WIN32 Trojan Downloader mebload.ar

Hallo,

Ik heb volgens eset een Win32 Trojan Downloader mebload.ar in het werkgeheugen zitten maar dit wordt niet altijd gedetecteerd. Hoe kom ik hier vanaf en wat is het. Ik heb er een logfile van Hijack bijgedaan.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:50:10, on 10-8-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/thewebblocker/{4E23176D-9DE6-408B-8503-9E323DC0A854}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

R3 - URLSearchHook: (no name) - {0b7430e9-e659-4555-ac67-be3340aaa519} - (no file)

R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)

O3 - Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O3 - Toolbar: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)

O3 - Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: FancyStart daemon.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (file missing)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs:

O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14829 bytes

Ik wist niet zeker of ik een administrator log had aangemaakt. Bij deze een wel een HI jack administrator log

Ik hoop dat dit beter is

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:39:52, on 10-8-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/thewebblocker/{4E23176D-9DE6-408B-8503-9E323DC0A854}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

R3 - URLSearchHook: (no name) - {0b7430e9-e659-4555-ac67-be3340aaa519} - (no file)

R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)

O3 - Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O3 - Toolbar: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)

O3 - Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: FancyStart daemon.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (file missing)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs:

O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15111 bytes

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/thewebblocker/{4E23176D-9DE6-408B-8503-9E323DC0A854}

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

R3 - URLSearchHook: (no name) - {0b7430e9-e659-4555-ac67-be3340aaa519} - (no file)

R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)

O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O3 - Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)

O3 - Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)

O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files (x86)\PHPNukeDU\tbPHPN.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

O3 - Toolbar: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)

O3 - Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)

O4 - Global Startup: FancyStart daemon.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (file missing)

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)

O20 - AppInit_DLLs:

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Hallo,

Ik heb gedaan wat je vertelde. Bijgaand dan ook de nieuwe logs

HI Jack

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:30:46, on 10-8-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11443 bytes

Anti Malwarebytes

Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2012.08.10.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mark :: MARK-PC [administrator]

Realtime bescherming: Ingeschakeld

10-8-2012 18:24:34

mbam-log-2012-08-10 (18-24-34).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 194373

Verstreken tijd: 4 minuut/minuten, 12 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2

C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Ik hoop dat het er al een stuk beter uit ziet zo.

Dit ziet er inderdaad heel wat beter uit. Laat ESET nu eens opnieuw scannen. Benieuwd wat die nog te vertellen heeft ?

Hoi Kape,

Ik heb Eset laten scannen als beheerder. De melding Win 32 trojan downloader.mebload ar is niet gedetecteerd. Maar dit werd ook niet altijd geconstateerd. Hij heeft wel 2 andere dingen gedetecteerd. Ik heb het opgeschoond en de hele map Windows/Temp weggegooid. Bijgaand logbestand van Eset

Logboek wordt gescand

Versie van database viruskenmerken: 7375 (20120810)

Datum: 11-8-2012 Tijd: 9:59:53

Gescande schijven, mappen en bestanden: Werkgeheugen;Opstartsector;C:\Opstartsector;C:\;D:\Opstartsector;D:\;E:\Opstartsector;E:\

C:\hiberfil.sys - fout tijdens openen [4]

C:\pagefile.sys - fout tijdens openen [4]

C:\Boot\BCD - fout tijdens openen [4]

C:\Boot\BCD.LOG - fout tijdens openen [4]

C:\found.001\dir0000.chk\plugin.vch - fout tijdens openen [4]

C:\found.001\dir0000.chk\resources.pak - fout tijdens openen [4]

C:\found.001\dir0000.chk\theme_resources_standard.pak - fout tijdens openen [4]

C:\found.001\dir0000.chk\ui_resources_standard.pak - fout tijdens openen [4]

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = PROCESS_LIBRARY.FDT = MIME - is OK (geen interne scan uitgevoerd)

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = HIRING_REQUISITION_CUSTOMIZED.FDT = MIME - is OK (geen interne scan uitgevoerd)

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = HIRING_REQUISITION.FDT = MIME - is OK (geen interne scan uitgevoerd)

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = TRACK_ISSUES.FDT = MIME - is OK (geen interne scan uitgevoerd)

C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab = CAB = POLICIES.FDT = MIME - is OK (geen interne scan uitgevoerd)

C:\Program Files\Enigma Software Group\SpyHunter\SHDS.mht = MIME - is OK (geen interne scan uitgevoerd)

C:\Program Files (x86)\Common Files\Wise Installation Wizard\WISF896D02690164122B9BD957FF092FFE9_4_9_12_4023.MSI = MSI = Cabs.w1.cab = CAB = SHDS.mht = MIME - is OK (geen interne scan uitgevoerd)

C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt = MIME - is OK (geen interne scan uitgevoerd)

C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt = MIME - is OK (geen interne scan uitgevoerd)

C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT = MIME - is OK (geen interne scan uitgevoerd)

C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt = MIME - is OK (geen interne scan uitgevoerd)

C:\Program Files (x86)\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt = MIME - is OK (geen interne scan uitgevoerd)

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - fout tijdens openen [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - fout tijdens openen [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - fout tijdens openen [4]

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - fout tijdens openen [4]

C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - fout tijdens openen [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - fout tijdens openen [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - fout tijdens openen [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - fout tijdens openen [4]

C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - fout tijdens openen [4]

C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - fout tijdens openen [4]

C:\Users\Mark\NTUSER.DAT - fout tijdens openen [4]

C:\Users\Mark\ntuser.dat.LOG1 - fout tijdens openen [4]

C:\Users\Mark\ntuser.dat.LOG2 - fout tijdens openen [4]

C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateHelper.msi = MSI = required.cab = CAB - fout bij lezen van archief

C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat - fout tijdens openen [4]

C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - fout tijdens openen [4]

C:\Users\Mark\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - fout tijdens openen [4]

C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml = MIME - is OK (geen interne scan uitgevoerd)

C:\Users\Mark\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\3856428C-00000001.eml = MIME - is OK (geen interne scan uitgevoerd)

C:\Users\Mark\AppData\Local\Temp\201479b2 - fout tijdens openen [4]

C:\Users\Mark\AppData\Local\Temp\7adc7dd - fout tijdens openen [4]

C:\Users\Mark\AppData\Local\Temp\bab696b0 - fout tijdens openen [4]

C:\Users\Mark\AppData\Local\Temp\dd5bc3f1 - fout tijdens openen [4]

C:\Users\Mark\AppData\Local\Temp\{D2EB0EC0-F8BA-4F0C-A7B3-ACE028A03BEA}\GoogleUpdateHelper.msi = MSI = required.cab = CAB - fout bij lezen van archief

C:\Users\Mark\AppData\Roaming\GrabIt\Temp\ktr.sas.12.07.27.charisma.cappelli.rar = RAR = - archief beschadigd

C:\Users\Mark\AppData\Roaming\GrabIt\Temp\pr0n.120727.rar = RAR = pr0n.120727.mp4 - archief beschadigd

C:\Users\Mark\Documents\LimeWire\Saved\16_Horsepower_-_Live_March_2001_(2008)_320Kbit\16 Horsepower - Live March 2001 (2008) 320Kbit.part1.rar = RAR = 16 Horsepower - Live March 2001 (2008) 320Kbit\103 wayfaring stranger.mp3 - volgend archiefvolume niet gevonden

C:\Users\Mark\Documents\LimeWire\Saved\Dubliners_-_Live_in_carre\Dubliners - Live in carre.part1.rar = RAR = 04 - Building up and tearing england down.mp3 - volgend archiefvolume niet gevonden

C:\Users\Mark\Documents\LimeWire\Saved\Ilse_DeLange_-_Live\Ilse DeLange - Live.part1.rar = RAR = Ilse DeLange - Live\cd1\Ilse de Lange - Live - 105 - Livin' On Love.mp3 - volgend archiefvolume niet gevonden

C:\Users\Mark\Downloads\PCMdailyExpansionPack-for-Patch1200\PCMdailyExpansionPack-for-Patch1200.exe = ASTRUM = top_giro_19_v2-emmea.zces - archief beschadigd. Het bestand kon niet worden uitgepakt.

C:\Users\Mark\Downloads\PCMdailyExpansionPack-for-Patch1200\PCMdailyExpansionPack-for-Patch1200.exe = ASTRUM = - archief beschadigd

C:\Windows\Installer\abe62.msi = MSI = Cabs.w1.cab = CAB = SHDS.mht = MIME - is OK (geen interne scan uitgevoerd)

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - fout tijdens openen [4]

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - fout tijdens openen [4]

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - fout tijdens openen [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - fout tijdens openen [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - fout tijdens openen [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\db.mdb - fout tijdens openen [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\edb.log - fout tijdens openen [4]

C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\38a80e3b2d139bea3e5466f734a03d541dc1fc93.HomeGroupClassifier\ae8daaeb3ce4daf7e63f4a3a81d0265e\grouping\tmp.edb - fout tijdens openen [4]

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - fout tijdens openen [4]

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - fout tijdens openen [4]

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - fout tijdens openen [4]

C:\Windows\System32\catroot2\edb.log - fout tijdens openen [4]

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - fout tijdens openen [4]

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - fout tijdens openen [4]

C:\Windows\Temp\uvwubngrdl.crx = CHROMEEXTENSION = content.zip = ZIP = plugin.dll - een variant van Win32/Kryptik.ILD trojaans paard

C:\Windows\Temp\uvwubngrdl\plugin.dll - een variant van Win32/Kryptik.ILD trojaans paard - opgeschoond door te verwijderen - in quarantaine geplaatst [1]

Opstartsector van schijf E: - fout tijdens openen [4]

E:\ - fout tijdens openen [4]

Aantal gescande objecten: 692036

Aantal gevonden bedreigingen: 2

Aantal opgeschoonde objecten: 1

Tijdstip van voltooiing: 11:52:42 Totale scantijd: 6769 sec. (01:52:49)

Opmerkingen:

[1] Het object is verwijderd omdat het alleen de viruscode bevatte.

[4] Het object kan niet worden geopend. Het wordt mogelijk gebruikt door een ander programma of het besturingssysteem.

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : een cleaning en het verwijderen van de besmette herstelpunten.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

• via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  
• Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  
• Klik op "Toepassen" en "OK".
  
• Herstart nu de PC.
  

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

Beste Kape,

Ik heb de bovenstaande punten uitgevoerd.

Is nu alles opgelost ? Hoe weet je dat zo zeker aangezien ik gisteren nog 2 meldingen in Eset had

Nog een vraag in mijn protection log van malwarebytes krijg ik constant de volgende regels.

2012/08/12 08:32:31 +0200 MARK-PC Mark IP-BLOCK 174.137.54.234 (Type: outgoing, Port: 55962, Process: explorer.exe)

2012/08/12 08:32:31 +0200 MARK-PC Mark IP-BLOCK 174.137.54.234 (Type: outgoing, Port: 55963, Process: explorer.exe)

2012/08/12 08:32:39 +0200 MARK-PC Mark IP-BLOCK 174.137.54.234 (Type: outgoing, Port: 55965, Process: explorer.exe)

2012/08/12 08:33:25 +0200 MARK-PC Mark DETECTION c:\programdata\windows\msseedir.dll Trojan.FakeMS DENY

2012/08/12 08:33:39 +0200 MARK-PC Mark DETECTION c:\programdata\windows\msseedir.dll Trojan.FakeMS DENY

Hoe voorkom ik dit ? hoe los ik dit op ?

Op basis van je eerste log bleken de besmettingen verwijderd te worden door ESET. Nu heb je blijkbaar andere bestanden als besmet in ESET ontdekt. Dan gaan we toch nog even verder kijken (voor alle zekerheid).

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Hoi Kape,

Bijgaand logbestand door combofix.

ComboFix 12-08-10.02 - Mark 12-08-2012 20:37:15.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4061.2251 [GMT 2:00]

Gestart vanuit: c:\users\Mark\Downloads\ComboFix.exe

AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\ASPG_icon.ico

c:\programdata\FullRemove.exe

c:\users\Mark\AppData\Local\TempDIR

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-12 to 2012-08-12 ))))))))))))))))))))))))))))))

.

.

2012-08-12 18:53 . 2012-08-12 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-12 06:46 . 2012-08-12 06:46 -------- d-----w- C:\found.002

2012-08-10 17:24 . 2012-08-10 17:24 -------- d-----w- c:\program files\CCleaner

2012-08-10 13:28 . 2012-08-10 13:28 388096 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-10 13:28 . 2012-08-10 13:28 -------- d-----w- c:\program files (x86)\Trend Micro

2012-08-10 13:17 . 2012-08-10 13:17 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes

2012-08-10 13:17 . 2012-08-10 13:17 -------- d-----w- c:\programdata\Malwarebytes

2012-08-10 13:17 . 2012-08-10 13:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-10 13:17 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-10 13:10 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CC30F0B-6FF8-46C3-92C8-8FF360BDF0ED}\mpengine.dll

2012-08-03 17:38 . 2012-08-03 17:38 -------- d-----w- c:\users\Mark\AppData\Local\Apps

2012-08-03 17:38 . 2012-08-03 17:39 -------- d-----w- c:\users\Mark\AppData\Local\Deployment

2012-08-03 13:09 . 2012-08-03 13:09 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe

2012-08-03 13:09 . 2012-08-03 13:09 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe

2012-08-03 13:09 . 2012-08-03 13:09 110080 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe

2012-08-03 13:09 . 2012-08-03 13:10 -------- d-----w- C:\sh4ldr

2012-08-03 13:09 . 2012-08-03 13:09 -------- d-----w- c:\program files\Enigma Software Group

2012-08-03 13:08 . 2012-08-03 13:09 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-08-03 13:08 . 2012-08-03 13:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-08-03 08:37 . 2012-08-03 08:37 -------- d-----w- C:\found.001

2012-08-01 17:04 . 2012-08-05 15:45 -------- d-----w- c:\users\Mark\AppData\Roaming\Pro Cycling Manager 2012

2012-08-01 16:41 . 2012-08-01 18:19 -------- d-----w- c:\program files (x86)\Cyanide

2012-08-01 16:21 . 2012-08-01 16:32 -------- d-----w- c:\users\Mark\AppData\Local\QuickPar

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-13 15:06 . 2010-07-10 16:27 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-12 03:08 . 2012-07-13 15:30 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-12 16:35 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-08 13:16 . 2012-06-08 13:16 350208 ----a-w- c:\windows\SysWow64\d3drm.dll

2012-06-06 06:06 . 2012-07-12 16:35 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-12 16:35 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-12 16:34 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-12 16:35 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-12 16:35 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-12 16:34 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 14:44 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 14:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 14:45 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 14:45 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 14:44 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 14:45 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 14:44 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 14:44 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-22 14:44 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-12 16:34 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-12 16:34 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-12 16:34 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-12 16:34 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-12 16:34 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-12 16:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-12 16:34 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-12 16:34 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-12 16:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 10:25 . 2010-07-10 13:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2010-11-20 3365176]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-03-02 273544]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-08-17 737104]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Mark\Downloads\Run\a2ddax64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]

R3 RTL8187B;Realtek RTL8187B 802.11b/g 54 Mbps draadloze USB 2.0-netwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 ***laby;***laby;c:\windows\system32\DRIVERS\***laby.sys [2009-06-18 15928]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 119632]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 20552]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1293247725-2620836413-3812038035-1000Core.job

- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 17:39]

.

2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1293247725-2620836413-3812038035-1000UA.job

- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 17:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)

WebBrowser-{0B7430E9-E659-4555-AC67-BE3340AAA519} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1293247725-2620836413-3812038035-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13FAFFAE-1468-8859-3799-1FEFB9F9EF40}*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-12 21:00:51

ComboFix-quarantined-files.txt 2012-08-12 19:00

.

Pre-Run: 26.918.469.632 bytes beschikbaar

Post-Run: 26.377.134.080 bytes beschikbaar

.

- - End Of File - - 32E10AD902BF4F52106DE208AA179B48

Hoe ziet het eruit ?