Anticiperen op nieuw politie-virus

**Polinho** · 10 augustus 2012, 12:43

Beste leden,

De laatste tijd (2* per maand) heb ik te kampen met het politie-virus. Toen heb ik dankzij tips hier op het forum het telkens kunnen omzeilen en verwijderen. Toch irriteert het me mateloos dat het steeds terugkomt. Misschien doe ik het niet goed of heb ik teveel virusscanners en malware-toestanden.

Zouden jullie mij kunnen helpen anticiperen, zodat mijn pc op punt staat en dat ik eens een volgende aanval kan verhinderen.

Alvast bedankt

PS: Weet niet zeker of het in dit gedeelte thuishoort.

Zie hier mijn logje.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:15, on 10/08/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgscanx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\explorer.exe
C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FD-Computers: Kwaliteit en Service
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar"
O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\GEBRUI~1\AppData\Local\Temp\Zpd.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Spotify] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - Startup: ch8l0.exe.lnk = C:\Windows\System32\rundll32.exe
O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe
O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1ca81879840c1f1) (gupdate1ca81879840c1f1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

--
End of file - 13650 bytes

**kape** · 10 augustus 2012, 14:22

Het politievirus zit nog steeds op deze PC (mogelijk de reden waarom je er telkens weer mee geconfronteerd wordt). Dat gaan we dan ook hieronder aanpakken. Bovendien valt op dat je nogal veel ongewenste toolbars e.d.m. op je PC hebt zitten. Wat "kritischer" omgaan bij downloaden en internetgebruik in het algemeen is dan ook een belangrijke tip. Ook deze rotzooi nemen we hieronder mee. Voer het volgende nu uit :

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar"
O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar"
O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\GEBRUI~1\AppData\Local\Temp\Zpd.exe
O4 - Startup: ch8l0.exe.lnk = C:\Windows\System32\rundll32.exe
O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O20 - AppInit_DLLs:

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.
MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

**Polinho** · 10 augustus 2012, 14:51

Hartelijk bedankt voor het advies alvast.
En inderdaad ik heb destijds teveel van die onnozelheden geïnstalleerd waardat er steeds dingen mee meekwamen. Nu ga ik daar kritischer mee om.

Ik heb wel gemerkt dat bij Hijack this, nog enkele dingen terug zijn gekomen ook al had ik ze "gefixed."

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:49:45, on 10/08/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FD-Computers: Kwaliteit en Service
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Spotify] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1ca81879840c1f1) (gupdate1ca81879840c1f1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

--
End of file - 12322 bytes

Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
Malwarebytes : Free anti-malware download

Databaseversie: v2012.08.10.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Gebruiker :: PC_VAN_FD [administrator]

Realtime bescherming: Ingeschakeld

10/08/2012 14:33:45
mbam-log-2012-08-10 (14-33-45).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 192070
Verstreken tijd: 6 minuut/minuten, 14 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 4
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Geen actie ondernomen.
HKCU\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KOO9RV9K4Z (Trojan.FakeAlert) -> Data: C:\Users\GEBRUI~1\AppData\Local\Temp\Zpd.exe -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 1
C:\sy5tw21.bin (Trojan.SpyEyes) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 1
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

**kape** · 10 augustus 2012, 16:57

Vermoedelijk heb je HijackThis als Vista-gebruiker niet uitgevoerd als "administrator". Daardoor zijn er nog items in je logje overgebleven, die niet verwijderd zijn. Herhaal het eens op die wijze en hang daarna een nieuw logje van HijackThis in je volgende bericht.

**Polinho** · 10 augustus 2012, 17:32

Nu heb ik het als administrator uitgevoerd en krijg ik volgend resultaat.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:31:47, on 10/08/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FD-Computers: Kwaliteit en Service
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Spotify] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate1ca81879840c1f1) (gupdate1ca81879840c1f1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

--
End of file - 11497 bytes

**kape** · 10 augustus 2012, 17:36

Dit ziet er (bijna) goed uit. Doe even het volgende :

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

**Polinho** · 10 augustus 2012, 18:06

Zo :)

ComboFix 12-08-09.01 - Gebruiker 10/08/2012 17:43:23.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3326.1893 [GMT 2:00]
Gestart vanuit: d:\users\Gebruiker\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\users\Gebruiker\561.jpg
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\chrome.manifest
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\funmoods.css
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\funmoods.xul
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\arwDwn.gif
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ae.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\bg.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ch.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\cn.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\cz.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\de.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\eg.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\en.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\es.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\fr.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\gr.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\he.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\il.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\it.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ja.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\jp.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\nl.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\no.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\pl.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\pt.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ro.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ru.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\sa.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\se.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\sv.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\tr.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\ua.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\flgs\us.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\help_16.gif
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\home.gif
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\logo.png
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\privecy_16_hot.gif
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\imgs\tellafriend.gif
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\loader.xul
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\mtstart.js
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\tmplt.js
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\content\uninsthk.js
c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\extensions\ffxtlbr@funm oods.com\install.rdf
c:\windows\system\oeminfo.ini
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))
.
.
2012-08-10 15:55 . 2012-08-10 15:55 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp
2012-08-10 15:55 . 2012-08-10 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 10:29 . 2012-08-10 10:29 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-10 10:29 . 2012-08-10 10:29 -------- d-----w- c:\program files\Hijack
2012-08-10 09:50 . 2012-08-10 09:50 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
2012-08-10 09:49 . 2012-08-10 09:49 -------- d-----w- c:\programdata\Malwarebytes
2012-08-10 09:49 . 2012-08-10 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 09:49 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 09:46 . 2012-08-10 09:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Helios
2012-08-10 09:45 . 2012-08-10 09:46 -------- d-----w- c:\program files\TextPad 6
2012-08-10 09:26 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D8C773C-E1A3-410E-A4F3-A0085D5C733D}\mpengine.dll
2012-08-08 13:37 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-30 17:46 . 2012-07-30 17:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\AVG2012
2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\users\Gebruiker\AppData\Local\AVG Secure Search
2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-30 17:44 . 2012-07-30 17:44 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\program files\AVG Secure Search
2012-07-30 17:42 . 2012-07-30 17:42 -------- d-----w- C:\$AVG
2012-07-30 17:42 . 2012-08-10 09:21 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-30 17:42 . 2012-07-30 17:50 -------- d-----w- c:\programdata\AVG2012
2012-07-12 10:46 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 10:42 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 10:42 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 10:42 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 16:47 . 2012-07-11 10:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 10:20 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 10:20 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 14:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:51 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:51 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:51 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 14:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 14:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 14:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 14:51 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 14:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 10:20 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 10:20 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-25 20:35 . 2012-06-07 20:08 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Spotify"="c:\users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" [2012-05-05 9478320]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-30 1147488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-9-11 390432]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 ADM8511;ADMtek ADM8511 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\NET8511.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 15:17]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 15:17]
.
2012-08-09 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-01-25 21:24]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 346c81b2000000000000002354d9c437
FF - user.js: extensions.funmoods_i.instlDay - 15424
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:48
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe
AddRemove-{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E} - c:\program files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-10 17:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-08-10 18:04:14
ComboFix-quarantined-files.txt 2012-08-10 16:04
.
Pre-Run: 67.466.604.544 bytes beschikbaar
Post-Run: 67.454.169.088 bytes beschikbaar
.
- - End Of File - - ACC96F6309ED18CDEDC18B92CFFEB9B3

**kape** · 10 augustus 2012, 22:49

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\
FF - prefs.js: keyword.URL -
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 346c81b2000000000000002354d9c437
FF - user.js: extensions.funmoods_i.instlDay - 15424
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1614:48
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr – false

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Download Security Check en sla dit op je bureaublad op.

Start Security Check
Volg de instructies op het scherm.
Aan het eind verschijnt een log (checkup.txt). Plaats de inhoud ervan in je volgende antwoord. Sluit kladblok.

**Polinho** · 11 augustus 2012, 14:02

Logje Combo

ComboFix 12-08-09.01 - Gebruiker 11/08/2012 13:45:16.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3326.1782 [GMT 2:00]
Gestart vanuit: d:\users\Gebruiker\Desktop\ComboFix.exe
gebruikte Opdracht switches :: d:\users\Gebruiker\Desktop\CFScript..txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-11 to 2012-08-11 ))))))))))))))))))))))))))))))
.
.
2012-08-11 11:51 . 2012-08-11 11:51 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp
2012-08-11 11:51 . 2012-08-11 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 11:41 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A7BEA72-7842-4E74-B9F3-A29A9A5B0B28}\mpengine.dll
2012-08-11 11:30 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-10 10:29 . 2012-08-10 10:29 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-10 10:29 . 2012-08-10 10:29 -------- d-----w- c:\program files\Hijack
2012-08-10 09:50 . 2012-08-10 09:50 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
2012-08-10 09:49 . 2012-08-10 09:49 -------- d-----w- c:\programdata\Malwarebytes
2012-08-10 09:49 . 2012-08-10 09:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 09:49 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 09:46 . 2012-08-10 09:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Helios
2012-08-10 09:45 . 2012-08-10 09:46 -------- d-----w- c:\program files\TextPad 6
2012-07-30 17:46 . 2012-07-30 17:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\AVG2012
2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\users\Gebruiker\AppData\Local\AVG Secure Search
2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-30 17:44 . 2012-07-30 17:44 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-30 17:44 . 2012-07-30 17:44 -------- d-----w- c:\program files\AVG Secure Search
2012-07-30 17:42 . 2012-07-30 17:42 -------- d-----w- C:\$AVG
2012-07-30 17:42 . 2012-08-11 08:37 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-30 17:42 . 2012-07-30 17:50 -------- d-----w- c:\programdata\AVG2012
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:40 . 2012-07-12 10:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 10:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 10:20 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 10:20 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 14:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:51 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:51 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:51 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 14:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 14:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 14:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 14:51 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 14:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 10:43 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 10:43 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 10:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 10:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 10:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 10:20 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 10:20 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-25 20:35 . 2012-06-07 20:08 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Spotify"="c:\users\Gebruiker\AppData\Roaming\Spotify\Spotify.exe" [2012-05-05 9478320]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-30 1147488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-9-11 390432]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
R3 ADM8511;ADMtek ADM8511 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\NET8511.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 15:17]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 15:17]
.
2012-08-10 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-01-25 21:24]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files\PokerStars.BE\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\kciop7xi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-11 13:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-08-11 13:52:58
ComboFix-quarantined-files.txt 2012-08-11 11:52
ComboFix2.txt 2012-08-11 11:14
ComboFix3.txt 2012-08-10 16:04
.
Pre-Run: 73.864.966.144 bytes beschikbaar
Post-Run: 73.839.632.384 bytes beschikbaar
.
- - End Of File - - 79EEC2B9FECE465F9914B4E43C83CF18

Logje Security Check

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.62.0.1300
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.11 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

**kape** · 12 augustus 2012, 07:20

Combofix heeft zijn werk correct gedaan. Dat logje is inmiddels OK.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Uit de Security Check blijkt dat je één en ander moet updaten.

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Ga naar Java SE 7 en download daar de juiste Java versie naar uw bureaublad, 32 of 64 bit.

Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-7-windows-x64 / x86 op je Bureaublad om de nieuwste versie van Java te installeren.

Van Adobe Flash Player en Adobe Reader moet je ook de meest recente versie binnenhalen. En bij Google Chrome zitten er blijkbaar 3 verschillende versies op de PC. Kijk eens bij Software of je daar de oudste versies van kan verwijderen en de meest recente behouden.

Anticiperen op nieuw politie-virus

LinkBack

Discussietools

Anticiperen op nieuw politie-virus

Soortgelijke discussies

politie virus

[OPGELOST] Politie virus

politie virus

[OPGELOST] Politie Virus

[OPGELOST] Politie virus

Labels voor deze discussie

Regels voor berichten