Onderwerp: Meerdere virussen

Goedendag,

Vandaag heb ik na lange tijd weer is mijn NOD32 scanner aangezet en tot mijn grote schrik vond hij 6 virussen

Ik heb er even een print screen van gemaakt:
12452135142431241412412424.jpg

Ik heb een beetje gegoogled maar kon er niet achter komen hoe ik dit nu moet gaan verwijderen.

Hopelijk weten jullie er meer over! Vriendelijk bedankt!

Hier een log:

Scan Log
Version of virus signature database: 6790 (20120112)
Date: 12-1-2012 Time: 23:20:58
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$R3YW0H2.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$R3YW0H2.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$R3YW0H2.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$R971STB.exe » NSIS » openofficeorg1.cab » CAB » testtar.tar » TAR » - archive damaged
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$RBRMOD7.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$RBRMOD7.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$RBRMOD7.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$RGW6E28.zip » ZIP » World_War_145.apk - error - password-protected file
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$RGW6E28.zip » ZIP » World_War_310.apk - error - password-protected file
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$RGW6E28.zip » ZIP » World_War_65.apk - error - password-protected file
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$RJNJ421.rar » RAR - error - password-protected file
C:\$Recycle.Bin\S-1-5-21-1637446108-1317516328-478497971-1000\$R4N6MQN\openofficeorg1.cab » CAB » testtar.tar » TAR » - archive damaged
C:\Program Files\Creative Suite 5.5 Design Premium\Adobe CS5_5\payloads\AdobeFlashCatalyst-mul\Assets1_1.zip » ZIP » _657_c9dc20f1a14b0bfc724206d6ef3df077 » ZIP » org/eclipse/jdt/internal/compiler/parser/part1.rsc » SMARTINSTALLMAKER;VER=2 - error - unknown compression method
C:\Program Files\Creative Suite 5.5 Design Premium\Adobe CS5_5\payloads\AdobeFlashCatalyst-mul\Assets1_1.zip » ZIP » _657_c9dc20f1a14b0bfc724206d6ef3df077 » ZIP » org/eclipse/jdt/internal/compiler/parser/start1.rsc » SMARTINSTALLMAKER;VER=2 - error - unknown compression method
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\master.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\mastlog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\model.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\modellog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\MSDBData.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\MSDBLog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\tempdb.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\templog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\DATA\master.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\DATA\mastlog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\DATA\model.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\DATA\modellog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\DATA\MSDBData.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\DATA\MSDBLog.ldf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\DATA\tempdb.mdf - error opening [4]
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\DATA\templog.ldf - error opening [4]
C:\Program Files (x86)\AOL Desktop 9.6\Jiti\viewpoint.exe » NSIS - unpack error
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar » TAR » - archive damaged
C:\ProgramData\AOL Downloads\waol\0.4340.111.1\noneCodesignFilesBundle.exe » NSIS » Vwpt.exe » NSIS - unpack error
C:\ProgramData\AOL Downloads\waol\0.4340.111.1\comps\vwpt\Vwpt.exe » NSIS - unpack error
C:\ProgramData\Blizzard Entertainment\StarCraft II\Versions\Shaders14515\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening [4]
C:\System Volume Information\Syscache.hve - error opening [4]
C:\System Volume Information\Syscache.hve.LOG1 - error opening [4]
C:\System Volume Information\Syscache.hve.LOG2 - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{d83a7cf8-25b7-11e1-afc8-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{d83a7d6b-25b7-11e1-afc8-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e419866e-3ba8-11e1-9e0e-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e58b2276-227b-11e1-aef8-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e6469576-370f-11e1-9bd0-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{ef358034-2b23-11e1-b2b0-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{fd2a7d19-3c5b-11e1-8550-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\All Users\AOL Downloads\waol\0.4340.111.1\noneCodesignFilesBundle.exe » NSIS » Vwpt.exe » NSIS - unpack error
C:\Users\All Users\AOL Downloads\waol\0.4340.111.1\comps\vwpt\Vwpt.exe » NSIS - unpack error
C:\Users\All Users\Blizzard Entertainment\StarCraft II\Versions\Shaders14515\userCache.bin » SMARTINSTALLMAKER;VER=2 - error - unknown compression method
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening [4]
C:\Users\Robin\ntuser.dat - error opening [4]
C:\Users\Robin\ntuser.dat.LOG1 - error opening [4]
C:\Users\Robin\ntuser.dat.LOG2 - error opening [4]
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Robin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7df4e70f-5d0d411e » ZIP » photo/Crop.class - Java/Exploit.Blacole.AA trojan - was a part of the deleted object
C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7df4e70f-5d0d411e » ZIP » photo/ExtResolution.class - Java/Exploit.Blacole.AB trojan - was a part of the deleted object
C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7df4e70f-5d0d411e » ZIP » photo/Image.class - Java/Exploit.Blacole.AC trojan - was a part of the deleted object
C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7df4e70f-5d0d411e » ZIP » photo/MultiZoom.class - Java/Exploit.Blacole.AD trojan - was a part of the deleted object
C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7df4e70f-5d0d411e » ZIP » photo/Zoom.class - a variant of Java/Exploit.Blacole.AE trojan - was a part of the deleted object
C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-733bd36b - a variant of Java/Agent.DT trojan - cleaned by deleting - quarantined [1]
C:\Users\Robin\Downloads\543 For Dummies E-Books - )_)ReUpLd)_)\3dsmax 5 for Dummies (2003).chm » CHM » /8295final/images/516760fg1311_0.jpg - archive damaged
C:\Users\Robin\Downloads\543 For Dummies E-Books - )_)ReUpLd)_)\Tablet PCs for Dummies (2003).chm » CHM » /images/526472-fg0505_0.jpg - archive damaged
C:\Users\Robin\Downloads\543 For Dummies E-Books - )_)ReUpLd)_)\Ubuntu Linux For Dummies Apr 2007.chm » CHM » /final/images/MWFpZHI3Y3AvbXQvMGdzODllNTQwNzAyZzJhcjUvZ2ducGkyaGMvZnM1MDEwNTdfLnBq.jpg - archive damaged
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\SoftwareDistribution\DataStore\DataStore.edb - error opening [4]
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log - error opening [4]
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.7600.16385_none_db2b15bfcf64f104\wextract.exe » SWEXTRACT » - bad archive
C:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.4.8112.16421_none_d91a1b231155b48b\wextract.exe » SWEXTRACT » - bad archive
Number of scanned objects: 872782
Number of threats found: 6
Number of cleaned objects: 6
Time of completion: 0:41:37 Total scanning time: 4839 sec (01:20:39)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.



---------------------------------

Hijack this log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:10:57, on 14-1-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Robin\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robin\Desktop\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.ask.com/?l=dis&o=15183
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe (file missing)
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Users\Robin\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7798 bytes

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.ask.com/?l=dis&o=15183
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
• Start MalwareBytes' Anti-Malware

Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)

• 1. Malwarebytes' Anti-Malware Chameleon
  2. Problemen bij het installeren van Malwarebytes' Anti-Malware
  3. Problemen bij het updaten van Malwarebytes' Anti-Malware
  4. Problemen bij het starten van Malwarebytes' Anti-Malware

• Het venster met de vraag of je de "Evaluatie wil starten" mag je in principe weigeren, deze kan je later ook nog inschakelen.
• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
• Druk vervolgens op "Scannen" om de scan te starten.
• Het scannen kan een tijdje duren, dus wees geduldig.
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

88.85.65.0 - 88.85.65.255 WebaZilla
	WebaZilla RIPE Manager

78.47.25.128 - 78.47.25.191
Freshworx GmbH & Co. KG

117.21.0.0 - 117.21.255.255
CHINANET Jiangxi province network
China Telecom
No.31,jingrong street
Beijing 100032

China Beijing Chinanet Jiangxi Province Network

Zo te zien Chinese shit.

Download ComboFix van één van deze locaties:

Link 1
Link 2


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.





1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen: )

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.