Ga naar inhoud

Hijack Log; Trojan gaat er niet af

bd14

Door bd14
in Archief Bestrijding malware & virussen

 Delen

Aanbevolen berichten

bd14 Nieuweling

bd14

Geplaatst:
Geplaatst: (aangepast)

Hallo,

Ik heb een win32. cyber B. op mijn computer die er niet af gaat. Ik heb gelezen over de hijack en gedownload. Misschien dat jullie mij kunnen helpen om hem eraf te halen.

De log;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:21:55, on 27-2-2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

[b]Running processes:[/b]
[color=teal]c:\windows\system32\[/color][color=blue]dwm.exe[/color]
[color=teal]c:\windows\[/color][color=blue]explorer.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]taskeng.exe[/color]
[color=teal]c:\program files\windows media player\[/color][color=blue]wmpnscfg.exe[/color]
[color=teal]c:\windows\system32\wbem\[/color][color=blue]unsecapp.exe[/color]
[color=teal]c:\program files\tortoisesvn\bin\[/color][color=blue]tsvncache.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]conime.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]wuauclt.exe[/color]
[color=teal]c:\program files\intel\intel matrix storage manager\[/color][color=blue]iaanotif.exe[/color]
[color=teal]c:\windows\[/color][color=blue]rthdvcpl.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]rundll32.exe[/color]
[color=teal]c:\program files\hp\hp software update\[/color][color=blue]hpwuschd2.exe[/color]
[color=teal]c:\program files\logitech\video\[/color][color=blue]logitray.exe[/color]
[color=teal]c:\program files\microsoft office\office12\[/color][color=blue]groovemonitor.exe[/color]
[color=teal]c:\program files\common files\java\java update\[/color][color=blue]jusched.exe[/color]
[color=teal]c:\program files\nero\nero 10\nero backitup\[/color][color=blue]nbagent.exe[/color]
[color=teal]c:\program files\itunes\[/color][color=blue]ituneshelper.exe[/color]
[color=teal]c:\program files\microsoft security client\[/color][color=blue]msseces.exe[/color]
[color=teal]c:\program files\windows sidebar\[/color][color=blue]sidebar.exe[/color]
[color=teal]c:\windows\ehome\[/color][color=blue]ehtray.exe[/color]
[color=teal]c:\program files\skype\phone\[/color][color=blue]skype.exe[/color]
[color=teal]c:\users\billy\appdata\roaming\microsoft\[/color][color=blue]conhost.exe[/color]
[color=teal]c:\program files\hp\digital imaging\bin\[/color][color=blue]hpqtra08.exe[/color]
[color=teal]c:\windows\ehome\[/color][color=blue]ehmsas.exe[/color]
[color=teal]c:\users\billy\appdata\roaming\[/color][color=blue]dwm.exe[/color]
[color=teal]c:\program files\windows live\messenger\[/color][color=blue]msnmsgr.exe[/color]
[color=teal]c:\users\billy\appdata\local\temp\[/color][color=blue]csrss.exe[/color]
[color=teal]c:\program files\hp\digital imaging\bin\[/color][color=blue]hpqste08.exe[/color]
[color=teal]c:\program files\windows live\contacts\[/color][color=blue]wlcomm.exe[/color]
[color=teal]c:\program files\hp\digital imaging\bin\[/color][color=blue]hpqbam08.exe[/color]
[color=teal]c:\program files\hp\digital imaging\bin\[/color][color=blue]hpqgpc01.exe[/color]
[color=teal]c:\program files\skype\plugin manager\[/color][color=blue]skypepm.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]dllhost.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]sdclt.exe[/color]
[color=teal]c:\program files\mozilla firefox\[/color][color=blue]firefox.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]notepad.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]searchfilterhost.exe[/color]
[color=teal]c:\windows\system32\[/color][color=blue]notepad.exe[/color]
[color=teal]c:\program files\trend micro\hijackthis\[/color][color=blue]hijackthis.exe[/color]
[color=teal]c:\program files\swiftkit\[/color][color=blue]swiftkit-rs.exe[/color]

[color=silver]r1 -[/color] [color=brown]hkcu\software\microsoft\internet explorer\main[/color],default_page_url = [u][noparse]http://www.aldi.com/[/noparse][/u]
[color=silver]r1 -[/color] [color=brown]hkcu\software\microsoft\internet explorer\main[/color],search page = [u][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u]
[color=silver]r0 -[/color] [color=brown]hkcu\software\microsoft\internet explorer\main[/color],start page = [u][noparse]http://www.startpagina.nl/[/noparse][/u]
[color=silver]r1 -[/color] [color=brown]hklm\software\microsoft\internet explorer\main[/color],default_page_url = [u][noparse]http://www.aldi.com/[/noparse][/u]
[color=silver]r1 -[/color] [color=brown]hklm\software\microsoft\internet explorer\main[/color],default_search_url = [u][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u]
[color=silver]r1 -[/color] [color=brown]hklm\software\microsoft\internet explorer\main[/color],search page = [u][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u]
[color=silver]r0 -[/color] [color=brown]hklm\software\microsoft\internet explorer\main[/color],start page = [u][noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse][/u]
[color=silver]r0 -[/color] [color=brown]hklm\software\microsoft\internet explorer\search[/color],searchassistant =
[color=silver]r0 -[/color] [color=brown]hklm\software\microsoft\internet explorer\search[/color],customizesearch =
[color=silver]r1 -[/color] [color=brown]hkcu\software\microsoft\windows\currentversion\internet settings[/color],proxyserver = http=127.0.0.1:59576
[color=silver]r1 -[/color] [color=brown]hkcu\software\microsoft\windows\currentversion\internet settings[/color],proxyoverride = *.local
[color=silver]r0 -[/color] [color=brown]hkcu\software\microsoft\internet explorer\toolbar[/color],linksfoldername =
[color=silver]f3 -[/color] [color=brown]reg[/color]:win.ini: load=[color=teal]c:\users\billy\appdata\local\temp\[/color][color=blue]csrss.exe[/color]
[color=silver]o1 -[/color] [color=brown]hosts[/color]: ::1 localhost
[color=silver]o2 -[/color] [color=brown]bho[/color]: adobe pdf reader help bij koppelingen - [color=orange]{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}[/color] - [color=teal]c:\program files\common files\adobe\acrobat\activex\[/color][color=blue]acroiehelper.dll[/color]
[color=silver]o2 -[/color] [color=brown]bho[/color]: wormradar.com iesiteblocker.navfilter - [color=orange]{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}[/color] - [color=teal]c:\program files\avg\avg9\[/color][color=blue]avgssie.dll[/color] [color=red](file missing)[/color]
[color=silver]o2 -[/color] [color=brown]bho[/color]: (no name) - [color=orange]{5c255c8a-e604-49b4-9d64-90988571cecb}[/color] - (no file)
[color=silver]o2 -[/color] [color=brown]bho[/color]: groove gfs browser helper - [color=orange]{72853161-30c5-4d22-b7f9-0bbc1d38a37e}[/color] - [color=teal]c:\program files\microsoft office\office12\[/color][color=blue]grooveshellextensions.dll[/color]
[color=silver]o2 -[/color] [color=brown]bho[/color]: windows live aanmelden - help - [color=orange]{9030d464-4c02-4abf-8ecc-5164760863c6}[/color] - [color=teal]c:\program files\common files\microsoft shared\windows live\[/color][color=blue]windowslivelogin.dll[/color]
[color=silver]o2 -[/color] [color=brown]bho[/color]: (no name) - [color=orange]{a057a204-bacc-4d26-9990-79a187e2698e}[/color] - (no file)
[color=silver]o2 -[/color] [color=brown]bho[/color]: ask toolbar bho - [color=orange]{d4027c7f-154a-4066-a1ad-4243d8127440}[/color] - [color=teal]c:\program files\ask.com\[/color][color=blue]genericasktoolbar.dll[/color]
[color=silver]o2 -[/color] [color=brown]bho[/color]: java(tm) plug-in 2 ssv helper - [color=orange]{dbc80044-a445-435b-bc74-9c25c1c588a9}[/color] - [color=teal]c:\program files\java\jre6\bin\[/color][color=blue]jp2ssv.dll[/color]
[color=silver]o2 -[/color] [color=brown]bho[/color]: kikin plugin - [color=orange]{e601996f-e400-41ca-804b-cd6373a7eee2}[/color] - [color=teal]c:\program files\kikin\[/color][color=blue]ie_kikin.dll[/color]
[color=silver]o2 -[/color] [color=brown]bho[/color]: hp smart bho class - [color=orange]{ffffffff-cf4e-4f2b-bdc2-0e72e116a856}[/color] - [color=teal]c:\program files\hp\digital imaging\smart web printing\[/color][color=blue]hpswp_bho.dll[/color]
[color=silver]o3 -[/color] [color=brown]toolbar[/color]: (no name) - [color=orange]{a057a204-bacc-4d26-9990-79a187e2698e}[/color] - (no file)
[color=silver]o3 -[/color] [color=brown]toolbar[/color]: (no name) - [color=orange]{ccc7a320-b3ca-4199-b1a6-9f516dd69829}[/color] - (no file)
[color=silver]o3 -[/color] [color=brown]toolbar[/color]: nero toolbar - [color=orange]{d4027c7f-154a-4066-a1ad-4243d8127440}[/color] - [color=teal]c:\program files\ask.com\[/color][color=blue]genericasktoolbar.dll[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][windows defender][/b] [color=teal]%programfiles%\windows defender\[/color][color=blue]msascui.exe[/color] -hide
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][iaanotif][/b] [color=teal]c:\program files\intel\intel matrix storage manager\[/color][color=blue]iaanotif.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][rthdvcpl][/b] rthdvcpl.exe
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][skytel][/b] skytel.exe
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][nvcpldaemon][/b] rundll32.exe [color=teal]c:\windows\system32\[/color][color=blue]nvcpl.dll[/color],nvstartup
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][nvmediacenter][/b] rundll32.exe [color=teal]c:\windows\system32\[/color][color=blue]nvmctray.dll[/color],nvtaskbarinit
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][toolbar_eula_launcher][/b] [color=teal]c:\program files\googleeula\[/color][color=blue]eulalauncher.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][hp software update][/b] [color=teal]c:\program files\hp\hp software update\[/color][color=blue]hpwuschd2.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][logitechvideorepair][/b] [color=teal]c:\program files\logitech\video\[/color][color=blue]isstart.exe[/color] /regall
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][logitechvideotray][/b] [color=teal]c:\program files\logitech\video\[/color][color=blue]logitray.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][nbkeyscan][/b] [color=teal]c:\program files\nero\nero8\nero backitup\[/color][color=blue]nbkeyscan.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][groovemonitor][/b] [color=teal]c:\program files\microsoft office\office12\[/color][color=blue]groovemonitor.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][applesyncnotifier][/b] [color=teal]c:\program files\common files\apple\mobile device support\[/color][color=blue]applesyncnotifier.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][malwarebytes anti-malware (reboot)][/b] [color=teal]c:\program files\malwarebytes' anti-malware\[/color][color=blue]mbam.exe[/color] /runcleanupscript
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][updatereminder][/b] [color=teal]c:\program files\eset\[/color][color=blue]updatereminder.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][nbagent][/b] [color=teal]c:\program files\nero\nero 10\nero backitup\[/color][color=blue]nbagent.exe[/color] /winstart
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][quicktime task][/b] [color=teal]c:\program files\quicktime\[/color][color=blue]qttask.exe[/color] -atboottime
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][ituneshelper][/b] [color=teal]c:\program files\itunes\[/color][color=blue]ituneshelper.exe[/color]
[color=silver]o4 -[/color] [color=brown]hklm\..\run[/color]: [b][msc][/b] [color=teal]c:\program files\microsoft security client\[/color][color=blue]msseces.exe[/color] -hide -runkey
[color=silver]o4 -[/color] [color=brown]hklm\..\runonce[/color]: [b][avguninstallurl][/b] cmd.exe /c start [u][noparse]http://www.avg.com/ww.special-uninstallation-feedback-app?lic=oqbbafyargbsaeuarqatafyamwbaaemaoqataeuaswbbafiauwatadyaugbxaecaqqataeeaqqbuaemavqatafyauaa5aeyatga"&"inst=nwa3ac0amwa0adgamqayadganga0adaalqbgaewakwa5ac0arga5ae0angaradealqbyae8amwa2acsamqataeyaoqbnadcaqwaradua"&"prod=90"&"ver=9.0.872[/noparse][/u]
[color=silver]o4 -[/color] [color=brown]hkcu\..\run[/color]: [b][sidebar][/b] [color=teal]c:\program files\windows sidebar\[/color][color=blue]sidebar.exe[/color] /autorun
[color=silver]o4 -[/color] [color=brown]hkcu\..\run[/color]: [b][logitechsoftwareupdate][/b] [color=teal]c:\program files\logitech\video\[/color][color=blue]manifestengine.exe[/color] boot
[color=silver]o4 -[/color] [color=brown]hkcu\..\run[/color]: [b][ehtray.exe][/b] [color=teal]c:\windows\ehome\[/color][color=blue]ehtray.exe[/color]
[color=silver]o4 -[/color] [color=brown]hkcu\..\run[/color]: [b][adobeupdater][/b] [color=teal]c:\program files\common files\adobe\updater\[/color][color=blue]adobeupdater.exe[/color]
[color=silver]o4 -[/color] [color=brown]hkcu\..\run[/color]: [b][wmpnscfg][/b] [color=teal]c:\program files\windows media player\[/color][color=blue]wmpnscfg.exe[/color]
[color=silver]o4 -[/color] [color=brown]hkcu\..\run[/color]: [b][conhost][/b] [color=teal]c:\users\billy\appdata\roaming\microsoft\[/color][color=blue]conhost.exe[/color]
[color=silver]o4 -[/color] [color=brown]hkcu\..\runonce[/color]: [b][shockwave updater][/b] [color=teal]c:\windows\system32\adobe\shockw~1\[/color][color=blue]swhelp~1.exe[/color] -update -1100465 -"mozilla/5.0 (windows; u; windows nt 6.0; nl; rv:1.9.2) gecko/20100115 firefox/3.6 (.net clr 3.5.30729)" -"[u][noparse]http://www8.agame.com/games/shockwave/s/slipstream_slider/3_slipstream_slider_spel_nl/slipstream_slider_spel_nl.html"[/noparse][/u]
[color=silver]o4 -[/color] [color=brown]hkus\s-1-5-19\..\run[/color]: [b][sidebar][/b] [color=teal]%programfiles%\windows sidebar\[/color][color=blue]sidebar.exe[/color] /detectmem (user 'local service')
[color=silver]o4 -[/color] [color=brown]hkus\s-1-5-19\..\run[/color]: [b][windowswelcomecenter][/b] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service')
[color=silver]o4 -[/color] [color=brown]hkus\s-1-5-20\..\run[/color]: [b][sidebar][/b] [color=teal]%programfiles%\windows sidebar\[/color][color=blue]sidebar.exe[/color] /detectmem (user 'network service')
[color=silver]o4 -[/color] [color=brown]startup[/color]: adobe gamma.lnk = [color=teal]c:\program files\common files\adobe\calibration\[/color][color=blue]adobe gamma loader.exe[/color]
[color=silver]o4 -[/color] [color=brown]global startup[/color]: hp digital imaging monitor.lnk = [color=teal]c:\program files\hp\digital imaging\bin\[/color][color=blue]hpqtra08.exe[/color]
[color=silver]o8 -[/color] [color=brown]extra context menu item[/color]: add to google photos screensa&ver - res://c:\windows\system32\gphotos.scr/200
[color=silver]o8 -[/color] [color=brown]extra context menu item[/color]: e&xporteren naar microsoft excel - res://[color=teal]c:\progra~1\micros~4\office12\[/color][color=blue]excel.exe[/color]/3000
[color=silver]o9 -[/color] [color=brown]extra button[/color]: (no name) - [color=orange]{0f7195c2-6713-4d93-a1bc-da5fa33f0a65}[/color] - [color=teal]c:\program files\kikin\[/color][color=blue]ie_kikin.dll[/color]
[color=silver]o9 -[/color] [color=brown]extra 'tools' menuitem[/color]: my kikin - [color=orange]{0f7195c2-6713-4d93-a1bc-da5fa33f0a65}[/color] - [color=teal]c:\program files\kikin\[/color][color=blue]ie_kikin.dll[/color]
[color=silver]o9 -[/color] [color=brown]extra button[/color]: verzenden naar onenote - [color=orange]{2670000a-7350-4f3c-8081-5663ee0c6c49}[/color] - [color=teal]c:\progra~1\micros~4\office12\[/color][color=blue]onbttnie.dll[/color]
[color=silver]o9 -[/color] [color=brown]extra 'tools' menuitem[/color]: verz&enden naar onenote - [color=orange]{2670000a-7350-4f3c-8081-5663ee0c6c49}[/color] - [color=teal]c:\progra~1\micros~4\office12\[/color][color=blue]onbttnie.dll[/color]
[color=silver]o9 -[/color] [color=brown]extra button[/color]: research - [color=orange]{92780b25-18cc-41c8-b9be-3c9c571a8263}[/color] - [color=teal]c:\progra~1\micros~4\office12\[/color][color=blue]refiebar.dll[/color]
[color=silver]o9 -[/color] [color=brown]extra button[/color]: hp slim selecteren - [color=orange]{dde87865-83c5-48c4-8357-2f5b1aa84522}[/color] - [color=teal]c:\program files\hp\digital imaging\smart web printing\[/color][color=blue]hpswp_bho.dll[/color]
[color=silver]o16 -[/color] [color=brown]dpf[/color]: [color=orange]{d27cdb6e-ae6d-11cf-96b8-444553540000}[/color] (shockwave flash object) - [u][noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse][/u]
[color=silver]o18 -[/color] [color=brown]protocol[/color]: groovelocalgws - [color=orange]{88fed34c-f0ca-4636-a375-3cb6248b04cd}[/color] - [color=teal]c:\program files\microsoft office\office12\[/color][color=blue]groovesystemservices.dll[/color]
[color=silver]o18 -[/color] [color=brown]protocol[/color]: skype4com - [color=orange]{ffc8b962-9b40-4dff-9458-1830c7dd7f5d}[/color] - [color=teal]c:\progra~1\common~1\skype\[/color][color=blue]skype4~1.dll[/color]
[color=silver]o20 -[/color] [color=brown]appinit_dlls[/color]: [color=teal]c:\progra~1\google\google~1\[/color][color=blue]goec62~1.dll[/color]
[color=silver]o22 -[/color] [color=brown]sharedtaskscheduler[/color]: component categories cache daemon - [color=orange]{8c7461ef-2b13-11d2-be35-3078302c2030}[/color] - [color=teal]c:\windows\system32\[/color][color=blue]browseui.dll[/color]
[color=silver]o22 -[/color] [color=brown]sharedtaskscheduler[/color]: fencesshellext - [color=orange]{1984dd45-52cf-49cd-ab77-18f378fea264}[/color] - [color=teal]c:\program files\stardock\fences\[/color][color=blue]fencesmenu.dll[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: mobiel apple apparaat (apple mobile device) - apple inc. - [color=teal]c:\program files\common files\apple\mobile device support\[/color][color=blue]applemobiledeviceservice.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: bonjour-service (bonjour service) - apple inc. - [color=teal]c:\program files\bonjour\[/color][color=blue]mdnsresponder.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: firebird server - magix instance (firebirdservermagixinstance) - magix® - [color=teal]c:\program files\aldi foto service\common\database\bin\[/color][color=blue]fbserver.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: google update service (gupdate) (gupdate) - google inc. - [color=teal]c:\program files\google\update\[/color][color=blue]googleupdate.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: google updater service (gusvc) - google - [color=teal]c:\program files\google\common\google updater\[/color][color=blue]googleupdaterservice.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: intel(r) matrix storage event monitor (iaantmon) - intel corporation - [color=teal]c:\program files\intel\intel matrix storage manager\[/color][color=blue]iaantmon.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: installdriver table manager (idrivert) - macrovision corporation - [color=teal]c:\program files\common files\installshield\driver\1050\intel 32\[/color][color=blue]idrivert.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: ipod-service (ipod service) - apple inc. - [color=teal]c:\program files\ipod\bin\[/color][color=blue]ipodservice.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: @[color=teal]c:\program files\nero\update\[/color][color=blue]nasvc.exe[/color],-200 (naupdate) - nero ag - [color=teal]c:\program files\nero\update\[/color][color=blue]nasvc.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: nod32 kernel service (nod32krn) - eset  - [color=teal]c:\program files\eset\[/color][color=blue]nod32krn.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: nprotect gameguard service (npggsvc) - unknown owner - [color=teal]c:\windows\system32\[/color][color=blue]gamemon.des.exe[/color] [color=red](file missing)[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: nvidia display driver service (nvsvc) - nvidia corporation - [color=teal]c:\windows\system32\[/color][color=blue]nvvsvc.exe[/color]
[color=silver]o23 -[/color] [color=brown]service[/color]: liveshare p2p server 9 (roxliveshare9) - unknown owner - [color=teal]c:\program files\common files\roxio shared\9.0\sharedcom\[/color][color=blue]roxliveshare9.exe[/color] [color=red](file missing)[/color]
--
end of file - 11651 bytes

Zou iemand mij AUB kunnen helpen, ik bel al 2 uur bezig.. :P

aangepast door bd14
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop roxliveshare9

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete roxliveshare9

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop npggsvc

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete npggsvc

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

r0 - hklm\software\microsoft\internet explorer\search,searchassistant =

r0 - hklm\software\microsoft\internet explorer\search,customizesearch =

r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = http=127.0.0.1:59576

r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =

f3 - reg:win.ini: load=c:\users\billy\appdata\local\temp\csrss.exe

o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll (file missing)

o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)

o2 - bho: (no name) - {a057a204-bacc-4d26-9990-79a187e2698e} - (no file)

o2 - bho: ask toolbar bho - {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\genericasktoolbar.dll

o2 - bho: kikin plugin - {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll

o3 - toolbar: (no name) - {a057a204-bacc-4d26-9990-79a187e2698e} - (no file)

o3 - toolbar: (no name) - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - (no file)

o3 - toolbar: nero toolbar - {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\genericasktoolbar.dll

o4 - hklm\..\runonce: [avguninstallurl] cmd.exe /c start Uninstallation survey | AVG Nederland atafyamwbaaemaoqataeuaswbbafiauwatadyaugbxaecaqqataeeaqqbuaemavqatafyauaa5aeyatg a"&"inst=nwa3ac0amwa0adgamqayadganga0adaalqbgaewakwa5ac0arga5ae0angaradealqbyae8 amwa2acsamqataeyaoqbnadcaqwaradua"&"prod=90"&"ver=9.0.872

o4 - hkcu\..\runonce: [shockwave updater] c:\windows\system32\adobe\shockw~1\swhelp~1.exe -update -1100465 -"mozilla/5.0 (windows; u; windows nt 6.0; nl; rv:1.9.2) gecko/20100115 firefox/3.6 (.net clr 3.5.30729)" -http://www8.agame.com/games/shockwave/s/slipstream_slider/3_slipstream_slider_ spel_nl/slipstream_slider_spel_nl.html

o9 - extra button: (no name) - {0f7195c2-6713-4d93-a1bc-da5fa33f0a65} - c:\program files\kikin\ie_kikin.dll

o9 - extra 'tools' menuitem: my kikin - {0f7195c2-6713-4d93-a1bc-da5fa33f0a65} - c:\program files\kikin\ie_kikin.dll

Klik op 'Fix checked' om de items te verwijderen.

Verwijder Ask Toolbar of Ask.com via Configuratiescherm -> Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : c:\program files\ask.com.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.