Vraag & Antwoord

Beveiliging & privacy

Hoe verwijder ik trojaans paard Generic Trojan??

15 antwoorden
  • Hallo, ik denk dat mijn pc geinfecteerd is, Panda Cloud antivirus komt steeds met de boodschap dat ie een Trojaans paard geneutraliseerd heeft nl. "Generic Trojan". Nou heb ik de PC al met allerlei software gecheckt, o.a. SuperAntiSpyware en HitmanPRo maar die vinden óf niks óf niet de bewuste infectie. Panda blijft nl. waarschuwen dat ie wat geneutraliseerd heeft. Wat is een goede oplossing om dit probleem aan te pakken? Svp uw hulp.
  • SuperAntiSpyware en HitmanPRo vinden niks, verbazend. Ga naar [b:c6ec640cbc]start>configuratiescherm>software of programma's en onderdelen[/b:c6ec640cbc] en verwijder daar de huidige (oude) versie van HijackThis. Download [url=http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.msi][b:c6ec640cbc]HijackThis Install[/b:c6ec640cbc][/url] naar je bureaublad. Dubbelklik op [b:c6ec640cbc]HijackThisInstaller.exe[/b:c6ec640cbc] om de installatie te starten. Dubbelklik op het programma HijackThis en klik op de optie "[b:c6ec640cbc]Main Menu[/b:c6ec640cbc]", en kies voor [b:c6ec640cbc]Do a system scan and save a logfile[/b:c6ec640cbc]. Plaats vervolgens de inhoud van het log dat verschijnt in je volgende post. [b:c6ec640cbc][color=#0000FF:c6ec640cbc]Let op!!![/color:c6ec640cbc][/b:c6ec640cbc] [i:c6ec640cbc]Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "[u:c6ec640cbc]Rechtermuisknop uitvoeren als[/u:c6ec640cbc]", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis) [/i:c6ec640cbc]
  • Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:11:41, on 16-5-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BatteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268940559562 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: SRS WOWXT/TSXT Service (SRS_WOWXT_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe -- End of file - 6196 bytes
  • Zo verkeert ziet dit er niet uit. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:2b5866aff6][color=blue:2b5866aff6]Combofix [/color:2b5866aff6][/b:2b5866aff6][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:2b5866aff6][color=Red:2b5866aff6]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:2b5866aff6]download Combofix opnieuw[/b:2b5866aff6]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:2b5866aff6][/i:2b5866aff6][list:2b5866aff6][*:2b5866aff6]Dubbelklik op [b:2b5866aff6]Combofix.exe[/b:2b5866aff6] om het te starten. [*:2b5866aff6][i:2b5866aff6]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:2b5866aff6] [*:2b5866aff6]Klik op [b:2b5866aff6]OK[/b:2b5866aff6] in het "NirCmd" venstertje. [*:2b5866aff6][i:2b5866aff6]Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:2b5866aff6]JA[/b:2b5866aff6] te klikken in het "Query - Recovery Console" venster.[/i:2b5866aff6] [*:2b5866aff6]Klik op [b:2b5866aff6]OK[/b:2b5866aff6] en [b:2b5866aff6]Ja[/b:2b5866aff6] om automatisch de Recovery Console te laten installeren. [*:2b5866aff6]Klik na afloop terug op [b:2b5866aff6]Ja[/b:2b5866aff6] om het scannen op malware te starten. [*:2b5866aff6]Tijdens het runnen van de fix, [b:2b5866aff6]NIET[/b:2b5866aff6] in het venster klikken, want dit zal je pc doen vasthangen. [*:2b5866aff6]Wanneer de fix voltooid is en na herstart, zal de log [b:2b5866aff6]Combofix.txt[/b:2b5866aff6] openen.[/list:u:2b5866aff6]Post dit logje in je volgende antwoord.
  • Logjes ziet er zo uit: ComboFix 10-05-16.01 - Le Beau 16-05-2010 20:54:28.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.655 [GMT 2:00] Gestart vanuit: c:\documents and settings\Le Beau\Bureaublad\ComboFix.exe AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Le Beau\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk c:\windows\SEC c:\windows\SEC\DelMt.cmd c:\windows\SEC\JRE150.exe c:\windows\SEC\Marker.exe c:\windows\SEC\MEMIO.sys c:\windows\SEC\MEMIO.vxd c:\windows\SEC\MP10FRN.exe c:\windows\SEC\SECINSTALL.EXE c:\windows\SEC\SECINSTALL.INI c:\windows\SEC\StartMem.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))) . 2010-05-16 17:31 . 2009-02-18 18:08 43240 ----a-w- c:\windows\system32\drivers\WOWXT_kern_i386.sys 2010-05-16 17:31 . 2009-02-18 18:08 25560 ----a-w- c:\windows\system32\drivers\WOWFilter.sys 2010-05-16 17:31 . 2009-02-18 18:08 36712 ----a-w- c:\windows\system32\drivers\TSXT_kern_i386.sys 2010-05-16 17:31 . 2009-01-09 10:03 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-05-16 17:31 . 2009-01-09 10:03 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-05-16 17:31 . 2009-01-09 10:03 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-05-16 17:31 . 2009-01-09 10:03 213640 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2010-05-16 17:31 . 2009-01-09 10:03 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-05-16 17:31 . 2008-10-23 11:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-05-16 17:31 . 2009-04-09 08:07 282624 ----a-w- c:\windows\system32\ykx32mpcoinst.dll 2010-05-16 10:38 . 2010-05-16 14:46 -------- d--h--r- c:\documents and settings\Le Beau\Onlangs geopend 2010-05-16 10:29 . 2010-05-16 14:53 1 ----a-w- c:\documents and settings\Le Beau\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-16 10:28 . 2010-05-16 10:28 -------- d-----w- c:\documents and settings\Le Beau\Application Data\OpenOffice.org 2010-05-16 10:22 . 2010-05-16 10:22 -------- d-----w- c:\program files\OpenOffice.org 3 2010-05-16 10:11 . 2010-05-16 10:11 388096 ----a-r- c:\documents and settings\Le Beau\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-16 10:00 . 2010-05-16 10:02 -------- d-----w- c:\windows\SxsCaPendDel 2010-05-16 09:36 . 2010-05-16 09:30 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-16 09:28 . 2010-05-16 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-16 09:16 . 2010-05-16 09:16 -------- d-----w- c:\program files\Trend Micro 2010-05-16 08:47 . 2010-05-16 08:47 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-16 08:47 . 2010-05-16 08:47 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-05-16 08:47 . 2010-05-16 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-05-16 08:38 . 2010-05-16 08:38 -------- d-----w- c:\program files\Enigma Software Group 2010-05-16 08:38 . 2010-05-16 08:41 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP 2010-05-16 08:14 . 2010-05-16 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-05-16 08:13 . 2010-05-16 10:04 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-16 08:13 . 2010-05-16 10:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-16 07:17 . 2010-05-16 07:17 -------- d-----w- c:\windows\Internet Logs 2010-05-15 20:53 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-15 20:50 . 2010-05-15 20:50 -------- d-----w- c:\documents and settings\Le Beau\Application Data\CheckPoint 2010-05-15 20:49 . 2010-05-16 07:17 -------- d-----w- c:\program files\CheckPoint 2010-05-15 20:49 . 2010-05-15 20:49 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-05-15 20:42 . 2010-05-15 20:42 -------- d-----w- c:\windows\system32\wbem\Repository 2010-05-15 20:19 . 2010-05-15 20:41 -------- d-----w- c:\documents and settings\Le Beau\Application Data\Search Settings(2) 2010-05-15 17:37 . 2010-05-15 17:37 -------- d-----w- c:\documents and settings\Le Beau\Application Data\Malwarebytes 2010-05-15 17:37 . 2010-05-15 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-15 17:37 . 2010-05-15 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-15 07:50 . 2010-05-15 20:41 -------- d-----w- c:\documents and settings\NetworkService\UserData 2010-05-13 08:32 . 2010-05-15 20:41 -------- d-----w- c:\program files\PDFCreator 2010-04-24 06:12 . 2010-04-24 06:12 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-04-24 06:12 . 2010-04-24 06:12 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-04-24 06:12 . 2010-04-24 06:12 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-04-24 06:12 . 2010-04-24 06:12 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-04-22 20:12 . 2010-05-15 07:49 -------- d-----w- c:\documents and settings\Le Beau\Application Data\vlc 2010-04-22 20:11 . 2010-04-22 20:11 -------- d-----w- c:\program files\VideoLAN 2010-04-18 16:22 . 2010-04-18 16:22 -------- d-----w- c:\windows\Sun . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 20:52 . 2009-05-13 17:00 -------- d-----w- c:\program files\Java 2010-04-24 06:12 . 2010-04-24 06:12 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-04-24 06:12 . 2010-04-24 06:12 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-04-24 06:12 . 2010-04-24 06:12 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-04-24 06:12 . 2010-04-24 06:12 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-04-24 06:12 . 2010-04-24 06:12 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-04-24 06:12 . 2010-04-24 06:11 -------- d-----w- c:\program files\Common Files\Real 2010-04-24 06:12 . 2010-04-24 06:11 -------- d-----w- c:\program files\Real 2010-04-24 06:11 . 2010-04-24 06:11 -------- d-----w- c:\program files\Common Files\xing shared 2010-04-24 06:11 . 2010-04-24 06:11 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-04-24 06:11 . 2010-04-24 06:11 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-04-05 07:12 . 2010-04-05 07:12 -------- d-----w- c:\documents and settings\Le Beau\Application Data\Panda Security 2010-03-29 16:44 . 2009-05-14 01:34 364882 ----a-w- c:\windows\system32\perfh013.dat 2010-03-29 16:44 . 2009-05-14 01:34 53850 ----a-w- c:\windows\system32\perfc013.dat 2010-03-29 16:41 . 2010-03-29 16:41 -------- d-----w- c:\program files\Atheros WLAN Client 2010-03-29 16:41 . 2009-05-13 17:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-29 15:10 . 2010-03-29 15:10 -------- d-----w- c:\program files\Marvell 2010-03-27 21:43 . 2010-03-27 21:43 -------- d-----w- c:\program files\SRS Labs 2010-03-27 20:59 . 2009-05-13 17:05 -------- d-----w- c:\program files\Samsung 2010-03-27 20:22 . 2010-03-27 20:22 152576 ----a-w- c:\documents and settings\Le Beau\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-27 20:22 . 2010-03-27 20:22 79488 ----a-w- c:\documents and settings\Le Beau\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-23 16:19 . 2010-03-23 16:12 -------- d-----w- c:\program files\GoldWave 2010-03-21 14:21 . 2010-03-21 14:21 -------- d-----w- c:\program files\IrfanView 2010-03-19 16:50 . 2010-03-19 16:50 -------- d-----w- c:\program files\QuickPar 2010-03-19 15:46 . 2010-03-18 18:12 -------- d-----w- c:\documents and settings\Le Beau\Application Data\NewsLeecher 2010-03-19 15:46 . 2010-03-18 16:20 -------- d-----w- c:\program files\FTDv3.8 2010-03-18 19:24 . 2010-03-17 18:59 18112 ----a-w- c:\documents and settings\Le Beau\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-18 18:36 . 2010-03-18 18:36 -------- d-----w- c:\documents and settings\Le Beau\Application Data\Microsoft Web Folders 2010-03-18 18:36 . 2009-05-13 16:57 -------- d-----w- c:\program files\microsoft frontpage 2010-03-18 16:19 . 2010-03-18 16:19 -------- d-----w- c:\program files\7-Zip 2010-03-18 11:35 . 2010-03-18 11:35 -------- d-----w- c:\program files\NewsLeecher 2010-03-18 11:34 . 2010-03-18 11:34 -------- d-----w- c:\program files\DAMN NFO Viewer 2010-03-18 08:20 . 2009-05-13 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\WinClon 2010-03-17 23:09 . 2010-03-17 23:08 -------- d-----w- c:\program files\CyberLink 2010-03-17 23:08 . 2010-03-17 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp 2010-03-17 23:08 . 2010-03-17 23:08 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe 2010-03-17 23:07 . 2010-03-17 23:07 -------- d-----w- c:\program files\WIDCOMM 2010-03-17 23:07 . 2010-03-17 23:07 0 -c--a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_N120_05CE.mrk 2010-03-17 20:20 . 2010-03-17 20:20 -------- d-----w- c:\program files\CCleaner 2010-03-17 19:02 . 2010-03-17 19:02 -------- d-----w- c:\program files\Microsoft 2010-03-17 19:02 . 2010-03-17 19:02 -------- d-----w- c:\program files\Windows Live 2010-03-17 19:02 . 2010-03-17 19:02 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-03-17 18:59 . 2010-03-17 18:59 -------- d-----w- c:\program files\Common Files\Windows Live 2010-03-17 18:58 . 2010-03-17 18:28 -------- d-----w- c:\program files\Winamp 2010-03-17 18:33 . 2010-03-17 18:33 0 -c--a-w- c:\windows\nsreg.dat 2010-03-17 17:49 . 2010-03-17 17:49 264 ----a-w- c:\windows\system32\PSUNCpl.dat 2010-03-09 11:11 . 2009-05-14 01:34 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-26 05:53 . 2009-05-14 01:34 670208 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 05:53 . 2009-05-14 01:33 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-24 13:11 . 2009-05-14 01:33 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:09 . 2008-04-14 22:11 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2008-04-14 22:11 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe . ------- Sigcheck ------- [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:30 . 97912DC0679D2DA60CCE589BBC196D72 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:26 . F6C37073A269C163A5FDAE5BFF47F367 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [7] 2008-04-15 12:00 . 42A7FC383B174D91162EBF44C8AA5349 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . CE7EFE07C7119C8CD09D953AD9ECA7CD . 1030656 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . 93E2307273AE7B2D5418E132902373A7 . 1032704 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [7] 2008-04-15 . 09BCB7171F8172C2BA0189FE1F9C25CB . 1030656 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2010-02-26 . 84D2DE61551FB64A0207BC111A30F9A0 . 3094016 . . [6.00.2900.5945] . . c:\windows\system32\mshtml.dll [-] 2010-02-26 . 84D2DE61551FB64A0207BC111A30F9A0 . 3094016 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\mshtml.dll [-] 2010-02-26 . B86E9813F70A693C192F27A79FB4F01D . 3094528 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll [-] 2009-12-22 . E9536E13EDDB2B72B33CB20182A80086 . 3092480 . . [6.00.2900.5921] . . c:\windows\$NtUninstallKB980182$\mshtml.dll [-] 2009-12-22 . AB8AB19C3EC6FA71152C50E6C5F452C9 . 3094528 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll [7] 2008-04-15 . B937B964B164A7B588D09BF419F90875 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB978207$\mshtml.dll [-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 74816260AECBE87C473962A359007EEB . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . 18740E8EC5BE4B6D66FA0E4CBFD3B9C6 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [7] 2008-04-15 . 6BBC05038DF477F12E930A0F99F7D219 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2010-02-17 . FD62829F3524A1BE95FD384A3C445AAB . 2194304 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2010-02-17 . FD62829F3524A1BE95FD384A3C445AAB . 2194304 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2010-02-16 . DA6465E0F6BBA4618E40C3D36B263866 . 2150912 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe [-] 2010-02-16 . B79C48187CA08D2EC27DA4939953F082 . 2194432 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-12-10 . 5037978D6ED651AEC5D6ACC87D65C715 . 2193664 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . 91BB9F7616C0A8BB6ECA10EB6816B21C . 2149888 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe [7] 2009-02-10 . 7625D5BAFD2A4A8458468B139C893BB7 . 2193536 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [7] 2009-02-10 . 7625D5BAFD2A4A8458468B139C893BB7 . 2193536 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP3QFE\ntoskrnl.exe [7] 2009-02-09 . 0F1A4A14A22DC4B839052DE174B57A33 . 2184832 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP2GDR\ntoskrnl.exe [7] 2009-02-09 . 35BEF358DAB3E53ADF93AAE4D64F4852 . 2190464 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP2QFE\ntoskrnl.exe [7] 2009-02-09 . 27380B877348030B0662A39C47AAEC11 . 2193408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP3GDR\ntoskrnl.exe [7] 2009-02-09 . AAC6BB111B1ACEAFCD3D3AD569BA3DD3 . 2149888 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe [7] 2008-04-15 . F13A2B659A51AA340F5596E7D604864B . 2149888 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2010-02-26 . 48C55933922D72B990E94CF8656BD05C . 670208 . . [6.00.2900.5945] . . c:\windows\system32\wininet.dll [-] 2010-02-26 . 48C55933922D72B990E94CF8656BD05C . 670208 . . [6.00.2900.5945] . . c:\windows\system32\dllcache\wininet.dll [-] 2010-02-26 . D3E73E61284082EF6249E3A62D1C79D0 . 671744 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll [-] 2009-12-22 . A21DF8A5A088A16563B30B7F3E70FEF2 . 670208 . . [6.00.2900.5921] . . c:\windows\$NtUninstallKB980182$\wininet.dll [-] 2009-12-22 . 2ABF21F7978482AF7CFA4DABF8C5B4E6 . 671744 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll [7] 2008-04-15 . 80CA4DCDD3DAD65CB8800508076712E7 . 669184 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB978207$\wininet.dll [-] 2010-02-16 . F6049CA4515D37D5DA502D162E9B6AA0 . 2071168 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2010-02-16 . F6049CA4515D37D5DA502D162E9B6AA0 . 2071168 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2010-02-16 . 8734043A9B2FD911BA85A8A08F202B91 . 2029056 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe [-] 2010-02-16 . 7C4F935FC449E4D27C685A5BC1792664 . 2071296 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-12-10 . 6A42A70506E7ACFF6C3ACD740E22A01F . 2070528 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . 1EC8EEA049772D6C6A6D7518589B6B5D . 2028544 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe [7] 2009-02-10 . 6A94A7317E28B6543D94174F9016BB68 . 2070400 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP3GDR\ntkrnlpa.exe [7] 2009-02-09 . 06A467DC3FF07102B058B2B41104662F . 2062080 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP2GDR\ntkrnlpa.exe [7] 2009-02-09 . E03AE5E3171A627D58957B0437DEE4F9 . 2067328 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP2QFE\ntkrnlpa.exe [7] 2009-02-09 . 6DCC1CE955F33EC4C0CE271BFA5D3310 . 2028544 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe [7] 2009-02-09 . 07EE73D79A7CA142463470AEF230082B . 2070528 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [7] 2009-02-09 . 07EE73D79A7CA142463470AEF230082B . 2070528 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\7cc53337f6052d404723aef4c076967b\SP3QFE\ntkrnlpa.exe [7] 2008-04-15 . 1B3709F568AF90FDB935FD017C92E5E9 . 2028544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon] @="{0847B599-9191-4A27-BD61-DE11598D3B1B}" [HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}] 2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BatteryLifeExtender"="c:\program files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe" [2009-03-13 550912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480] "SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-02-03 294912] "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896] "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944] "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728] "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-24 202256] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [13-10-2009 16:50 114312] R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [13-5-2009 19:00 4300] R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30-10-2009 18:29 136448] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [30-10-2009 17:18 146952] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [13-10-2009 16:50 95880] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [13-10-2009 16:50 101512] R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [19-5-2009 11:39 66792] R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [14-5-2009 3:33 14336] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [27-3-2010 23:43 233512] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [13-5-2009 19:04 238464] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13-5-2009 19:02 1684736] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] yksvcs REG_MULTI_SZ yksvc . Inhoud van de 'Gedeelde Taken' map 2010-05-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2205146122-2744914269-312741955-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] 2010-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2205146122-2744914269-312741955-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Le Beau\Application Data\Mozilla\Firefox\Profiles\y73exvkm.default\ FF - prefs.js: browser.search.selectedEngine - YouTube FF - prefs.js: browser.startup.homepage - hxxp://www.scannerforum.nl/search.php?search_id=newposts&sid=f3a771f65d4699f9c56458c4ab3aaff9 FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-16 20:58 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2010-05-16 21:00:18 ComboFix-quarantined-files.txt 2010-05-16 19:00 Pre-Run: 67.163.226.112 bytes beschikbaar Post-Run: 67.182.841.856 bytes beschikbaar - - End Of File - - C211F0CB77E3999EFC075E465CB9A2F4
  • Beter nu?
  • Ja tot nu toe geen gekke meldingen meer :P Bedankt voor de hulp!
  • Download [url=http://oldtimer.geekstogo.com/OTC.exe][b:e3a09e9766][color=Blue:e3a09e9766]OTC.exe[/color:e3a09e9766][/b:e3a09e9766][/url] (by OldTimer) [list:e3a09e9766][*:e3a09e9766]Plaats het bestand op je bureaublad. [*:e3a09e9766]Zorg dat er een internetverbinding is. [*:e3a09e9766]Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten. [*:e3a09e9766]Klik nu op de knop "CleanUp!" [*:e3a09e9766]Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig. [*:e3a09e9766]OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.[/list:u:e3a09e9766] [i:e3a09e9766][b:e3a09e9766]Nota[/b:e3a09e9766]: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.[/i:e3a09e9766]
  • Heb ik ook gedaan, system is geheel clean weer :P Hartelijk dank!
  • Mooi mooi. :wink:
  • Beste 'juisterr' Ik heb een gelijkaardig probleem... AVG blijft zeggen: trojaans paard generic 18.ALCI Zou je naar het mijne ook even willen kijken aub? Zou super zijn, Thanks,
  • [quote:3fe30572c0="Moeke"]Beste 'juisterr' Ik heb een gelijkaardig probleem... AVG blijft zeggen: trojaans paard generic 18.ALCI Zou je naar het mijne ook even willen kijken aub? Zou super zijn, Thanks,[/quote:3fe30572c0] Beste, Ik heb hier Vista op mijn PC, maar bij het rechtsklikken (bij HiJack...) heb ik niet de optie 'uitvoeren als administrator'. Dat staat er niet tussen... Begrijp er niet veel van... pff Lastig, hopelijk kan jij me verderhelpen, Groetjes,
  • Hallo Moeke, je gaat naar de installatielokatie van HijackThis en dan krijg je wel de optie, om het tool te starten met administratorrechten! Maar lees dit ook: Maak een nieuw topic aan - want om je probleem aan een opgelost topic te hangen, dat helpt niet echt! Dus een eigen topic aamaken met daarin jouw log!
  • [quote:6e14c3e960="Abraham54"]Hallo Moeke, je gaat naar de installatielokatie van HijackThis en dan krijg je wel de optie, om het tool te starten met administratorrechten! Maar lees dit ook: Maak een nieuw topic aan - want om je probleem aan een opgelost topic te hangen, dat helpt niet echt! Dus een eigen topic aamaken met daarin jouw log![/quote:6e14c3e960] Beste, Bedankt voor je reactie, Ok, zal het onthouden voor volgende keer, bedankt voor de info. Ik denk dat ik het er heb afgekregen... AVG zegt er niets meer over en heb ook nog eens met Spybot geprobeerd... Toch bedankt, Groetjes, Moeke
  • De tools die jij gebruikt geven geen garantie dat je de ongein nu kwijt bent! Dus wil je zekerheid - dan doe je alsnog datgene wat je al eerder wou doen!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.