Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hoe verwijder ik trojaans paard Generic Trojan??

Moeke
15 antwoorden
  • Hallo, ik denk dat mijn pc geinfecteerd is, Panda Cloud antivirus komt steeds met de boodschap dat ie een Trojaans paard geneutraliseerd heeft nl. "Generic Trojan". Nou heb ik de PC al met allerlei software gecheckt, o.a. SuperAntiSpyware en HitmanPRo maar die vinden óf niks óf niet de bewuste infectie. Panda blijft nl. waarschuwen dat ie wat geneutraliseerd heeft.

    Wat is een goede oplossing om dit probleem aan te pakken? Svp uw hulp.
  • SuperAntiSpyware en HitmanPRo vinden niks, verbazend.

    Ga naar [b:c6ec640cbc]start>configuratiescherm>software of programma's en onderdelen[/b:c6ec640cbc] en verwijder daar de huidige (oude) versie van HijackThis.

    Download [b:c6ec640cbc]HijackThis Install[/b:c6ec640cbc] naar je bureaublad.
    Dubbelklik op [b:c6ec640cbc]HijackThisInstaller.exe[/b:c6ec640cbc] om de installatie te starten.

    Dubbelklik op het programma HijackThis en klik op de optie "[b:c6ec640cbc]Main Menu[/b:c6ec640cbc]", en kies voor [b:c6ec640cbc]Do a system scan and save a logfile[/b:c6ec640cbc]. Plaats vervolgens de inhoud van het log dat verschijnt in je volgende post.

    [b:c6ec640cbc]Let op!!![/color:c6ec640cbc][/b:c6ec640cbc] [i:c6ec640cbc]Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "[u:c6ec640cbc]Rechtermuisknop uitvoeren als[/u:c6ec640cbc]", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis) [/i:c6ec640cbc]
  • Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:11:41, on 16-5-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
    C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
    C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
    O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
    O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BatteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268940559562
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    O23 - Service: SRS WOWXT/TSXT Service (SRS_WOWXT_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe


    End of file - 6196 bytes
  • Zo verkeert ziet dit er niet uit.

    Download [b:2b5866aff6]Combofix [/color:2b5866aff6][/b:2b5866aff6]

    naar je Bureaublad en gebruik het volgens deze handleiding.

    [i:2b5866aff6]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:2b5866aff6]download Combofix opnieuw[/b:2b5866aff6].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:2b5866aff6][/i:2b5866aff6][list:2b5866aff6][*:2b5866aff6]Dubbelklik op [b:2b5866aff6]Combofix.exe[/b:2b5866aff6] om het te starten.
    [*:2b5866aff6][i:2b5866aff6]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:2b5866aff6]
    [*:2b5866aff6]Klik op [b:2b5866aff6]OK[/b:2b5866aff6] in het "NirCmd" venstertje.
    [*:2b5866aff6][i:2b5866aff6]Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:2b5866aff6]JA[/b:2b5866aff6] te klikken in het "Query - Recovery Console" venster.[/i:2b5866aff6]
    [*:2b5866aff6]Klik op [b:2b5866aff6]OK[/b:2b5866aff6] en [b:2b5866aff6]Ja[/b:2b5866aff6] om automatisch de Recovery Console te laten installeren.
    [*:2b5866aff6]Klik na afloop terug op [b:2b5866aff6]Ja[/b:2b5866aff6] om het scannen op malware te starten.
    [*:2b5866aff6]Tijdens het runnen van de fix, [b:2b5866aff6]NIET[/b:2b5866aff6] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:2b5866aff6]Wanneer de fix voltooid is en na herstart, zal de log [b:2b5866aff6]Combofix.txt[/b:2b5866aff6] openen.[/list:u:2b5866aff6]Post dit logje in je volgende antwoord.
  • Logjes ziet er zo uit:

    ComboFix 10-05-16.01 - Le Beau 16-05-2010 20:54:28.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.655 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Le Beau\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Le Beau\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk
    c:\windows\SEC
    c:\windows\SEC\DelMt.cmd
    c:\windows\SEC\JRE150.exe
    c:\windows\SEC\Marker.exe
    c:\windows\SEC\MEMIO.sys
    c:\windows\SEC\MEMIO.vxd
    c:\windows\SEC\MP10FRN.exe
    c:\windows\SEC\SECINSTALL.EXE
    c:\windows\SEC\SECINSTALL.INI
    c:\windows\SEC\StartMem.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-04-16 to 2010-05-16 ))))))))))))))))))))))))))))))
    .

    2010-05-16 17:31 . 2009-02-18 18:08 43240 —-a-w- c:\windows\system32\drivers\WOWXT_kern_i386.sys
    2010-05-16 17:31 . 2009-02-18 18:08 25560 —-a-w- c:\windows\system32\drivers\WOWFilter.sys
    2010-05-16 17:31 . 2009-02-18 18:08 36712 —-a-w- c:\windows\system32\drivers\TSXT_kern_i386.sys
    2010-05-16 17:31 . 2009-01-09 10:03 79304 —-a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-05-16 17:31 . 2009-01-09 10:03 40552 —-a-w- c:\windows\system32\drivers\mfesmfk.sys
    2010-05-16 17:31 . 2009-01-09 10:03 35272 —-a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-05-16 17:31 . 2009-01-09 10:03 213640 —-a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-05-16 17:31 . 2009-01-09 10:03 34216 —-a-w- c:\windows\system32\drivers\mferkdk.sys
    2010-05-16 17:31 . 2008-10-23 11:08 120136 —-a-w- c:\windows\system32\drivers\Mpfp.sys
    2010-05-16 17:31 . 2009-04-09 08:07 282624 —-a-w- c:\windows\system32\ykx32mpcoinst.dll
    2010-05-16 10:38 . 2010-05-16 14:46 ——– d–h–r- c:\documents and settings\Le Beau\Onlangs geopend
    2010-05-16 10:29 . 2010-05-16 14:53 1 —-a-w- c:\documents and settings\Le Beau\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-05-16 10:28 . 2010-05-16 10:28 ——– d—–w- c:\documents and settings\Le Beau\Application Data\OpenOffice.org
    2010-05-16 10:22 . 2010-05-16 10:22 ——– d—–w- c:\program files\OpenOffice.org 3
    2010-05-16 10:11 . 2010-05-16 10:11 388096 —-a-r- c:\documents and settings\Le Beau\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-05-16 10:00 . 2010-05-16 10:02 ——– d—–w- c:\windows\SxsCaPendDel
    2010-05-16 09:36 . 2010-05-16 09:30 95024 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-16 09:28 . 2010-05-16 10:01 ——– d—–w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-16 09:16 . 2010-05-16 09:16 ——– d—–w- c:\program files\Trend Micro
    2010-05-16 08:47 . 2010-05-16 08:47 15944 —-a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-05-16 08:47 . 2010-05-16 08:47 ——– d—–w- c:\program files\Hitman Pro 3.5
    2010-05-16 08:47 . 2010-05-16 08:47 ——– d—–w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-05-16 08:38 . 2010-05-16 08:38 ——– d—–w- c:\program files\Enigma Software Group
    2010-05-16 08:38 . 2010-05-16 08:41 ——– d—–w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
    2010-05-16 08:14 . 2010-05-16 08:14 ——– d—–w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-05-16 08:13 . 2010-05-16 10:04 ——– d—–w- c:\program files\SUPERAntiSpyware
    2010-05-16 08:13 . 2010-05-16 10:04 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
    2010-05-16 07:17 . 2010-05-16 07:17 ——– d—–w- c:\windows\Internet Logs
    2010-05-15 20:53 . 2010-04-12 15:29 411368 —-a-w- c:\windows\system32\deployJava1.dll
    2010-05-15 20:50 . 2010-05-15 20:50 ——– d—–w- c:\documents and settings\Le Beau\Application Data\CheckPoint
    2010-05-15 20:49 . 2010-05-16 07:17 ——– d—–w- c:\program files\CheckPoint
    2010-05-15 20:49 . 2010-05-15 20:49 4212 —ha-w- c:\windows\system32\zllictbl.dat
    2010-05-15 20:42 . 2010-05-15 20:42 ——– d—–w- c:\windows\system32\wbem\Repository
    2010-05-15 20:19 . 2010-05-15 20:41 ——– d—–w- c:\documents and settings\Le Beau\Application Data\Search Settings(2)
    2010-05-15 17:37 . 2010-05-15 17:37 ——– d—–w- c:\documents and settings\Le Beau\Application Data\Malwarebytes
    2010-05-15 17:37 . 2010-05-15 20:41 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-15 17:37 . 2010-05-15 17:37 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-15 07:50 . 2010-05-15 20:41 ——– d—–w- c:\documents and settings\NetworkService\UserData
    2010-05-13 08:32 . 2010-05-15 20:41 ——– d—–w- c:\program files\PDFCreator
    2010-04-24 06:12 . 2010-04-24 06:12 49152 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components
    prpffbrowserrecordext.dll
    2010-04-24 06:12 . 2010-04-24 06:12 45056 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-04-24 06:12 . 2010-04-24 06:12 45056 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-04-24 06:12 . 2010-04-24 06:12 45056 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-04-22 20:12 . 2010-05-15 07:49 ——– d—–w- c:\documents and settings\Le Beau\Application Data\vlc
    2010-04-22 20:11 . 2010-04-22 20:11 ——– d—–w- c:\program files\VideoLAN
    2010-04-18 16:22 . 2010-04-18 16:22 ——– d—–w- c:\windows\Sun

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-15 20:52 . 2009-05-13 17:00 ——– d—–w- c:\program files\Java
    2010-04-24 06:12 . 2010-04-24 06:12 45056 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-04-24 06:12 . 2010-04-24 06:12 308808 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-04-24 06:12 . 2010-04-24 06:12 40960 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-04-24 06:12 . 2010-04-24 06:12 341600 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-04-24 06:12 . 2010-04-24 06:12 14848 —-a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
    prphtml5videoshim.dll
    2010-04-24 06:12 . 2010-04-24 06:11 ——– d—–w- c:\program files\Common Files\Real
    2010-04-24 06:12 . 2010-04-24 06:11 ——– d—–w- c:\program files\Real
    2010-04-24 06:11 . 2010-04-24 06:11 ——– d—–w- c:\program files\Common Files\xing shared
    2010-04-24 06:11 . 2010-04-24 06:11 499712 —-a-w- c:\windows\system32\msvcp71.dll
    2010-04-24 06:11 . 2010-04-24 06:11 348160 —-a-w- c:\windows\system32\msvcr71.dll
    2010-04-05 07:12 . 2010-04-05 07:12 ——– d—–w- c:\documents and settings\Le Beau\Application Data\Panda Security
    2010-03-29 16:44 . 2009-05-14 01:34 364882 —-a-w- c:\windows\system32\perfh013.dat
    2010-03-29 16:44 . 2009-05-14 01:34 53850 —-a-w- c:\windows\system32\perfc013.dat
    2010-03-29 16:41 . 2010-03-29 16:41 ——– d—–w- c:\program files\Atheros WLAN Client
    2010-03-29 16:41 . 2009-05-13 17:02 ——– d–h–w- c:\program files\InstallShield Installation Information
    2010-03-29 15:10 . 2010-03-29 15:10 ——– d—–w- c:\program files\Marvell
    2010-03-27 21:43 . 2010-03-27 21:43 ——– d—–w- c:\program files\SRS Labs
    2010-03-27 20:59 . 2009-05-13 17:05 ——– d—–w- c:\program files\Samsung
    2010-03-27 20:22 . 2010-03-27 20:22 152576 —-a-w- c:\documents and settings\Le Beau\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-03-27 20:22 . 2010-03-27 20:22 79488 —-a-w- c:\documents and settings\Le Beau\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-23 16:19 . 2010-03-23 16:12 ——– d—–w- c:\program files\GoldWave
    2010-03-21 14:21 . 2010-03-21 14:21 ——– d—–w- c:\program files\IrfanView
    2010-03-19 16:50 . 2010-03-19 16:50 ——– d—–w- c:\program files\QuickPar
    2010-03-19 15:46 . 2010-03-18 18:12 ——– d—–w- c:\documents and settings\Le Beau\Application Data\NewsLeecher
    2010-03-19 15:46 . 2010-03-18 16:20 ——– d—–w- c:\program files\FTDv3.8
    2010-03-18 19:24 . 2010-03-17 18:59 18112 —-a-w- c:\documents and settings\Le Beau\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-18 18:36 . 2010-03-18 18:36 ——– d—–w- c:\documents and settings\Le Beau\Application Data\Microsoft Web Folders
    2010-03-18 18:36 . 2009-05-13 16:57 ——– d—–w- c:\program files\microsoft frontpage
    2010-03-18 16:19 . 2010-03-18 16:19 ——– d—–w- c:\program files\7-Zip
    2010-03-18 11:35 . 2010-03-18 11:35 ——– d—–w- c:\program files\NewsLeecher
    2010-03-18 11:34 . 2010-03-18 11:34 ——– d—–w- c:\program files\DAMN NFO Viewer
    2010-03-18 08:20 . 2009-05-13 17:07 ——– d—–w- c:\documents and settings\All Users\Application Data\WinClon
    2010-03-17 23:09 . 2010-03-17 23:08 ——– d—–w- c:\program files\CyberLink
    2010-03-17 23:08 . 2010-03-17 23:08 ——– d—–w- c:\documents and settings\All Users\Application Data\Temp
    2010-03-17 23:08 . 2010-03-17 23:08 36864 —-a-w- c:\documents and settings\All Users\Application Data\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
    2010-03-17 23:07 . 2010-03-17 23:07 ——– d—–w- c:\program files\WIDCOMM
    2010-03-17 23:07 . 2010-03-17 23:07 0 -c–a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_N120_05CE.mrk
    2010-03-17 20:20 . 2010-03-17 20:20 ——– d—–w- c:\program files\CCleaner
    2010-03-17 19:02 . 2010-03-17 19:02 ——– d—–w- c:\program files\Microsoft
    2010-03-17 19:02 . 2010-03-17 19:02 ——– d—–w- c:\program files\Windows Live
    2010-03-17 19:02 . 2010-03-17 19:02 ——– d—–w- c:\program files\Windows Live SkyDrive
    2010-03-17 18:59 . 2010-03-17 18:59 ——– d—–w- c:\program files\Common Files\Windows Live
    2010-03-17 18:58 . 2010-03-17 18:28 ——– d—–w- c:\program files\Winamp
    2010-03-17 18:33 . 2010-03-17 18:33 0 -c–a-w- c:\windows
    sreg.dat
    2010-03-17 17:49 . 2010-03-17 17:49 264 —-a-w- c:\windows\system32\PSUNCpl.dat
    2010-03-09 11:11 . 2009-05-14 01:34 430080 —-a-w- c:\windows\system32\vbscript.dll
    2010-02-26 05:53 . 2009-05-14 01:34 670208 —-a-w- c:\windows\system32\wininet.dll
    2010-02-26 05:53 . 2009-05-14 01:33 81920 —-a-w- c:\windows\system32\ieencode.dll
    2010-02-24 13:11 . 2009-05-14 01:33 455680 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 19:09 . 2008-04-14 22:11 2150912 —-a-w- c:\windows\system32
    toskrnl.exe
    2010-02-16 19:09 . 2008-04-14 22:11 2029056 —-a-w- c:\windows\system32
    tkrnlpa.exe
    .

    ——- Sigcheck ——-

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

    [-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    [-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
    [-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    [7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

    [-] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . 93E2307273AE7B2D5418E132902373A7 . 1032704 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [7] 2008-04-15 . 09BCB7171F8172C2BA0189FE1F9C25CB . 1030656 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

    [-] 2010-02-26 . 84D2DE61551FB64A0207BC111A30F9A0 . 3094016 . . [6.00.2900.5945] . . c:\windows\system32\mshtml.dll
    [-] 2010-02-26 . 84D2DE61551FB64A0207BC111A30F9A0 . 3094016 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\mshtml.dll
    [-] 2010-02-26 . B86E9813F70A693C192F27A79FB4F01D . 3094528 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll
    [-] 2009-12-22 . E9536E13EDDB2B72B33CB20182A80086 . 3092480 . . [6.00.2900.5921] . . c:\windows\$NtUninstallKB980182$\mshtml.dll
    [-] 2009-12-22 . AB8AB19C3EC6FA71152C50E6C5F452C9 . 3094528 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
    [7] 2008-04-15 . B937B964B164A7B588D09BF419F90875 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB978207$\mshtml.dll

    [-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
    [-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
    [-] 2008-06-20 . 18740E8EC5BE4B6D66FA0E4CBFD3B9C6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [7] 2008-04-15 . 6BBC05038DF477F12E930A0F99F7D219 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

    [-] 2010-02-17 . FD62829F3524A1BE95FD384A3C445AAB . 2194304 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386
    toskrnl.exe
    [-] 2010-02-17 . FD62829F3524A1BE95FD384A3C445AAB . 2194304 . . [5.1.2600.5938] . . c:\windows\system32\dllcache
    toskrnl.exe
    [-] 2010-02-16 . DA6465E0F6BBA4618E40C3D36B263866 . 2150912 . . [5.1.2600.5938] . . c:\windows\system32
    toskrnl.exe
    [-] 2010-02-16 . B79C48187CA08D2EC27DA4939953F082 . 2194432 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE
    toskrnl.exe
    [-] 2009-12-10 . 5037978D6ED651AEC5D6ACC87D65C715 . 2193664 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE
    toskrnl.exe
    [-] 2009-12-09 . 91BB9F7616C0A8BB6ECA10EB6816B21C . 2149888 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$
    toskrnl.exe
    [7] 2009-02-10 . 7625D5BAFD2A4A8458468B139C893BB7 . 2193536 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE
    toskrnl.exe
    [7] 2009-02-10 . 7625D5BAFD2A4A8458468B139C893BB7 . 2193536 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP3QFE
    toskrnl.exe
    [7] 2009-02-09 . 0F1A4A14A22DC4B839052DE174B57A33 . 2184832 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP2GDR
    toskrnl.exe
    [7] 2009-02-09 . 35BEF358DAB3E53ADF93AAE4D64F4852 . 2190464 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP2QFE
    toskrnl.exe
    [7] 2009-02-09 . 27380B877348030B0662A39C47AAEC11 . 2193408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP3GDR
    toskrnl.exe
    [7] 2009-02-09 . AAC6BB111B1ACEAFCD3D3AD569BA3DD3 . 2149888 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$
    toskrnl.exe
    [7] 2008-04-15 . F13A2B659A51AA340F5596E7D604864B . 2149888 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$
    toskrnl.exe

    [-] 2010-02-26 . 48C55933922D72B990E94CF8656BD05C . 670208 . . [6.00.2900.5945] . . c:\windows\system32\wininet.dll
    [-] 2010-02-26 . 48C55933922D72B990E94CF8656BD05C . 670208 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\wininet.dll
    [-] 2010-02-26 . D3E73E61284082EF6249E3A62D1C79D0 . 671744 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
    [-] 2009-12-22 . A21DF8A5A088A16563B30B7F3E70FEF2 . 670208 . . [6.00.2900.5921] . . c:\windows\$NtUninstallKB980182$\wininet.dll
    [-] 2009-12-22 . 2ABF21F7978482AF7CFA4DABF8C5B4E6 . 671744 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
    [7] 2008-04-15 . 80CA4DCDD3DAD65CB8800508076712E7 . 669184 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB978207$\wininet.dll

    [-] 2010-02-16 . F6049CA4515D37D5DA502D162E9B6AA0 . 2071168 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386
    tkrnlpa.exe
    [-] 2010-02-16 . F6049CA4515D37D5DA502D162E9B6AA0 . 2071168 . . [5.1.2600.5938] . . c:\windows\system32\dllcache
    tkrnlpa.exe
    [-] 2010-02-16 . 8734043A9B2FD911BA85A8A08F202B91 . 2029056 . . [5.1.2600.5938] . . c:\windows\system32
    tkrnlpa.exe
    [-] 2010-02-16 . 7C4F935FC449E4D27C685A5BC1792664 . 2071296 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE
    tkrnlpa.exe
    [-] 2009-12-10 . 6A42A70506E7ACFF6C3ACD740E22A01F . 2070528 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE
    tkrnlpa.exe
    [-] 2009-12-09 . 1EC8EEA049772D6C6A6D7518589B6B5D . 2028544 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$
    tkrnlpa.exe
    [7] 2009-02-10 . 6A94A7317E28B6543D94174F9016BB68 . 2070400 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP3GDR
    tkrnlpa.exe
    [7] 2009-02-09 . 06A467DC3FF07102B058B2B41104662F . 2062080 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP2GDR
    tkrnlpa.exe
    [7] 2009-02-09 . E03AE5E3171A627D58957B0437DEE4F9 . 2067328 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP2QFE
    tkrnlpa.exe
    [7] 2009-02-09 . 6DCC1CE955F33EC4C0CE271BFA5D3310 . 2028544 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$
    tkrnlpa.exe
    [7] 2009-02-09 . 07EE73D79A7CA142463470AEF230082B . 2070528 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE
    tkrnlpa.exe
    [7] 2009-02-09 . 07EE73D79A7CA142463470AEF230082B . 2070528 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP3QFE
    tkrnlpa.exe
    [7] 2008-04-15 . 1B3709F568AF90FDB935FD017C92E5E9 . 2028544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$
    tkrnlpa.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2009-11-02 08:00 312576 —-a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
    @="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
    [HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
    2009-11-02 08:00 312576 —-a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2009-11-02 08:00 312576 —-a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BatteryLifeExtender"="c:\program files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe" [2009-03-13 550912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
    "SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-02-03 294912]
    "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
    "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
    "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
    "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [13-10-2009 16:50 114312]
    R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [13-5-2009 19:00 4300]
    R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30-10-2009 18:29 136448]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [30-10-2009 17:18 146952]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [13-10-2009 16:50 95880]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [13-10-2009 16:50 101512]
    R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [19-5-2009 11:39 66792]
    R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [14-5-2009 3:33 14336]
    R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [27-3-2010 23:43 233512]
    R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [13-5-2009 19:04 238464]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13-5-2009 19:02 1684736]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    yksvcs REG_MULTI_SZ yksvc
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-05-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2205146122-2744914269-312741955-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

    2010-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2205146122-2744914269-312741955-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.com/ig
    edirectdomain?brand=SMSN&bmod=SMSN
    mStart Page = hxxp://www.google.com/ig
    edirectdomain?brand=SMSN&bmod=SMSN
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\documents and settings\Le Beau\Application Data\Mozilla\Firefox\Profiles\y73exvkm.default\
    FF - prefs.js: browser.search.selectedEngine - YouTube
    FF - prefs.js: browser.startup.homepage - hxxp://www.scannerforum.nl/search.php?search_id=newposts&sid=f3a771f65d4699f9c56458c4ab3aaff9
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
    prphtml5videoshim.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pFoxitReaderPlugin.dll

    —- FIREFOX POLICIES —-
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-16 20:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2010-05-16 21:00:18
    ComboFix-quarantined-files.txt 2010-05-16 19:00

    Pre-Run: 67.163.226.112 bytes beschikbaar
    Post-Run: 67.182.841.856 bytes beschikbaar

    - - End Of File - - C211F0CB77E3999EFC075E465CB9A2F4
  • Beter nu?
  • Ja tot nu toe geen gekke meldingen meer :P

    Bedankt voor de hulp!
  • Download [b:e3a09e9766]OTC.exe[/color:e3a09e9766][/b:e3a09e9766] (by OldTimer)
    [list:e3a09e9766][*:e3a09e9766]Plaats het bestand op je bureaublad.
    [*:e3a09e9766]Zorg dat er een internetverbinding is.
    [*:e3a09e9766]Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
    [*:e3a09e9766]Klik nu op de knop "CleanUp!"
    [*:e3a09e9766]Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
    [*:e3a09e9766]OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.[/list:u:e3a09e9766]

    [i:e3a09e9766][b:e3a09e9766]Nota[/b:e3a09e9766]: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.[/i:e3a09e9766]
  • Heb ik ook gedaan, system is geheel clean weer :P

    Hartelijk dank!
  • Mooi mooi. :wink:
  • Beste 'juisterr'

    Ik heb een gelijkaardig probleem…
    AVG blijft zeggen: trojaans paard generic 18.ALCI
    Zou je naar het mijne ook even willen kijken aub?

    Zou super zijn,

    Thanks,
  • [quote:3fe30572c0="Moeke"]Beste 'juisterr'

    Ik heb een gelijkaardig probleem…
    AVG blijft zeggen: trojaans paard generic 18.ALCI
    Zou je naar het mijne ook even willen kijken aub?

    Zou super zijn,

    Thanks,[/quote:3fe30572c0]


    Beste,

    Ik heb hier Vista op mijn PC, maar bij het rechtsklikken (bij HiJack…)
    heb ik niet de optie 'uitvoeren als administrator'. Dat staat er niet tussen…

    Begrijp er niet veel van… pff
    Lastig, hopelijk kan jij me verderhelpen,

    Groetjes,
  • Hallo Moeke, je gaat naar de installatielokatie van HijackThis en dan krijg je wel de optie, om het tool te starten met administratorrechten!

    Maar lees dit ook:

    Maak een nieuw topic aan - want om je probleem aan een opgelost topic te hangen, dat helpt niet echt!

    Dus een eigen topic aamaken met daarin jouw log!
  • [quote:6e14c3e960="Abraham54"]Hallo Moeke, je gaat naar de installatielokatie van HijackThis en dan krijg je wel de optie, om het tool te starten met administratorrechten!

    Maar lees dit ook:

    Maak een nieuw topic aan - want om je probleem aan een opgelost topic te hangen, dat helpt niet echt!

    Dus een eigen topic aamaken met daarin jouw log![/quote:6e14c3e960]



    Beste,

    Bedankt voor je reactie,
    Ok, zal het onthouden voor volgende keer, bedankt voor de info.

    Ik denk dat ik het er heb afgekregen…
    AVG zegt er niets meer over en heb ook nog eens met Spybot geprobeerd…

    Toch bedankt,

    Groetjes,

    Moeke
  • De tools die jij gebruikt geven geen garantie dat je de ongein nu kwijt bent!
    Dus wil je zekerheid - dan doe je alsnog datgene wat je al eerder wou doen!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.