hierna het logje van DDS.txt
Gr.Ben
Dag Ben
weet niet of mijn post is aangekoomen
tweede poging.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Herman at 15:05:18 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3063.2040
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uDefault_Page_URL = hxxp://www.aldi.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “c:\program files\microsoft\bingbar\BingExt.dll”
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - “c:\program files\microsoft\bingbar\BingExt.dll”
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: “c:\program files\windows live\messenger\msnmsgr.exe” /background
uRun: “c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe”
mRun: c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: “c:\program files\cyberlink\power2go\CLMLSvc.exe”
mRun: c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: “c:\program files\microsoft office\office12\GrooveMonitor.exe”
mRun: “c:\program files\adobe\reader 9.0\reader\Reader_sl.exe”
mRun: “c:\program files\common files\adobe\arm\1.0\AdobeARM.exe”
mRun: “c:\program files\common files\java\java update\jusched.exe”
mRun: “c:\program files\avg\avg2012\avgtray.exe”
mRun: “c:\program files\avg secure search\vprot.exe”
StartupFolder: c:\users\herman\appdata\roaming\micros~1\windows\startm~1\programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\users\herman\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
TCP: Interfaces\{16F5B9A4-8252-409A-9203-3A8056E14D64} : DhcpNameServer = 195.130.130.131 195.130.131.131
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys
S2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe
.
=============== Created Last 30 ================
.
2012-07-09 13:02:15 ——– d—–w- c:\users\herman\appdata\local\{A4BA6BFF-FC58-4DF0-A527-37802B98CCB8}
2012-07-09 13:02:03 ——– d—–w- c:\users\herman\appdata\local\{391166A5-CA96-4846-A066-B009AC1A61D4}
2012-07-08 21:32:59 ——– d—–w- c:\users\herman\appdata\local\{9173D56A-AA72-4A21-BAA6-BE2FA69D3276}
2012-07-08 21:32:48 ——– d—–w- c:\users\herman\appdata\local\{A28A08D1-395F-48F8-A655-B042DF74D2E7}
2012-07-06 10:27:43 ——– d—–w- c:\users\herman\appdata\local\{AFAD573B-9396-4536-B141-9440B57273B7}
2012-07-06 10:27:33 ——– d—–w- c:\users\herman\appdata\local\{7605172D-5B19-4BD0-92B0-67301E13B8DF}
2012-07-04 14:36:10 ——– d—–w- c:\users\herman\appdata\local\{D1AB294D-847D-4558-BF8F-C49C83FEAABE}
2012-07-04 14:36:01 ——– d—–w- c:\users\herman\appdata\local\{6A158383-D646-4656-94FA-501B58139C91}
2012-07-04 14:35:51 ——– d—–w- c:\users\herman\appdata\local\{2CF4EECF-518C-4D5F-9937-E6ED268D2F25}
2012-07-04 14:35:41 ——– d—–w- c:\users\herman\appdata\local\{DB086653-747C-471B-904B-986BF763EDB3}
2012-07-03 14:56:13 ——– d—–w- c:\users\herman\appdata\local\{4D6333BE-DE6A-46FF-93A8-BF44D254818B}
2012-07-03 14:56:03 ——– d—–w- c:\users\herman\appdata\local\{5FD7468E-531E-4B7B-A231-74A63EEC9F9D}
2012-07-02 20:36:57 ——– d—–w- c:\users\herman\appdata\local\{B7C36C65-ADC1-4759-8C72-0EA2D6D3D8EE}
2012-07-02 20:36:48 ——– d—–w- c:\users\herman\appdata\local\{8DC3C02B-73F0-4962-8968-AB1B4721A63E}
2012-07-02 20:36:38 ——– d—–w- c:\users\herman\appdata\local\{B07D7F03-62C6-4834-A291-2E6C504BEA75}
2012-07-01 12:39:44 ——– d—–w- c:\users\herman\appdata\local\{F6477EC9-1321-4EA2-B61A-0DDF15E4D4F1}
2012-07-01 12:39:34 ——– d—–w- c:\users\herman\appdata\local\{0BF32070-82A9-4015-8605-18592978362D}
2012-06-29 12:15:24 ——– d—–w- c:\users\herman\appdata\local\{41135D12-BF36-40FB-A62B-40075FBF3FD8}
2012-06-29 12:15:14 ——– d—–w- c:\users\herman\appdata\local\{080972C0-12C5-45F7-95A4-18B1C29F52ED}
2012-06-29 08:04:00 ——– d—–w- c:\users\herman\appdata\local\Babylon
2012-06-29 08:03:59 ——– d—–w- c:\users\herman\appdata\roaming\Babylon
2012-06-29 08:03:59 ——– d—–w- c:\programdata\Babylon
2012-06-28 20:45:48 ——– d—–w- c:\users\herman\appdata\local\{44CD9A0B-120B-4017-A6A4-4909EF4D357C}
2012-06-28 20:45:39 ——– d—–w- c:\users\herman\appdata\local\{F0E933B8-FB02-47C6-B101-287AE50FC3DE}
2012-06-27 22:01:51 ——– d—–w- c:\users\herman\appdata\local\{348D517B-FE94-49E7-8B88-F76729EC3947}
2012-06-27 22:01:42 ——– d—–w- c:\users\herman\appdata\local\{1AEBD470-79B8-43B9-AB8A-35365516C98D}
2012-06-27 22:01:32 ——– d—–w- c:\users\herman\appdata\local\{AFBA146F-AC26-4B6E-A8B9-D230639D4CDD}
2012-06-27 22:01:23 ——– d—–w- c:\users\herman\appdata\local\{8DCC1D98-DCC0-4368-8B92-FDC500FA21DA}
2012-06-26 21:10:22 ——– d—–w- c:\users\herman\appdata\local\{44A781BD-5CE3-4928-B1D4-4221EB76F584}
2012-06-26 21:10:12 ——– d—–w- c:\users\herman\appdata\local\{DA37D597-21A5-4940-81B9-64E6E603B030}
2012-06-26 21:10:03 ——– d—–w- c:\users\herman\appdata\local\{FF2101A0-4E0B-44FB-B28B-9A4795393498}
2012-06-25 16:12:40 ——– d—–w- c:\users\herman\appdata\local\{08F9D6EE-677A-474A-AC2E-C2686A1C82E6}
2012-06-25 16:12:31 ——– d—–w- c:\users\herman\appdata\local\{931593D2-5FB0-445B-8D0D-0A53E4DC8119}
2012-06-25 16:12:21 ——– d—–w- c:\users\herman\appdata\local\{EE8C2BCE-ED24-43F4-ADD1-927AC80371B2}
2012-06-24 16:17:35 ——– d—–w- c:\users\herman\appdata\local\{53D6C95D-99A6-4B58-B3D2-48FBF7B92431}
2012-06-24 16:17:26 ——– d—–w- c:\users\herman\appdata\local\{C44D1AC8-E7E3-4D66-B776-4C5847F6F8C4}
2012-06-24 16:17:16 ——– d—–w- c:\users\herman\appdata\local\{FF3CF0C9-EDBF-4F18-8ECE-61C2C6ADDD56}
2012-06-23 22:52:28 ——– d—–w- c:\users\herman\appdata\local\{6D2D8FBA-C8B9-4840-A330-70293856CB88}
2012-06-23 22:52:18 ——– d—–w- c:\users\herman\appdata\local\{4CAA59B7-BA79-4EAE-9E11-1BED021FC370}
2012-06-22 12:03:22 ——– d—–w- c:\users\herman\appdata\local\{0DBE05D3-F9E7-4D8D-A2DA-6E7762A0CC38}
2012-06-22 12:03:13 ——– d—–w- c:\users\herman\appdata\local\{DA0BCAD3-F8D3-41B9-B7CC-77472179A0BB}
2012-06-21 13:46:22 ——– d—–w- c:\users\herman\appdata\local\{D121431D-E4E4-4124-B2B5-65AB7C24E7F0}
2012-06-21 13:46:12 ——– d—–w- c:\users\herman\appdata\local\{BF55E075-4E06-46F0-94CD-2A9995B273A3}
2012-06-20 20:15:15 ——– d—–w- c:\users\herman\appdata\local\{792B6682-4C9B-49A5-88D6-9A53135A1B74}
2012-06-20 20:15:05 ——– d—–w- c:\users\herman\appdata\local\{5C75DF2E-48B2-4439-B8FE-1BFD4E46135A}
2012-06-20 20:14:56 ——– d—–w- c:\users\herman\appdata\local\{4630D0A8-F8E1-486A-9F3D-53C5882EDDCE}
2012-06-20 20:14:46 ——– d—–w- c:\users\herman\appdata\local\{4C741186-A9DE-4A16-81A5-AE8F935E718E}
2012-06-20 08:14:22 ——– d—–w- c:\users\herman\appdata\local\{EA3617E3-6963-46F0-BD80-87273B9DD00A}
2012-06-20 08:14:13 ——– d—–w- c:\users\herman\appdata\local\{32A28E67-6190-4113-ABC3-9556032097E7}
2012-06-20 08:14:03 ——– d—–w- c:\users\herman\appdata\local\{494FBAEF-419E-433D-BC69-92772FBD7869}
2012-06-19 12:05:17 ——– d—–w- c:\users\herman\appdata\local\{EE5899F6-FFDE-4409-8D24-040ABA37D3D8}
2012-06-19 12:05:07 ——– d—–w- c:\users\herman\appdata\local\{8CB570EA-FB9F-4836-9084-EAFA8BF027F1}
2012-06-18 17:07:53 ——– d—–w- c:\users\herman\appdata\local\{38F7B1FF-B96D-4ED5-AFE5-B087E31537D5}
2012-06-17 20:48:51 ——– d—–w- c:\users\herman\appdata\local\{51A58FC5-0E47-4CCE-AB76-7B7A76E468A8}
2012-06-16 22:10:15 164352 —-a-w- c:\windows\system32\profsvc.dll
2012-06-16 22:10:09 140288 —-a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 22:10:09 1158656 —-a-w- c:\windows\system32\crypt32.dll
2012-06-16 22:10:09 103936 —-a-w- c:\windows\system32\cryptnet.dll
2012-06-16 22:05:27 ——– d—–w- c:\users\herman\appdata\local\{2B339D12-E92D-403E-953F-407F5710975C}
2012-06-16 11:08:13 ——– d—–w- c:\users\herman\appdata\local\{35D3FB39-1CDD-4925-BB6D-761C550060A4}
2012-06-15 21:42:29 ——– d—–w- c:\users\herman\appdata\local\{DA6ED06B-6513-467A-AD08-DCA477A4300F}
2012-06-15 09:42:06 ——– d—–w- c:\users\herman\appdata\local\{5DA6A33C-6CE1-4BC4-AA4A-36797CFF39C4}
2012-06-15 09:41:57 ——– d—–w- c:\users\herman\appdata\local\{EE5A2FCE-5A26-4968-8C26-12089751F191}
2012-06-14 19:26:04 ——– d—–w- c:\users\herman\appdata\local\{B4373B65-10FD-4302-A460-B7E0F65C497C}
2012-06-14 19:25:54 ——– d—–w- c:\users\herman\appdata\local\{0BD502C4-D2C9-4E59-AFF0-C4D3D700FD57}
2012-06-14 19:25:45 ——– d—–w- c:\users\herman\appdata\local\{6CCB0A9C-AAFA-4BA4-BFD9-0B497E8DD3D9}
2012-06-14 19:25:35 ——– d—–w- c:\users\herman\appdata\local\{A265AD4D-7E6D-41F5-A6D2-4D2CD88982C0}
2012-06-14 07:25:12 ——– d—–w- c:\users\herman\appdata\local\{7211701D-AC86-4698-977E-4A8C0AE5A47B}
2012-06-14 07:25:02 ——– d—–w- c:\users\herman\appdata\local\{2963DAEB-A0C4-4FB4-87A7-8317EA312A8D}
2012-06-13 13:58:50 ——– d—–w- c:\users\herman\appdata\local\{F1827852-A268-4179-ADE0-FD1B6C46E9C9}
2012-06-13 13:58:40 ——– d—–w- c:\users\herman\appdata\local\{E9853D8F-B132-46F1-B13B-1FF65E5E76F5}
2012-06-12 20:47:06 ——– d—–w- c:\users\herman\appdata\local\{01CE09B5-0F5F-44F7-9A41-DC549824651D}
2012-06-12 20:46:57 ——– d—–w- c:\users\herman\appdata\local\{76A9D936-6594-46D0-8340-1F438CB2A51E}
2012-06-12 20:46:47 ——– d—–w- c:\users\herman\appdata\local\{0E9F5130-698F-4B80-A53C-6BC0462FEBB7}
2012-06-12 06:29:10 ——– d—–w- c:\users\herman\appdata\local\{FD81E7A1-71A4-410E-B6AA-F8895252B663}
2012-06-12 06:29:00 ——– d—–w- c:\users\herman\appdata\local\{2F2ADEC0-D541-4720-A6CC-BC09E2AA2171}
2012-06-12 06:28:51 ——– d—–w- c:\users\herman\appdata\local\{87A181A0-26D5-488F-9A30-36F1A72D4ABC}
2012-06-11 12:21:51 ——– d—–w- c:\users\herman\appdata\local\{FCBC8AE3-67C6-4BB3-B93D-C73CF1D1FCAA}
2012-06-11 12:21:42 ——– d—–w- c:\users\herman\appdata\local\{2A266E09-AB2C-428F-A220-08FA546899AA}
2012-06-10 18:51:33 ——– d—–w- c:\users\herman\appdata\local\{75EEB14C-341D-479D-9871-DF5A7E29C4F2}
2012-06-10 18:51:23 ——– d—–w- c:\users\herman\appdata\local\{1C4A4A01-7973-4A64-8BD0-E506F284ACD2}
2012-06-10 06:50:59 ——– d—–w- c:\users\herman\appdata\local\{37859B15-B5EE-4614-A04B-5494E9F2C1E8}
2012-06-10 06:50:49 ——– d—–w- c:\users\herman\appdata\local\{4A1CBA32-C75C-4931-8362-04C74589D334}
.
==================== Find3M ====================
.
2012-06-02 22:12:32 2422272 —-a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 —-a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 —-a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 —-a-w- c:\windows\system32\wuapp.exe
2012-05-15 03:03:54 981504 —-a-w- c:\windows\system32\wininet.dll
2012-05-15 01:05:38 2343936 —-a-w- c:\windows\system32\win32k.sys
2012-04-28 03:17:07 183808 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 —-a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 —-a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 —-a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-20 03:16:44 1638912 —-a-w- c:\windows\system32\mshtml.tlb
2012-04-19 02:50:26 24896 —-a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 15:06:34,12 ===============
Hallo,
Gebruik het volgende programma:
"zoek.exe" gebruiken: Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe(mirror) naar het bureaublad.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande blauw gedrukte code en plak die in het grote invulvenster:
{d2ce3e00-f94a-4740-988e-03dc2f38c34f};c
{8dcb7100-df86-4384-8842-8fa844297b3f};c
{21FA44EF-376D-4D53-9B0F-8A89D3229068};c
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39};c
c:\users\herman\appdata\local\Babylon;fs
c:\users\herman\appdata\roaming\Babylon;fs
c:\programdata\Babylon;fs
emptyjava;
emptyflash;
Sluit nu eerst alle overige nog openstaande programmavensters!
Klik daarna op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
En plaats daarbij een HijackThis logje en vertel erbij hoe het gaat.
Gr.Ben
Hallo Ben
hier de gevraagde logjes
Zoek.exe Version 3.0.0.3 Updated 09-July-2012
Tool run by Herman on di 10/07/2012 at 9:18:26,21.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running from: C:\Users\Herman\Desktop\zoek.exe
==== Deleting CLSID Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39} deleted successfully
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:29:19, on 10/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Windows\system32\notepad.exe
C:\Users\Herman\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2012\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVG Secure Search\vprot.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe
O4 - Startup: OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing)
O9 - Extra ‘Tools’ menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
–
End of file - 9804 bytes
Zo Ben dit is allemaal vlotjes gegaan hopelijk is het nu in orde.
Groetjes Guy
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39} deleted successfully
==== Deleting Files \ Folders ======================
“c:\users\herman\appdata\local\Babylon” deleted
“c:\users\herman\appdata\roaming\Babylon” deleted
“c:\programdata\Babylon” deleted
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
Hallo,
We gaan de goede kant op:
Start HijackThis;
Klik met de rechtermuis op het programma Hijackthis en kies voor “Uitvoeren als Administrator”
Kies voor ‘Do a system scan only’.
Selecteer alle regels die hier onder staan.
O9 - Extra button: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (file missing)
O9 - Extra ‘Tools’ menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (file missing)
O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (file missing) (HKCU)
Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.
Download Security Check (miror) by screen317 en sla het op je Bureaublad op.
• Start Security Check
• Volg de Instructies in het scherm
• Aan het eind verschijnt een log (checkup.txt) plaats de inhoud ervan in je volgende antwoord samen met een nieuw HijackThis logje.
Gr.Ben
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Java(TM) 6 Update 33
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:56, on 10/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Herman\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2012\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVG Secure Search\vprot.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe
O4 - Startup: OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
–
End of file - 9335 bytes
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
