osj

alles klaar alles schoon BEDANKT!

Thnx voor het helpen. Laatse ding: krijg C:\Qoobox niet verwijderd. Hij zegt dat ik er geen recht toe heb ofzo.

Volgens mij alles opgelost. Graag nog 1 check van een hjackthis logje dan ben ik zeer tevrede. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:53:31, on 23-10-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: BgGamingMonitor.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 7781 bytes

Heb het gedaan maar heeft niks uitgehaald. Erg stom. Ik heb op mijn externe hardeschijf namelijk als ik in de balk toest f:/downloads wel gewoon recht op de map. Alleen wanneer ik naar f: ga dan zie ik daar maar 1 map en dat is recycler met daarin een desktop.ini. Hopelijk kent iemand die en kunnen jullie helpen. (tot nu toe zeer tevrede want me pc draaid wel stuk sneller nu) OKEE IK HEB IETS... Ik heb het volgende gebruik uitvoeren: cmd gestart en daarin het volgende: attrib (Map Naam) -r -a -s -h Hierdoor zijn er weer mappen zichtbaar geworden:O. Heb ik nu niet me virus en zooi terug gehaald. Zie nu ook in de log file van eset dat hij deze mappen die ik kwijt was in quarinte had geplaatst etc. wie kan me wat uitleg geven.

Okee. het probleem van de malware setup is opgelost deze verschijnt niet meer. Tevens zijn de snelkoppelingen ook van mijn externe harde schijven weg. Dit allemaal dankzij Eset online scanner. Nu is alleen een volgend probleem. Door dat al de snelkoppelingen van mijn externe hardeschijf zijn zijn ook al die mappen opeens verdwenen. De bestande staan er nog gewoon op kan ik zien maar de mappen om er naar toe te gaan zijn weg. zie hier de log van eset: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=9fc64273eff9f4499a44c04989dc6e8b # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-10-21 01:23:18 # local_time=2011-10-21 03:23:18 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 13216603 13216603 0 0 # compatibility_mode=4609 16776574 60 61 15061 32256654 0 0 # compatibility_mode=5893 16776573 100 94 15228 70765707 0 0 # compatibility_mode=8192 67108863 100 0 81 81 0 0 # scanned=410800 # found=19 # cleaned=19 # scan_time=25682 C:\Users\Gebruiker\AppData\Roaming\Jplmlv.exe a variant of MSIL/Injector.JB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\autorun.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\DOWNLOADS.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\Recycled.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\System Volume Information.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\RECYCLER\e621ca05.exe a variant of MSIL/Injector.JB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\$INPLACE.~TR.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\autorun.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Boeken FIa.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\FILMS DVD5.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Iphone Backupps.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Recycled.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Start to run.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\System Volume Information.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\wd_mac_tools.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\wd_windows_tools.lnk Win32/Dorkbot.D worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\RECYCLER\e621ca05.exe a variant of MSIL/Injector.JB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Online scanner doet het wel in veilige modus daar is hij nu mee bezig. Daarna flash desinfector Fingers crossed!!

Erg vreemd maar ik kan de hele site niet openen. Alsof de site offline ie gehaald ofzo. Is er een andere manier om deze online scan te doen? Ben ondertussen ff verder gaan zoeken op google en vind dat het het Recycler virus is. Kent iemand die? als ik naar de snelkoppelingen krijg heb ik dit soort koppelingen: %windir%\system32\cmd.exe /c "start %cd%RECYCLER\e621ca05.exe &&%windir%\explorer.exe %cd% ik hoop dat iemand de oplossing weet

Bij deze mijn logje van combofix. Helaas na opnieuw opstarten is wederom de setup van malware terug gekomen en de snelkoppelingen zijn ook nog niet weg. (kan het misschien liggen aan het feit dat deze snelkoppelingen staan op een externe harde schijf? Staat het virus misschien op de externe schijf?) ComboFix 11-10-19.03 - Gebruiker 19-10-2011 15:15:54.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3327.1677 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\Combofix.exe AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C} FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67} SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard\SetupWizard.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Setup Wizard\Verwijder SetupWizard.lnk c:\users\Gebruiker\AppData\Roaming\6330.exe c:\windows\jestertb.dll F:\Autorun.inf G:\Autorun.inf G:\setup.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))) . . 2011-10-19 13:30 . 2011-10-19 13:31 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2011-10-19 13:30 . 2011-10-19 13:30 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2011-10-19 13:30 . 2011-10-19 13:30 -------- d-----w- c:\users\Mcx1(451)\AppData\Local\temp 2011-10-19 13:30 . 2011-10-19 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-18 16:51 . 2011-10-18 16:51 709968 ----a-w- c:\windows\is-ESTCJ.exe 2011-10-17 17:41 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-13 21:03 . 2011-09-29 07:28 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-10-13 20:46 . 2011-10-13 20:47 -------- d-----w- C:\0bd6b3d17fc0f523874d226a 2011-10-13 20:32 . 2011-10-13 20:32 -------- d-----w- c:\program files\iPod 2011-10-13 20:24 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 20:24 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 20:24 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 20:24 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 20:20 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys 2011-09-23 15:57 . 2011-10-13 20:00 -------- d-----w- c:\program files\QuickTime 2011-09-23 15:53 . 2011-10-13 20:00 -------- d-----w- c:\program files\Apple Software Update . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-19 13:14 . 2011-10-19 13:14 23220224 ----a-w- c:\users\Gebruiker\AppData\Roaming\Jplmlv.exe 2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-21 20:05 . 2011-08-21 20:05 155992 ----a-w- c:\windows\system32\BGLsp.dll 2011-08-20 23:46 . 2011-08-20 18:02 53248 ----a-w- c:\windows\system32\ssosskin.dll 2011-08-02 18:48 . 2011-08-28 17:08 2469248 ----a-w- c:\windows\system32\BootMan.exe 2011-07-29 11:54 . 2011-08-28 17:08 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2011-07-29 11:54 . 2011-08-28 17:08 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys 2011-07-29 11:54 . 2011-08-28 17:08 14216 ----a-w- c:\windows\system32\epmntdrv.sys 2011-07-29 11:54 . 2011-08-28 17:08 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll 2009-09-12 22:05 . 2009-09-12 22:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-12 22:06 . 2009-09-12 22:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-12 22:06 . 2009-09-12 22:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-12 22:06 . 2009-09-12 22:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-12 22:06 . 2009-09-12 22:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-12 22:07 . 2009-09-12 22:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-12 22:06 . 2009-09-12 22:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-12 22:06 . 2009-09-12 22:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2009-08-14 12:33 . 2009-08-14 12:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-12 22:06 . 2009-09-12 22:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2011-09-29 07:28 . 2011-10-13 21:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2011-07-07 1620824] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2010-05-20 13:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-07-09 15:37 13939816 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-07-09 15:37 110696 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-08-02 06:36 1242448 ----a-w- c:\program files\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-26 717296] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2011-05-20 125784] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1343400] S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-10-12 34920] S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2011-04-10 61152] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-26 218176] S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2011-05-02 215624] S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2011-05-02 20040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2011-09-17 338264] S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2009-07-14 20992] S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 20992] S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 20992] S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 20992] S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 20992] S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2011-05-20 320344] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944] S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2010-10-12 328296] S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2011-10-13 288600] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576] S3 netr73;Stuurprogramma voor 802.11 b/g draadloze USB-adapter voor Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire BullGuard_LowPriv REG_MULTI_SZ BsBrowser BullGuard_Main REG_MULTI_SZ BsMain . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\BGLsp.dll TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\m5bbc1us.default\ FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{C0D70ED8-D984-40C3-9666-8939CE76EA13} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe AddRemove-D-Link CIF Webcam - c:\windows\CleanDev.exe AddRemove-Libox - c:\program files\Libox\1.4.0.8\uninst.exe . . . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Jplmlv"="c:\\Users\\Gebruiker\\AppData\\Roaming\\Jplmlv.exe" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(704) c:\windows\system32\BgGamingMonitor.dll . - - - - - - - > 'lsass.exe'(628) c:\windows\system32\BgGamingMonitor.dll . Voltooingstijd: 2011-10-19 15:34:37 ComboFix-quarantined-files.txt 2011-10-19 13:34 . Pre-Run: 321.237.753.856 bytes beschikbaar Post-Run: 321.860.722.688 bytes beschikbaar . - - End Of File - - 8D29E7160F3DAB44ADD2366D5FE6CEE8

Beide problemen blijven helaas bestaan tevens 2 regels in hjackthis zijn niet verwijderd. Graag een nieuwe oplossing als jullie die weten. zie hier me 2 nieuwe logjes: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:27:00, on 19-10-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe C:\Windows\System32\SvcHost.exe C:\Windows\System32\SvcHost.exe C:\Windows\System32\SvcHost.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskhost.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe C:\Program Files\NewsLeecher\newsLeecher.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: BgGamingMonitor.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 9706 bytes Malware Log: Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 7976 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 19-10-2011 14:35:08 mbam-log-2011-10-19 (14-35-08).txt Scantype: Snelle scan Objecten gescand: 198711 Verstreken tijd: 9 minuut/minuten, 31 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)

Hi All, 2 problemen eigenlijk 1. De mappen op mijn externe hardeschijf zijn opeens snelkoppelingen geworden 2. Ik heb Malware Byte geinstaleerd maar hij blijft elke keer een nieuw setup scherm geven alsof ik het nog niet geinstaleerd heb. Wie o wie kan helpen hier onder hjackthis logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:55:01, on 18-10-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe C:\Windows\System32\SvcHost.exe C:\Windows\System32\SvcHost.exe C:\Windows\System32\SvcHost.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe c:\Program Files\Microsoft Silverlight\4.0.60831.0\agcp.exe c:\Program Files\Microsoft Silverlight\4.0.60831.0\agcp.exe C:\Windows\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-ESTCJ.exe" /REG /REGSVRMODE O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: BgGamingMonitor.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing) -- End of file - 10562 bytes