Ga naar inhoud

HummeltJu

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    5

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door HummeltJu

    W32 Blaster Worm of zoiets

    in Archief Bestrijding malware & virussen

    Geplaatst:

    # AdwCleaner v2.306 - Verslag gemaakt op 09/08/2013 om 10:11:41

    # Geactualiseerd op 19/07/2013 door Xplode

    # Besturingssysteem : Windows 7 Starter Service Pack 1 (32 bits)

    # Gebruiker : Ju - JU-PC

    # Opstarten Modus : Normale modus

    # Gelanceerd vanaf : C:\Users\Ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45PHVQ8R\adwcleaner.exe

    # Optie [Verwijderen]

    ***** [Diensten] *****

    ***** [Files / Mappen] *****

    Map Verwijderd : C:\ProgramData\~0

    ***** [Register] *****

    Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit

    Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong

    Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar

    Sleutel Verwijderd : HKCU\Software\Conduit

    Sleutel Verwijderd : HKCU\Software\IM

    Sleutel Verwijderd : HKCU\Software\ImInstaller

    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\imweb.imwebcontrol

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2865317

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT3196716

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

    Sleutel Verwijderd : HKLM\Software\Conduit

    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}

    Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

    Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

    ***** [browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Mozilla Firefox v13.0.1 (nl)

    File : C:\Users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\chgfk6w4.default\prefs.js

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[s1].txt - [6633 octets] - [09/08/2013 10:11:41]

    ########## EOF - C:\AdwCleaner[s1].txt - [6693 octets] ##########

    W32 Blaster Worm of zoiets

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Zoek.exe Version 4.0.0.4 Updated 07-August-2013

    Tool run by Ju on do 08-08-2013 at 18:26:49,81.

    Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86

    Running in: Safe Mode NETWORK Internet Access Detected

    Launched: C:\Users\Ju\Desktop\zoek.exe [script inserted]

    ==== System Restore Info ======================

    ==== Deleting CLSID Registry Keys ======================

    ==== Deleting CLSID Registry Values ======================

    HKEY_USERS\S-1-5-21-974421575-574500600-2093652900-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully

    HKEY_USERS\S-1-5-21-974421575-574500600-2093652900-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully

    HKEY_USERS\S-1-5-21-974421575-574500600-2093652900-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully

    HKEY_USERS\S-1-5-21-974421575-574500600-2093652900-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully

    HKEY_USERS\S-1-5-21-974421575-574500600-2093652900-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

    ==== Deleting Services ======================

    ==== Deleting Files \ Folders ======================

    "C:\ProgramData\6b1e2ed8-576d-47a3-b1a2-e82c3af7fe4f" not deleted

    "C:\windows\System32\sho1BAA.tmp" deleted

    "C:\windows\System32\sho3D56.tmp" deleted

    "C:\windows\System32\sho449C.tmp" deleted

    "C:\windows\System32\sho481B.tmp" deleted

    "C:\windows\System32\sho5D1F.tmp" deleted

    "C:\windows\System32\sho8750.tmp" deleted

    "C:\windows\System32\shoA27E.tmp" deleted

    "C:\windows\System32\shoB838.tmp" deleted

    "C:\Program Files\Conduit" deleted

    "C:\Users\Ju\AppData\Local\CRE" deleted

    "C:\Users\Ju\AppData\Local\PackageAware" deleted

    "C:\Users\Ju\AppData\Local\Conduit" deleted

    "C:\Users\Ju\AppData\LocalLow\PriceGong" deleted

    "C:\Users\Ju\AppData\LocalLow\Conduit" deleted

    ==== Firefox Extensions ======================

    AppDir: C:\Program Files\Mozilla Firefox

    - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ==== Firefox Plugins ======================

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Ju\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

    jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx[]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

    cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Ju\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

    ==== Chrome Fix ======================

    C:\Users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

    ==== Set IE to Default ======================

    Old Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

    "Start Page"="Google"

    New Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

    "Start Page"="Google"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

    {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="Zoek"

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla deleted successfully

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

    ==== Empty IE Cache ======================

    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\Ju\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Ju\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Ju\AppData\Local\VirtualStore\Windows\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    No FireFox Cache found

    ==== Empty Chrome Cache ======================

    No Chrome Cache found

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\windows\Temp successfully emptied

    C:\Users\Ju\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== Deleting Files / Folders ======================

    "C:\ProgramData\6b1e2ed8-576d-47a3-b1a2-e82c3af7fe4f" not found

    ==== EOF on do 08-08-2013 at 18:44:30,20 ======================

    Ik heb alle bovenstaande gedaan en dit is het resultaat.

    Ik was afgesloten van internet vanwege dit virus.

    Ze hebben me voor 48 uur weer terug aangesloten. Dus dat is de tijd die ik nog heb om dit virus van de computer af te krijgen.

    Is dit haalbaar?

    Groetjes Judith

    W32 Blaster Worm of zoiets

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Ik heb het allemaal opnieuw gedaan, ik kon alleen in de veilige modus werken heb bovenstaande instructies opgevolgd.

    Hier dan ook mijn nieuwe logje.

    Logfile of Trend Micro HijackThis v2.0.5

    Scan saved at 12:42:40, on 6-8-2013

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v10.0 (10.00.9200.16635)

    FIREFOX: 13.0.1 (nl)

    Boot mode: Safe mode with network support

    Running processes:

    C:\windows\Explorer.EXE

    C:\windows\system32\ctfmon.exe

    C:\windows\system32\DllHost.exe

    C:\windows\system32\rundll32.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)

    R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe

    O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe

    O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe

    O4 - HKLM\..\Run: [superHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe

    O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto

    O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe

    O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun

    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

    O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

    O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE

    O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [Device Detection] C:\Program Files\HEMA Fotoservice\dd.exe

    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

    O4 - Startup: Dropbox.lnk = C:\Users\Ju\AppData\Roaming\Dropbox\bin\Dropbox.exe

    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\system32\AsusService.exe

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe

    --

    End of file - 6025 bytes

    Groetjes Judith

    W32 Blaster Worm of zoiets

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Ik ben een beetje en leek met computers en nu heeft mijn computer een W32 Blaster.worm of zoiets.

    Na het lezen van andere berichten ben ik hijackthis gaan downloaden.

    Ik heb de instructies opgevolgd en zie onderstaand de geknipte en geplakte informatie.

    En nu? Want daar kan ik niet achter komen en ik ben bang dat ik van alles kapot maak enzo.

    Groetjes Judith

    Logfile of HijackThis v1.99.1

    Scan saved at 0:34:14, on 2-8-2013

    Platform: Unknown Windows (WinNT 6.01.3505 SP1)

    MSIE: Internet Explorer v10.0 (10.00.9200.16635)

    Running processes:

    C:\windows\Explorer.EXE

    C:\windows\system32\ctfmon.exe

    C:\windows\system32\DllHost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\windows\System32\MsSpellCheckingFacility.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Users\Ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WM21CCGH\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)

    R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll

    O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe

    O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe

    O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe

    O4 - HKLM\..\Run: [superHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe

    O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto

    O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe

    O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun

    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

    O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

    O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE

    O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [Device Detection] C:\Program Files\HEMA Fotoservice\dd.exe

    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

    O4 - HKCU\..\Run: [internet Security] C:\Users\Ju\AppData\Roaming\wmdefender.exe

    O4 - Startup: Dropbox.lnk = C:\Users\Ju\AppData\Roaming\Dropbox\bin\Dropbox.exe

    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O11 - Options group: [iNTERNATIONAL] International

    O13 - Gopher Prefix:

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll

    O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxdev.dll

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\system32\AsusService.exe

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe

    O23 - Service: vToolbarUpdater15.4.0 - AVG Secure Search - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.