Ga naar inhoud

WardL

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    3

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door WardL

    Politie Virus Ukash

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Bedankt voor het antwoord, hier de log van Combofix:

    ComboFix 12-06-25.03 - Sofie 25-06-2012 20:11:34.1.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2021.1285 [GMT 2:00]

    Gestart vanuit: c:\documents and settings\TEMP.HP14944136973\Bureaublad\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    .

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\Sofie\WINDOWS

    c:\windows\jestertb.dll

    c:\windows\system32\dllcache\dlimport.exe

    D:\Autorun.inf

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 ))))))))))))))))))))))))))))))

    .

    .

    2012-06-23 14:05 . 2012-06-23 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2012-06-23 14:05 . 2012-06-23 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-06-23 14:05 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-23 08:13 . 2012-06-23 10:33 -------- d-----w- c:\documents and settings\TEMP

    2012-06-21 17:18 . 2012-06-23 14:45 -------- d-----w- C:\hijackthis

    2012-06-13 17:44 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll

    2012-06-10 10:11 . 2012-06-10 10:11 -------- d-----w- c:\program files\Dropbox

    2012-06-09 11:06 . 2012-06-09 11:06 -------- d-----w- c:\windows\system32\wbem\Repository

    2012-05-29 05:45 . 2012-03-14 16:23 54784 ----a-w- c:\windows\system32\pdfcmon.dll

    2012-05-29 05:45 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

    2012-05-29 05:45 . 2012-05-29 05:45 -------- d-----w- c:\program files\PDFCreator

    2012-05-29 05:45 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

    2012-06-02 13:19 . 2004-08-04 08:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

    2012-06-02 13:19 . 2004-08-04 08:03 329240 ----a-w- c:\windows\system32\wucltui.dll

    2012-06-02 13:19 . 2004-08-04 08:03 210968 ----a-w- c:\windows\system32\wuweb.dll

    2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 13:19 . 2004-08-04 08:03 53784 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 13:19 . 2004-08-04 08:03 35864 ----a-w- c:\windows\system32\wups.dll

    2012-06-02 13:19 . 2004-08-04 08:03 97304 ----a-w- c:\windows\system32\cdm.dll

    2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

    2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

    2012-06-02 13:19 . 2004-08-04 08:03 577048 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 13:19 . 2008-10-16 12:09 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

    2012-06-02 13:19 . 2004-08-04 08:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 13:19 . 2009-05-05 16:59 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

    2012-06-02 13:18 . 2009-05-05 16:59 275696 ----a-w- c:\windows\system32\mucltui.dll

    2012-06-02 13:18 . 2008-10-16 12:07 214256 ----a-w- c:\windows\system32\muweb.dll

    2012-05-31 13:22 . 2004-08-04 08:03 602624 ----a-w- c:\windows\system32\crypt32.dll

    2012-05-16 15:09 . 2004-08-04 08:03 916992 ----a-w- c:\windows\system32\wininet.dll

    2012-05-15 13:55 . 2004-08-04 07:56 1863296 ----a-w- c:\windows\system32\win32k.sys

    2012-05-11 14:44 . 2004-08-04 08:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-05-11 14:44 . 2004-08-04 08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2012-05-11 11:39 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

    2012-05-05 03:15 . 2004-08-04 07:58 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-05 03:14 . 2006-03-02 09:00 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-05-02 13:47 . 2004-08-04 08:03 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-04-24 21:47 . 2011-09-21 09:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]

    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]

    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

    "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]

    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]

    "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    .

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2011-11-17 611144]

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    "c:\\Documents and Settings\\Sofie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

    .

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1-6-2011 11:26 612184]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30-11-2010 20:55 337880]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30-11-2010 20:55 20696]

    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648]

    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23-6-2012 16:05 654408]

    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [27-11-2010 0:55 398176]

    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4-5-2009 1:16 36608]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23-6-2012 16:05 22344]

    S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176]

    S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24-11-2011 21:33 136176]

    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24-11-2011 21:33 136176]

    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24-4-2012 23:47 129976]

    .

    Inhoud van de 'Gedeelde Taken' map

    .

    2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-24 19:33]

    .

    2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-24 19:33]

    .

    .

    ------- Bijkomende Scan -------

    .

    uStart Page = hxxp://www.hp.com

    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 195.130.130.133 195.130.131.133

    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

    FF - ProfilePath - c:\documents and settings\TEMP.HP14944136973\Application Data\Mozilla\Firefox\Profiles\l49ee1mq.default\

    .

    - - - - ORPHANS VERWIJDERD - - - -

    .

    Toolbar-10 - (no file)

    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe

    AddRemove-BittorrentBar_NL Toolbar - c:\progra~1\BITTOR~2\UNWISE.EXE

    AddRemove-IncrediMail_MediaBar_Nederlands_2 Toolbar - c:\program files\IncrediMail_MediaBar_Nederlands_2\uninstall.exe

    AddRemove-KetnetKick V1.06.13 - c:\progra~1\KETNET~1\UNWISE.EXE

    AddRemove-KetnetKick V1.80 - c:\progra~1\KETNET~1\UNWISE.EXE

    AddRemove-Need For Speed III - c:\program files\Electronic Arts\Need For Speed III\DeIsL1.isu

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

    Rootkit scan 2012-06-25 20:15

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scannen van verborgen processen ...

    .

    scannen van verborgen autostart items ...

    .

    scannen van verborgen bestanden ...

    .

    Scan succesvol afgerond

    verborgen bestanden: 0

    .

    **************************************************************************

    .

    Voltooingstijd: 2012-06-25 20:16:21

    ComboFix-quarantined-files.txt 2012-06-25 18:16

    .

    Pre-Run: 103.852.036.096 bytes beschikbaar

    Post-Run: 104.237.281.280 bytes beschikbaar

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    .

    - - End Of File - - 441715A08F81DEBD465F57C05D94C09B

    Politie Virus Ukash

    in Archief Bestrijding malware & virussen

    Geplaatst:

    bedankt voor de info. hieronder logs van Hijackthis en MBAM.

    probleem lijkt op eerste zicht opgelost, wel nog wat problemen met het laden van profiel tijdens opstarten...

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 16:45:38, on 23-6-2012

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Microsoft\BingBar\BBSvc.EXE

    C:\Program Files\Microsoft\BingBar\SeaPort.EXE

    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\msiexec.exe

    C:\WINDOWS\system32\igfxtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

    C:\WINDOWS\SMINST\Scheduler.exe

    C:\Program Files\Citrix\ICA Client\concentr.exe

    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files\Citrix\ICA Client\wfcrun32.exe

    C:\Program Files\Alwil Software\Avast5\avastUI.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\WinZip\WZQKPICK32.EXE

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP - United States | Laptop Computers, Desktops , Printers, Servers and more

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

    O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE

    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=74&bd=smb&pf=desktop

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241536194531

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

    --

    End of file - 8831 bytes

    2012/06/23 16:05:54 +0200 HP14944136973 Sofie MESSAGE Starting protection

    2012/06/23 16:05:59 +0200 HP14944136973 Sofie MESSAGE Protection started successfully

    2012/06/23 16:06:02 +0200 HP14944136973 Sofie MESSAGE Starting IP protection

    2012/06/23 16:06:03 +0200 HP14944136973 Sofie MESSAGE IP Protection started successfully

    2012/06/23 16:06:16 +0200 HP14944136973 Sofie MESSAGE Executing scheduled update: Daily

    2012/06/23 16:06:16 +0200 HP14944136973 Sofie MESSAGE Database already up-to-date

    2012/06/23 16:21:52 +0200 HP14944136973 Sofie IP-BLOCK 94.125.182.255 (Type: incoming)

    2012/06/23 16:42:02 +0200 HP14944136973 Sofie MESSAGE Starting protection

    2012/06/23 16:42:10 +0200 HP14944136973 Sofie MESSAGE Protection started successfully

    2012/06/23 16:42:13 +0200 HP14944136973 Sofie MESSAGE Starting IP protection

    2012/06/23 16:42:15 +0200 HP14944136973 Sofie MESSAGE IP Protection started successfully

    Politie Virus Ukash

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Hallo,

    Ik zit hier aan computer waar het Ukash 'politie' virus is op terecht gekomen.

    ik heb al een aantal van de topics hier doorlopen, maar geen ervan leek een oplossing te bieden (de opgelijste items kwamen niet voor bij mijn hijackthis scan)

    Ik heb nu pc in veilige modus kunnen opstarten en Hijackthis uitgevoerd.

    Hieronder is de log te vinden.

    Ziet iemand de boosdoeners?

    Alvast hartelijk bedankt!

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 19:43:19, on 21-6-2012

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Safe mode with network support

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Mozilla Firefox\plugin-container.exe

    C:\hijackthis\HijackThis.exe

    C:\WINDOWS\system32\ctfmon.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP - United States | Laptop Computers, Desktops , Printers, Servers and more

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

    O2 - BHO: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll (file missing)

    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

    O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

    O2 - BHO: WinZipBar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: IncrediMail MediaBar Nederlands 2 - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll (file missing)

    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

    O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files\BittorrentBar_NL\tbBitt.dll (file missing)

    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

    O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

    O3 - Toolbar: IncrediMail MediaBar Nederlands 2 Toolbar - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll (file missing)

    O3 - Toolbar: WinZipBar Toolbar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll

    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

    O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: VPN Client.lnk = ?

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE

    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=74&bd=smb&pf=desktop

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241536194531

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

    --

    End of file - 9934 bytes

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.