snikke84

NOg s bedankt! Ik merk geen problemen meer. Ik vroeg me nog af: kan ik dit in de toekomst vermijden? Ik weet zelfs niet of op mijn laptop een "echte" antivirus staat. Kunnen jullie op dat vlak iets aanraden?

Zoek.exe Version 4.0.0.3 Updated 27-June-2013 Tool run by PO on do 27/06/2013 at 21:28:45,68. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2751426675-4231706426-2042464496-1158\Software\Microsoft\Internet Explorer\SearchScopes\{E499EF8A-1D7F-4689-AFE6-F358AD86F311} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== "C:\users\PO\AppData\Roaming\skype.ini" deleted "C:\Users\PO\AppData\Roaming\skype.ini" deleted "C:\Users\Public\Desktop\YouTube Downloader.lnk" deleted "C:\Program Files\YouTube Downloader Toolbar" deleted "C:\Users\PO\AppData\Roaming\VshareComplete" deleted ==== Chrome Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {E45550D0-0939-4D8F-B14D-54FE34CF21C0} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}" ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter-Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter-Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\PO\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LHU4E3V will be deleted at reboot C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\PO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\PO\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LHU4E3V" not found ==== EOF on do 27/06/2013 at 21:35:51,64 ======================

Zoek.exe Version 4.0.0.2 Updated 26-June-2013 Tool run by PO on do 27/06/2013 at 0:19:44,70. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Deleting Files \ Folders ====================== "C:\ProgramData\bebkmhtj.exe" not found ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\PO\AppData\Local\Temp ==== 2013-06-26 18:16:46 4ACE9EEB32DE26548956B5E5841E90CB 347258 ----a-w- C:\Users\PO\AppData\Local\Temp\jna5656891961732376989.dll 2013-06-26 18:01:26 4ACE9EEB32DE26548956B5E5841E90CB 347258 ----a-w- C:\Users\PO\AppData\Local\Temp\jna4468791848848720888.dll 2013-06-25 23:49:09 4ACE9EEB32DE26548956B5E5841E90CB 347258 ----a-w- C:\Users\PO\AppData\Local\Temp\jna1687776613467124667.dll 2013-06-25 22:44:44 4ACE9EEB32DE26548956B5E5841E90CB 347258 ----a-w- C:\Users\PO\AppData\Local\Temp\jna996495149526983223.dll 2013-06-25 22:39:13 4ACE9EEB32DE26548956B5E5841E90CB 347258 ----a-w- C:\Users\PO\AppData\Local\Temp\jna2408187053457991909.dll 2013-06-23 14:27:42 4ACE9EEB32DE26548956B5E5841E90CB 347258 ----a-w- C:\Users\PO\AppData\Local\Temp\jna8303089699697022057.dll 2013-06-20 12:24:18 BBCDC61C8AA8009FED0028798A761EE2 10502144 ----a-w- C:\Users\PO\AppData\Local\Temp\SkypeToolbars.msi 2013-06-20 12:23:42 328991804ABC0187FB2A6485826548AB 21532672 ----a-w- C:\Users\PO\AppData\Local\Temp\Skype.msi 2013-06-16 18:34:21 4ACE9EEB32DE26548956B5E5841E90CB 347258 ----a-w- C:\Users\PO\AppData\Local\Temp\jna6861728128670192047.dll 2013-06-13 15:35:58 4ACE9EEB32DE26548956B5E5841E90CB 347258 ----a-w- C:\Users\PO\AppData\Local\Temp\jna1249452328065330453.dll ====== C:\Windows\system32 ===== 2013-06-13 07:22:59 756D0A65C1FB5528DBD04A44F773E608 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-13 07:22:59 56DF028F2EE4A2C2972E06907815C822 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2013-06-13 07:22:58 43697D7CDAEAE3EBBADE2C05107418FF 420864 ----a-w- C:\Windows\System32\vbscript.dll 2013-06-13 07:22:56 45194B4B2280B7745AC6C483C32385A8 65024 ----a-w- C:\Windows\System32\jsproxy.dll 2013-06-13 07:22:55 A1400CCB4D99E0B9E76EB45782D5C7FC 176640 ----a-w- C:\Windows\System32\ieui.dll 2013-06-13 07:22:54 C2CDBB424CF2461199322D6825F7B426 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2013-06-13 07:22:54 977176C4A8F4039F17F9BA939AA857A0 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-06-13 07:22:53 B49CEF589D47D9D3F602E118B1F5F3B5 717824 ----a-w- C:\Windows\System32\jscript.dll 2013-06-13 07:22:53 6A25377A76479A0C0BF3DB6FC42FE09A 1129472 ----a-w- C:\Windows\System32\wininet.dll 2013-06-13 07:22:51 84C8AFD609A3DE18F40AA64CDEB40194 231936 ----a-w- C:\Windows\System32\url.dll 2013-06-13 07:22:51 57E68AE0BCEB0F70C8AA1C4A6D5C2050 1800704 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-13 07:22:50 6057AA7FDF03309A18FAE4E9FCFE7D8F 1796096 ----a-w- C:\Windows\System32\iertutil.dll 2013-06-13 07:22:49 71D8D1FD4989932674CD1F5743191286 1104384 ----a-w- C:\Windows\System32\urlmon.dll 2013-06-13 07:22:48 DBA747919344CD1353F8107134A20D62 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-06-13 07:22:47 B81388E9FE895065FD5CEAF3C11FDC3F 9738752 ----a-w- C:\Windows\System32\ieframe.dll 2013-06-13 07:22:46 A6F5B25905CD01AE714990E02C7205A5 12329984 ----a-w- C:\Windows\System32\mshtml.dll ====== C:\Windows\system32\drivers ===== 2013-06-12 07:17:14 D32FDAC73FCD76B85389C39BC1087F2A 1293672 ----a-w- C:\Windows\System32\drivers\tcpip.sys ====== C:\Windows\Tasks ====== 2013-06-26 22:19:31 E689BA56065A8A0D1D7ABFAC313573D3 3236 ----a-w- C:\Windows\system32\Tasks\{E4CE4B27-AFAC-4D3E-A436-2D4828B2E94E} 2013-06-26 10:37:35 CA4ACDEAF10FDBC0B08CD89E6618C963 3602 ----a-w- C:\Windows\system32\Tasks\Ad-Aware Update (Weekly) ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-06-20 12:24:06 -------- d-----w- C:\Program Files\Common Files\Skype 2013-06-20 12:24:04 -------- d-----r- C:\Program Files\Skype ======= C: ===== ====== C:\Users\PO\AppData\Roaming ====== 2013-06-26 13:57:47 -------- d-----w- C:\users\PO\AppData\Local\Programs 2013-06-25 22:36:09 F1D3FF8443297732862DF21DC4E57262 4 ----a-w- C:\users\PO\AppData\Roaming\skype.ini 2013-06-20 12:24:21 -------- d-----w- C:\users\PO\AppData\Roaming\Skype ====== C:\Users\PO ====== 2013-06-20 12:24:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2013-06-20 12:23:59 -------- d-----w- C:\ProgramData\Skype ====== C: exe-files == 2013-06-24 07:37:40 10B01048B1DA075CD1EE27E30B4CF342 308816 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarUser_32_16A328A5A291F177.exe 2013-06-24 07:37:31 9227CD96860A2B54E7CF4C91B255C420 1070672 ----a-w- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_80ACC8E3971CD605.exe 2013-06-24 07:35:43 FF288AD39AFA4B198C744E47A2994DCB 530912 ----a-w- C:\Program Files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4209.2358\GoogleToolbarInstaller_updater_signed.exe === C: other files == 2013-06-26 21:00:02 DAD95015747A9E7B4725D6F3D23D712E 328 ----a-w- C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LHU4E3V\home[1].vbs ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2751426675-4231706426-2042464496-1158\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Folders ====================== 2011-01-10 18:36:40 1785 ----a-w- C:\users\PO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk 2010-05-17 13:09:02 808 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/06/2013 09:03] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task] ==== Chrome Look ====================== YouTube - PO - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - PO - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - PO - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== EOF on do 27/06/2013 at 0:26:23,43 ======================

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:03:08, on 26/06/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16490) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\PO\Desktop\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = TIMMERMAN.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- End of file - 6182 bytes

Hier het logje, ik heb één "Trojan" moeten verwijderen: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.04.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 PO :: PJO-LAPTOP [administrator] 26/06/2013 16:05:03 mbam-log-2013-06-26 (16-05-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235597 Time elapsed: 13 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\PO\AppData\Roaming\skype.dat (Trojan.Agent) -> Quarantined and deleted successfully. (end)

Hieronder mijn HJT logje. Wil iemand het eens nakijken ajb, en mij zeggen of ik nog iets moet doen? Alvast nog eens MERCI Voorlpig, ondanks internetconnectie, nog geen UKASH popup! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:48:22, on 26/06/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16490) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\samsung\SAMSUN~1\SUPNOT~1.EXE C:\Users\PO\Desktop\HiJackThis\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25429 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bebkmhtjxh***cw] C:\ProgramData\bebkmhtj.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = TIMMERMAN.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- End of file - 7229 bytes

Hallo! Via F9 ben ik inderdaad vooruit geraakt. Ben dan geraakt tot het ingeven van "windowsunlocker", was moeilijk want opeens heb ik blijkbaar een "querty scherm". Maar nu geeft hij "cannot acces '...': no such file or directory Zucht... - - - Updated - - - nu, toch weer wat verder geraakt... na windowsunlocker vraagt hij Please, select command to execute: 1-Unlock Windows 2 - Save boot sector copies 0 - Exit - - - Updated - - - (1):>[[ Unknown command - - - Updated - - - Het lijkt precies "gelukt" te zijn? Na nog een "entertje". Heb nu mijn geinfecteerde PC terug opgestart, en voorlopig nog geen UKASH popup?! Ik heb wel geen internetverbinding momenteel op die PC, zou het daardoor kunnen zijn dat UKASH niet opduikt? Moet ik nog iets doen nu, of gewoon internetkabeltje "durven" insteken, en zien wat er gebeurt dan? 1000x MERCI aan alle helpers. Jullie zijn engelen en maken ongeruste mensen terug een beetje geruster ;-) *hopelijk niet te vroeg victorie gekraai hier* - - - Updated - - - Het lijkt precies "gelukt" te zijn? Na nog een "entertje". Heb nu mijn geinfecteerde PC terug opgestart, en voorlopig nog geen UKASH popup?! Ik heb wel geen internetverbinding momenteel op die PC, zou het daardoor kunnen zijn dat UKASH niet opduikt? Moet ik nog iets doen nu, of gewoon internetkabeltje "durven" insteken, en zien wat er gebeurt dan? 1000x MERCI aan alle helpers. Jullie zijn engelen en maken ongeruste mensen terug een beetje geruster ;-) *hopelijk niet te vroeg victorie gekraai hier*

helpt dit?

F5 brengt me opnieuw naar de 3 opties "veilige modus" etc. F12 krijg ik even een ander schermpje, maar dan opnieuw naar de 3 opties "veilige modus" etc. F2 brengt me naar een totaal ander soort scherm, waar dus oa een tab "boot" zit, maar waar ik niet inzie hoe ik een USB schijf kan "selecteren" of iets dergelijks... *nog s bedankt!!*

Nog s bedankt. Bij mij staat er F4 = recovery, als ik via die weg ga, kom ik op "samsung recovery solution", en dan heb ik drie mogelijkheden -herstel -backup -systeemsoftware ? Moet ik daar iets mee? - - - Updated - - - via F2 vind ik wel een tabbladje "boot", maar zie niets van "order" ofzo, en zie ook niet hoe ik daar het usb device kan zetten. Sorry voor alle oevrlast! Is echt niet makkelijk om via beschrijvingen uit te leggen , en ik stress enorm!

- - - Updated - - - Hallo nog 's Ik denk dat het usb stickje nu misschien wel correct is aangemaakt, maar via die F11 knop gebeurt niet wat jij schreef. ik kom terug uit bij de 3 opties "veilige modus" etc. Zie niet waar ik de USB zou kunnen "selecteren"...? Als ik op vb F8 druk, krijg ik een aantal andere optie, maar nergens optie "usb". Wel vb "uw computer hesrtellen" "logboekregistratie" "video" "foutopsporingsmethode" "..." Moet ik daar iets mee doen, of nog een andere Ftoets proberen? Alvast bedankt nog 's!!! - - - Updated - - - Via F2toets vind ik iets van "USB" ik kan nl: - USB 3S Wake-Up "enablen" (ipv disablen) - USB charge in Sleep Mode "enablen" (ipv disablen) moet ik dat doen?

alles leek goed te zijn verlopen, bij het aanmaken van de USB stick. op het einde (nadat alels gedaan was) kreeg ik een melding "de installatie is mogelijk niet juist verlopen". Als ik nu (op gezonde pc) op die USB kijk, zie ik daar ook geen gedownload bestand op. Is dat normaal? Ik hoop dat eht ook geen kwaaad kan dat er andere documenten op die USBstick staan, of wel?

Alvast bedankt. Heb ik het goed begrepen dat ik die dingen download op een gezonde pc, en dan de USB stickin de besmette pc stop? Zonder dat ik eerst naar mijn buroblad moet, want daar geraak ik dus niet meer in! - - - Updated - - - En als ik uiteindelijk de pc herstart, moet dit dan in veilige modus, of gewoon?

Nog een aanvulling. Na op internet wat te hebben rondgelezen, meen ik er precies van uit te gaan dat ik een bepaald programma zal moeten downloaden op USB of cd, om van daaruit de pc te starten? Lukt dat dan wel, vroeg ik me af, als je niet meer op je buroblad geraakt? Ik ben een absolute pc-nul. Hoop dat t kan werken met een usbstickje. Heb zelfs geen blanco CDs, en heb nog nooit iets op cd gebrand. Maar nu loop ik mss nodeloos vooruit op jullie, hopelijk werkend, advies. Alvast bedankt nogmaals!!

Hallo Jullie hebben mij al s eerder geholpen met dit virus. Toen kon ik vanuit veilige modus opstarten en via HJT logjes oplossen. Opstarten in veilige modus lukt nu niet! Lijkt aanvankelijk te lukken, maar pc sluit dan onmiddellijk vanzelf weer af. Opstarten in veilige modus met netwerk verbindinglukt evenmin. Help aub!

Ik ondervind geen problemen meer, dus volgens mij is het probleem van de baan MERCI!!

Hopelijk gelukt: exe log: Zoek.exe Version 4.0.0.1 Updated 27-02-2013 Tool run by PO on wo 27/02/2013 at 20:28:32,25. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Safe Mode NETWORK Internet Access Detected ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "bebkmhtjxh***cw"=- ==== Deleting Files \ Folders ====================== "C:\ProgramData\ljlbhhzwppokvvl" deleted "C:\ProgramData\etbeuyrjxcrlgav\be-flag.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\be-image.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\btn-green.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\corners-btn.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\corners1.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\corners2.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\corners3.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\corners4.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\ie6-7.css" deleted "C:\ProgramData\etbeuyrjxcrlgav\jquery.main.js" deleted "C:\ProgramData\etbeuyrjxcrlgav\main.html" deleted "C:\ProgramData\etbeuyrjxcrlgav\McAfee.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\pays-be.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\steps-be.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\steps-en.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\steps-nl.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\style.css" deleted "C:\ProgramData\etbeuyrjxcrlgav\tabs.png" deleted "C:\ProgramData\etbeuyrjxcrlgav\wait.html" deleted "C:\ProgramData\etbeuyrjxcrlgav" deleted AVAST lo: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-02-27 20:33:44 ----------------------------- 20:33:44.313 OS Version: Windows 6.1.7601 Service Pack 1 20:33:44.313 Number of processors: 2 586 0x170A 20:33:44.313 ComputerName: PJO-LAPTOP UserName: PO 20:34:13.204 Initialize success 20:34:35.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:34:35.044 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3 20:34:35.060 Disk 0 MBR read successfully 20:34:35.075 Disk 0 MBR scan 20:34:35.075 Disk 0 unknown MBR code 20:34:35.138 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048 20:34:35.153 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328 20:34:35.169 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230738 MB offset 31664128 20:34:35.185 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230740 MB offset 504215552 20:34:35.200 Disk 0 scanning sectors +976771072 20:34:35.263 Disk 0 scanning C:\Windows\system32\drivers 20:34:45.543 Service scanning 20:35:04.263 Modules scanning 20:35:08.709 Disk 0 trace - called modules: 20:35:08.725 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 20:35:08.740 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85da1948] 20:35:08.740 3 CLASSPNP.SYS[8b3ab59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8468a028] 20:35:08.756 Scan finished successfully 20:41:54.357 Disk 0 MBR has been saved successfully to "C:\Users\PO\Desktop\MBR.dat" 20:41:54.357 The log file has been saved successfully to "C:\Users\PO\Desktop\log32702.txt"

Ik ga dat vanavond proberen te doen. Bedankt!

Betekent dat dan dat ik geen virus (meer) heb? Op moment van dat blauw scherm zat ik gewoon te surfen. Een aantal (brave ) websites stonden open... toen de boel plots sloot... Blijf toch een vreemd beestje, z'n PC Nog 's, alvast, bedankt! - - - Updated - - - Net "BSOD" gegoogled LOL "OD"

Daarnet is mijn PC plots uitgevallen, met een melding op een helblauw scherm, en een "gezoem". Ik veronderstel dat er dus nog wel problemen zijn...

Heeft iemand tijd om bovenstaande te bekijken? Voorlopig heb ik geen popup van het virus? Betekent dit dat door het nemen van die scan, het virus reeds verwijderd is? Moet ik nog iets ondernemen? Merci!

Ik heb mijn best gedaan, hopelijk gelukt... Bij de heropstart (om aan het logje te geraken) startte mijn PC automatisch in "normale" modus. Voorlopig nog geen vervelend virus-popup?! Et voilà: Zoek.exe Version 4.0.0.1 Updated 25-02-2013 Tool run by PO on wo 27/02/2013 at 0:13:59,02. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Safe Mode NETWORK Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\helppane.exe C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\PO\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Internet Explorer: 9.0.8112.16421 Memory (RAM): 3037 MB CPU Info: Pentium® Dual-Core CPU T4200 @ 2.00GHz CPU Speed: 2034,8 MHz Sound Card: Not detected Display Adapters: | RDP Encoder Mirror Driver Monitors: 1x; Screen Resolution: 800 X 600 - 32 bit Network: Network Present Network Adapters: Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller | Intel® WiFi Link 5100 AGN CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW TS-L633B Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 225,3GB | D: 225,3GB Hard Disks - Free: C: 182,8GB | D: 220,1GB Manufacturer *: Phoenix Technologies Ltd. BIOS Info: AT/AT COMPATIBLE | 09/16/09 | SECCSD - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: SAMSUNG ELECTRONICS CO., LTD. R520/R522/R620 Sun Java version: 1.6.0_18 Country: Belgi‰ Language: NLB ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\PO\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-02-15 07:44:15 EED68558AAA106535E7290C9A8E0D5A3 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-15 07:44:15 CDBFCB9A88E130F1138F80B01C56B680 420864 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-15 07:44:15 A9919376933F7E43F93E5DA1FFBEFC9F 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2013-02-15 07:44:14 F8D269134EEC097B7E47C818AF4862A7 176640 ----a-w- C:\Windows\System32\ieui.dll 2013-02-15 07:44:14 6E14642F79C2510626BA399F9BCC4DE6 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-15 07:44:14 39511E05F37F0BEF8FA3B85386800BB9 65024 ----a-w- C:\Windows\System32\jsproxy.dll 2013-02-15 07:44:13 CBC39CAD3421AB71966BDD98ABF847E0 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2013-02-15 07:44:13 B49B56B64F57699A1A663D2CF7D0A56F 1129472 ----a-w- C:\Windows\System32\wininet.dll 2013-02-15 07:44:13 8843B6A1B8E102841B2DFF02805C5CEC 717824 ----a-w- C:\Windows\System32\jscript.dll 2013-02-15 07:44:12 C079169E6A07FC4412475C02969EB9CE 1800704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-15 07:44:12 9352AF851D98380738161620C916A042 231936 ----a-w- C:\Windows\System32\url.dll 2013-02-15 07:44:11 D171EAA745A2C0C583CDDA13D9088EE4 1796096 ----a-w- C:\Windows\System32\iertutil.dll 2013-02-15 07:44:11 BE157C3800DA3010EFC48280ECF81C16 1103872 ----a-w- C:\Windows\System32\urlmon.dll 2013-02-15 07:44:10 C97434C851C4821BD92D2831FDF1ECBE 12321280 ----a-w- C:\Windows\System32\mshtml.dll 2013-02-15 07:44:10 470D8189D7FE9928FFFECBF55AAA3233 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-15 07:44:08 0E816EA3C5DCE94C95099E8B38E75E67 9738240 ----a-w- C:\Windows\System32\ieframe.dll 2013-02-13 08:24:11 D45B118114C9B18814CE18F72A34E934 2347008 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 08:24:03 660100CB90F344040EF57F52FC0681C3 3967848 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2013-02-13 08:24:02 82FF919E9236B0137B5C7455B0E1418A 3913064 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 08:23:56 1F5F07091D50244F17DD8D5147A628CC 169984 ----a-w- C:\Windows\System32\winsrv.dll ====== C:\Windows\system32\drivers ===== 2013-02-13 08:23:58 7C0507D2391AF5933600CBCED799F277 1293672 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-13 08:23:57 AAB149EE616952BB84308C28E75ED20D 187752 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS ====== C:\Windows\Tasks ====== 2013-02-26 23:10:22 EDC520AD8A8962A2498BE495DDA5804F 384 ----a-w- C:\Windows\Tasks\Ad-Aware Update (Weekly).job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-02-11 00:04:48 -------- d-----w- C:\Program Files\Adobe ======= C: ===== ====== C:\Users\PO\AppData\Roaming ====== 2013-02-26 23:06:41 -------- d-----w- C:\users\PO\AppData\Local\Temp ====== C:\Users\PO ====== 2013-02-26 09:15:18 -------- d-----w- C:\ProgramData\etbeuyrjxcrlgav 2013-02-26 09:14:52 8D5EAC0E1A0691C04072963A38E3EE91 86305 ----a-w- C:\ProgramData\ljlbhhzwppokvvl ====== C: exe-files == 2013-02-22 16:39:19 8ED432533260AE1EBD44474F32FD00BD 8004960 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.97\25.0.1364.97_24.0.1312.57_chrome_updater.exe === C: other files == 2013-02-26 23:00:29 79C41AAD4D72AB516B86B7DC6283194C 118252 ----a-w- C:\Users\Public\Desktop\sample_20132702_0000.zip 2013-02-26 09:24:46 E3069064E19CE9144B86DE229D9B5039 13632 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\gfiutil.dll 2013-02-26 09:24:46 1C1584689E96F59CEA275233C26B6430 22888 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\gfiutl32.sys 2013-02-26 09:24:46 086CD22228F4F102548AB9A7998D4AF9 29728 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\gfiutl64.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2751426675-4231706426-2042464496-1158\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "bebkmhtjxh***cw"="C:\ProgramData\bebkmhtj.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "bebkmhtjxh***cw"="C:\ProgramData\bebkmhtj.exe" ==== Startup Folders ====================== 2011-01-10 18:36:40 1785 ----a-w- C:\users\PO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk 2010-05-17 13:09:02 808 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Ad-Aware Update (Weekly).job --a------ C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [01/09/2011 08:40] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/01/2012 12:05] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {E45550D0-0939-4D8F-B14D-54FE34CF21C0} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}" {E499EF8A-1D7F-4689-AFE6-F358AD86F311} Bing Url="Findgala.com Search Engine}" ==== HijackThis Entries ====================== O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = TIMMERMAN.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter-Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter-Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\PO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\PO\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\PO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

alvast bedankt, ik probeer dat vanavond te doen dan!

Volstaat het Hijackthis logje neit, dat ikin mijn eerste post gepost heb? De vorige keer dat ik met dit virus zat, volstond dit om één van de speicialisten hier toe te laten te bepalen welk onderdeel ik moest selecteren om te verwijderen. Mvg

Goeiemorgen Ik heb opnieuw last van het "politievirus". Ik heb geprobeerd "als administrator" (als ik het mij juist herinner) een HIJACKTHIS-logje te maken van mijn PC. Kan iemand dit ajb nakijken en mij zeggen wat ik verder moet ondernemen om virus-vrij te worden? Alvast hartelijk dank! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:26:12, on 26/02/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\helppane.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Users\PO\Desktop\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25429 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bebkmhtjxh***cw] C:\ProgramData\bebkmhtj.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = TIMMERMAN.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TIMMERMAN.LOCAL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- End of file - 5786 bytes