Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Wordt firefox naar verkeerde sites omgeleid.

Anoniem
None
22 antwoorden
  • Als ik met in firefox met google diverse sites heb gevonden en klik op een gevonden site, dan wordt dit omgeleid naar een vreemde site.
    In IE heb ik dat probleem niet.

    Wie kan mij helpen?
  • Probleem inmiddels niet meer aanwezig. Met een volledige scan met Ad Aware versie 8.3.1. (duur 2,5 u) is 1 infectie gevonden met Trojan W32.Generic!BT. Na opnieuw opstarten PC geen probleem meer ondervonden.

    Hoop dat het zo blijft, anders meld ik me weer.
  • Als firefox een poos heeft aangestaan doet het probleem zich toch weer voor.

    Het is heel vervelend steeds naar een verkeerde site omgeleid te worden. Alles op virus en spy e.d. gecontroleerd met spybot, Ad Aware, Malwarebytes en Avast.; er wordt echter niets meer gevonden.

    Wie kan mij helpen?? Alvast bedankt.
  • Hierbij het Hijackthis.log. Wil hier iemand naar kijken wat mogelijk de oorzaak kan zijn van het doorsluizen naar verkeerde websites als ik klik op een via google gezochte site?

    Alvast bedankt.
    Ben


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:37:59, on 26-8-2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18943)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\mobsync.exe
    C:\Acer\Empowering Technology\eDSMSNfix.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com
    esource/download/scanner/nl-nl/wlscctrl2.cab
    O20 - AppInit_DLLs: eNetHook.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updateservice (gupdate1c9c258abb2dba) (gupdate1c9c258abb2dba) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 5873 bytes
  • In je log kan ik ook gen vreemde zaken ontwaren, ziet er goed uit!
    Installeer de nieuwste versie van FF eens schoon!
  • Bedankt Abraham. Ik was het weekend weg maar gisterenavond vond ik met de Kaspersky 30 dagen proefversie scanner toch nog besmettingen (zie log). Ik vind het vreemd dat Avast 5 deze niet kon vinden. Daarna vond de Windows Live OneCare scanner nog besmettingen die deze niet kon verwijderen (eveneens in C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\. )

    Firefox vervangen door Google Chrome. Geen last meer van omleidingen naar verkeerde sites.

    Gezien de nog aanwezige besmettingen vraag ik me af of grover geschut niet noodzakelijk is. Combofix o.i.d.? Dat doe ik slechts wanneer jij dat ziet zitten.
    Alvast bedankt voor je antwoord.


    Verwijderd (10)
    30-8-2010 7:01:36 Verwijderd Trojaans programma Trojan-Downloader.JS.Agent.fns C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-6016b6a8/mosdef.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Trojan-Downloader.JS.Agent.fns C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\26b522f-6e5a6f99/mosdef.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-6016b6a8/SiteError.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-6016b6a8/dostuff.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\26b522f-6e5a6f99/SiteError.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\26b522f-6e5a6f99/dostuff.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2009-3867.e C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4e24ba25-11a82d5f/seopack.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.Agent.cw C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32f3ff9e-54ced52c/KAK/NED/crime4u.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.Agent.cv C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32f3ff9e-54ced52c/KAK/NED/NOD32.class Hoog
    30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.Agent.cu C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32f3ff9e-54ced52c/KAK/NED/sexxxy.class Hoog
    Gedesinfecteerd (4)
    30-8-2010 7:01:36 Gedesinfecteerd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-6016b6a8 Hoog
    30-8-2010 7:01:36 Gedesinfecteerd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\26b522f-6e5a6f99 Hoog
    30-8-2010 7:01:36 Gedesinfecteerd Trojaans programma Exploit.Java.CVE-2009-3867.e C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4e24ba25-11a82d5f Hoog
    30-8-2010 7:01:36 Gedesinfecteerd Trojaans programma Exploit.Java.Agent.cv C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32f3ff9e-54ced52c Hoog
    Geïnfecteerd (4)
    29-8-2010 20:13:17 Geïnfecteerd malware HackTool.Win32.PassDic.be D:\Program Files\iWisoft Flash SWF to Video Converter\swf2avi.exe Gemiddeld
    29-8-2010 23:29:40 Geïnfecteerd legale software die door criminelen kan worden gebruikt om uw computer of uw persoonlijke gegevens te beschadigen PDM.DNS Query D:\PROGRAM FILES\HYVES DESKTOP\BIN\HYVESDESKTOP.EXE Laag
    29-8-2010 21:10:57 Geïnfecteerd legale software die door criminelen kan worden gebruikt om uw computer of uw persoonlijke gegevens te beschadigen PDM.DNS Query C:\PROGRAM FILES\WINDOWS LIVE SAFETY CENTER\WLSCUPLOADER.EXE Laag
    29-8-2010 19:14:05 Geïnfecteerd legale software die door criminelen kan worden gebruikt om uw computer of uw persoonlijke gegevens te beschadigen PDM.DNS Query D:\PROGRAM FILES\TELETEKSTBROWSER\TELETEKST.EXE Laag
  • Ik wil nu eerst gaag een nieuw [b:d41070f2bb]HijackThis-log[/b:d41070f2bb] van jou.

    Wat betreft Av's: Kaspersky is niet gratis en één van de topsuites!
    Wil jij echt goed beveiligd zijn, dan neem je een te betalen internet security suite!
  • Hallo Abraham, hierbij de nieuwe Hijackthis log. Zijn deze 2 deze regels juist?
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost


    Voor een goed beeld doe ik alsnog de log van Mbam er nog bij toen de besmetting zich vorige week voordeed. Ik heb Mbam net volledig laten scannen (2,5 uur) en vindt niets.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 4475

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    25-8-2010 18:55:02
    mbam-log-2010-08-25 (18-55-02).txt

    Scantype: Snelle scan
    Objecten gescand: 140697
    Verstreken tijd: 8 minuut/minuten, 48 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 3
    Registersleutels geïnfecteerd: 4
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 2
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 4

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    C:\Windows\System32\d3dx9_2732.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Users\Ben\AppData\Roaming\2A9D.tmp (Trojan.Tracur) -> Delete on reboot.
    C:\Windows\System32\d3d10warp32.dll (Trojan.Tracur) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\CLSID\{0fce2be0-5e31-47c5-9c63-793ed7a35917} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fce2be0-5e31-47c5-9c63-793ed7a35917} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fce2be0-5e31-47c5-9c63-793ed7a35917} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\d3dx9_2732.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\d3dx9_2732.dll -> Delete on reboot.

    Mappen geïnfecteerd:
    C:\ProgramData\579076250 (Rogue.Multiple) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\Windows\System32\d3dx9_2732.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Users\Ben\AppData\Roaming\2A9D.tmp (Trojan.Tracur) -> Delete on reboot.
    C:\Windows\System32\d3d10warp32.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Windows\System32\d3dx9_3332.dll (Trojan.Tracur) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:15:05, on 30-8-2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18943)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDSMSNfix.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com
    esource/download/scanner/nl-nl/wlscctrl2.cab
    O20 - AppInit_DLLs: eNetHook.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updateservice (gupdate1c9c258abb2dba) (gupdate1c9c258abb2dba) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 6547 bytes
  • Die twee door jou aangehaalde regels zijn legitiem hoor!
    Bij hosts is het 01Host t.b.v. IPV6.

    Je log ziet er ook goed uit.

    Heb je nog problemen?
    Bijv. met FF - krijg je daar nog steeds omleidingen?
  • Hallo Abraham, bedankt voor je snelle reactie. Ik laat FF er even af. Ik kijk of Google Chrome als alternatief bevalt. Nog niet gevonden hoe je daarin je bezochte sites na afsluiten automatisch kan laten verwijderen, maar dat zoek ik wel op. Mocht jij dat zonder gezoek weten, dan houd ik me aanbevolen.

    Ik vind mijn pc langzaam. Dacht als gevolg van de virussen e.d. maar mogelijk is geheugenruimtetekort het probleem, maar het valt ineens meer op.
    Blij dat hij in ieder geval weer 'schoon' is.

    Hartstikke bedankt!!!

    Ben
  • Hoi Ben - het was niet niks dat MBAM heeft verwijderd.

    [b:fc11472b4c]Laat Combofix jouw Windows scannen (klik)[/b:fc11472b4c].
    [b:fc11472b4c]Hoe Combofix goed te gebruiken (klik)[/b:fc11472b4c]
    [list:fc11472b4c][*:fc11472b4c][b:fc11472b4c] Om Combofix te kunnen gebruiken geldt het volgende:[/b:fc11472b4c]
    [*:fc11472b4c][b:fc11472b4c]Vista- en Windows 7 gebruikers starten Combofix op met Administratorrechten![/b:fc11472b4c]
    [*:fc11472b4c]
  • Abraham, hier is de Combofix log. Na de hernieuwde opstart deden geen van beiden browsers (IE en Google Chrome) het meer en moest ik opnieuw starten.


    ComboFix 10-08-29.03 - Ben 30-08-2010 15:09:56.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1013.417 [GMT 2:00]
    Gestart vanuit: c:\users\Ben\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\SysWoW32
    c:\programdata\SysWoW32\mu1256996263v4.kwd
    c:\programdata\SysWoW32\mu1256996263v5.kwd
    c:\programdata\SysWoW32\mu1256996263v6.kwd
    c:\programdata\SysWoW32\mu1256996263v7.kwd
    c:\programdata\SysWoW32\wu1256996263v0
    c:\programdata\SysWoW32\wu1256996263v0.kwd
    c:\programdata\SysWoW32\wu1256996263v1
    c:\programdata\SysWoW32\wu1256996263v1.kwd
    c:\programdata\SysWoW32\wu1256996263v2
    c:\programdata\SysWoW32\wu1256996263v2.kwd
    c:\programdata\SysWoW32\wu1256996263v3
    c:\programdata\SysWoW32\wu1256996263v3.kwd
    c:\programdata\unrar.exe
    c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}
    c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}\chrome.manifest
    c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}\chrome\xulcache.jar
    c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}\defaults\preferences\xulcache.js
    c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}\install.rdf
    c:\users\Ben\AppData\Roaming\02000000a1a14868988C.manifest
    c:\users\Ben\AppData\Roaming\02000000a1a14868988O.manifest
    c:\users\Ben\AppData\Roaming\02000000a1a14868988P.manifest
    c:\users\Ben\AppData\Roaming\02000000a1a14868988S.manifest
    c:\windows\system32\%appdata%
    D:\install.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))
    .

    2010-08-30 13:22 . 2010-08-30 13:28 ——– d—–w- c:\users\Ben\AppData\Local\temp
    2010-08-30 13:22 . 2010-08-30 13:22 ——– d—–w- c:\users\Default\AppData\Local\temp
    2010-08-30 13:22 . 2010-08-30 13:22 ——– d—–w- c:\users\Ben M\AppData\Local\temp
    2010-08-29 18:02 . 2010-08-29 18:02 ——– d—–w- c:\users\Ben\AppData\Local\Adobe
    2010-08-29 13:27 . 2010-08-29 13:37 97549 —-a-w- c:\windows\system32\drivers\klick.dat
    2010-08-29 13:27 . 2010-08-29 13:37 113933 —-a-w- c:\windows\system32\drivers\klin.dat
    2010-08-29 13:23 . 2010-08-30 13:24 ——– d—–w- c:\programdata\Kaspersky Lab
    2010-08-29 12:52 . 2010-08-29 12:52 ——– d—–w- c:\programdata\Kaspersky Lab Setup Files
    2010-08-26 20:34 . 2010-08-26 20:34 ——– d—–w- c:\program files\Common Files\Java
    2010-08-26 10:57 . 2010-08-26 10:57 ——– d—–w- c:\program files\Trend Micro
    2010-08-25 23:23 . 2010-08-25 23:23 ——– d—–w- c:\users\Ben\AppData\Local\Sunbelt Software
    2010-08-22 15:32 . 2010-08-22 15:32 ——– d—–w- c:\program files\Conduit
    2010-08-21 06:19 . 2010-08-21 06:19 ——– d—–w- c:\program files\Common Files\DVDVideoSoft
    2010-08-18 21:03 . 2010-08-18 21:03 ——– d—–w- c:\program files\iPod
    2010-08-18 21:02 . 2010-08-18 21:04 ——– d—–w- c:\program files\iTunes
    2010-08-18 18:32 . 2010-08-29 19:11 ——– d—–w- c:\program files\Windows Live Safety Center
    2010-08-14 09:18 . 2010-06-21 13:37 2037760 —-a-w- c:\windows\system32\win32k.sys
    2010-08-14 09:18 . 2010-06-18 17:31 36864 —-a-w- c:\windows\system32\rtutils.dll
    2010-08-14 09:18 . 2010-06-08 17:35 3600768 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2010-08-14 09:18 . 2010-06-08 17:35 3548040 —-a-w- c:\windows\system32
    toskrnl.exe
    2010-08-14 09:18 . 2010-06-11 16:15 1248768 —-a-w- c:\windows\system32\msxml3.dll
    2010-08-14 09:18 . 2010-06-18 15:04 302080 —-a-w- c:\windows\system32\drivers\srv.sys
    2010-08-14 09:18 . 2010-06-18 15:04 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-14 09:14 . 2010-06-16 16:04 905088 —-a-w- c:\windows\system32\drivers\tcpip.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-30 11:28 . 2006-11-02 16:11 667352 —-a-w- c:\windows\system32\perfh013.dat
    2010-08-30 11:28 . 2006-11-02 16:11 126854 —-a-w- c:\windows\system32\perfc013.dat
    2010-08-29 13:26 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
    2010-08-29 12:55 . 2007-08-23 20:12 ——– d—–w- c:\programdata\Lavasoft
    2010-08-26 20:34 . 2007-07-05 06:16 ——– d—–w- c:\program files\Java
    2010-08-26 20:31 . 2009-10-19 19:34 ——– d—–w- c:\users\Ben\AppData\Roaming\HpUpdate
    2010-08-26 13:51 . 2007-06-06 12:06 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2010-08-26 08:25 . 2007-06-05 15:06 79336 —-a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-08-25 11:11 . 2009-01-26 23:01 ——– d—–w- c:\users\Ben\AppData\Roaming\LimeWire
    2010-08-24 07:34 . 2008-06-05 14:17 ——– d—–w- c:\users\Ben\AppData\Roaming\gtk-2.0
    2010-08-18 21:03 . 2007-08-12 15:58 ——– d—–w- c:\program files\Common Files\Apple
    2010-08-18 21:02 . 2007-07-07 21:20 ——– d—–w- c:\programdata\Apple Computer
    2010-08-16 09:44 . 2007-07-07 21:24 ——– d—–w- c:\users\Ben\AppData\Roaming\Apple Computer
    2010-08-14 08:52 . 2010-06-05 10:24 ——– d—–w- c:\users\Ben\AppData\Roaming\PhotoScape
    2010-08-13 15:47 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
    2010-07-17 03:00 . 2010-04-17 16:27 423656 —-a-w- c:\windows\system32\deployJava1.dll
    2010-07-10 23:14 . 2007-12-11 19:01 ——– d—–w- c:\users\Ben\AppData\Roaming\DivX
    2010-07-10 22:32 . 2010-07-10 22:28 ——– d—–w- c:\programdata\DivX
    2010-07-10 22:32 . 2009-05-18 22:01 ——– d—–w- c:\program files\Common Files\DivX Shared
    2010-07-10 22:32 . 2007-09-04 11:18 ——– d—–w- c:\program files\DivX
    2010-07-09 16:47 . 2007-07-06 06:55 ——– d—–w- c:\users\Ben\AppData\Roaming\Thunderbird
    2010-07-06 08:08 . 2008-06-14 10:24 ——– d—–w- c:\programdata\Google Updater
    2010-06-26 06:05 . 2010-08-14 09:19 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02 . 2010-08-14 09:19 109056 —-a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 06:02 . 2010-08-14 09:19 71680 —-a-w- c:\windows\system32\iesetup.dll
    2010-06-26 04:25 . 2010-08-14 09:19 133632 —-a-w- c:\windows\system32\ieUnatt.exe
    2010-06-11 16:16 . 2010-08-14 09:19 274944 —-a-w- c:\windows\system32\schannel.dll
    2009-03-25 21:24 . 2009-03-25 21:24 1707 —-a-w- c:\program files\Uninstall.lnk
    2009-03-19 18:56 . 2009-03-19 18:56 1001472 —-a-w- c:\program files\QuickTide.exe
    2009-03-09 08:57 . 2009-03-09 08:57 53134 —-a-w- c:\program files\QuickTide.htm
    2009-03-02 10:51 . 2009-03-02 10:51 1417 —-a-w- c:\program files\QuickTide.txt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-09 614400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4 .lnk]
    path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
    backup=c:\windows\pss\OpenOffice.org 2.4 .lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2008-09-03 18:12 111936 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
    "RtHDVCpl"=RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):2b,9c,dc,a4,88,fa,c9,01

    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
    R2 gupdate1c9c258abb2dba;Google Updateservice (gupdate1c9c258abb2dba);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
    R4 J;J;c:\users\Ben\AppData\Local\Temp\J.exe [x]
    R4 LA;LA;c:\users\Ben\AppData\Local\Temp\LA.exe [x]
    R4 OFXLBSW;OFXLBSW;c:\users\Ben\AppData\Local\Temp\OFXLBSW.exe [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
    S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000Core.job
    - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]

    2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000UA.job
    - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.startpagina.nl/
    uInternet Settings,ProxyOverride = *.local
    .
    - - - - ORPHANS VERWIJDERD - - - -

    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-30 15:27
    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'Explorer.exe'(1280)
    d:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
    c:\acer\Empowering Technology\eNet\eNet Service.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
    c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
    c:\acer\Empowering Technology\ePower\ePowerSvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\conime.exe
    c:\program files\Launch Manager\LManager.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\igfxext.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-08-30 15:40:43 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-08-30 13:40
    ComboFix2.txt 2009-03-28 18:34

    Pre-Run: 7.454.715.904 bytes beschikbaar
    Post-Run: 7.271.821.312 bytes beschikbaar

    - - End Of File - - 301AA8CF935FEF65542E0C505A503A5A

  • Gebruik in eerste instantie het Norton removaltool om de laatste resten van Norton uit jouw Windows te halen!

    http://service1.symantec.com/support/inter/tsgeninfointl.nsf/nl_docid/20050411155130924?OpenDocument&seg=hm&lg=nl&ct=nl

    Daarna onderstaande doen:

    open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
    kopieer en plak het volgende (vetgedrukte, blauwe tekst) in ht lege kladblokvenstervenster


    [b:d16529aa38]
  • Hoi Abraham. Alle opdrachten uitgevoerd. Combofix had een update hetgeen ik toegestaan heb.

    ComboFix 10-08-29.04 - Ben 30-08-2010 17:04:03.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1013.448 [GMT 2:00]

    Gestart vanuit: c:\users\Ben\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Ben\Desktop\CFScript.txt
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\program files\Uninstall.lnk"
    "c:\windows\system32\drivers\klick.dat"
    "c:\windows\system32\drivers\klin.dat"
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Uninstall.lnk
    c:\windows\system32\drivers\klin.dat
    c:\windows\system32\drivers\klick.dat . . . . konden niet verwijderd worden

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))
    .

    2010-08-30 15:18 . 2010-08-30 15:18 113933 —-a-w- c:\windows\system32\drivers\klin.dat
    2010-08-30 15:15 . 2010-08-30 15:22 ——– d—–w- c:\users\Ben\AppData\Local\temp
    2010-08-30 15:15 . 2010-08-30 15:15 ——– d—–w- c:\users\Public\AppData\Local\temp
    2010-08-30 15:15 . 2010-08-30 15:15 ——– d—–w- c:\users\Default\AppData\Local\temp
    2010-08-30 15:15 . 2010-08-30 15:15 ——– d—–w- c:\users\Ben M\AppData\Local\temp
    2010-08-29 18:02 . 2010-08-29 18:02 ——– d—–w- c:\users\Ben\AppData\Local\Adobe
    2010-08-29 13:37 . 2010-08-29 13:37 125624 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\shellex.dll
    2010-08-29 13:37 . 2010-08-29 13:37 109240 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\sbstart.exe
    2010-08-29 13:37 . 2010-08-29 13:37 170680 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\klwtblc.dll
    2010-08-29 13:37 . 2010-08-29 13:37 129720 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
    2010-08-29 13:37 . 2010-08-29 13:37 113336 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
    2010-08-29 13:37 . 2010-08-29 13:37 170680 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
    2010-08-29 13:35 . 2010-08-29 13:35 283984 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
    2010-08-29 13:27 . 2010-08-29 13:37 97549 —-a-w- c:\windows\system32\drivers\klick.dat
    2010-08-29 13:23 . 2010-08-30 15:22 ——– d—–w- c:\programdata\Kaspersky Lab
    2010-08-29 12:52 . 2010-08-29 12:52 ——– d—–w- c:\programdata\Kaspersky Lab Setup Files
    2010-08-26 20:34 . 2010-08-26 20:34 ——– d—–w- c:\program files\Common Files\Java
    2010-08-26 10:57 . 2010-08-26 10:57 388096 —-a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-08-26 10:57 . 2010-08-26 10:57 ——– d—–w- c:\program files\Trend Micro
    2010-08-25 23:23 . 2010-08-25 23:23 ——– d—–w- c:\users\Ben\AppData\Local\Sunbelt Software
    2010-08-22 15:32 . 2010-08-22 15:32 ——– d—–w- c:\program files\Conduit
    2010-08-21 06:19 . 2010-08-21 06:19 ——– d—–w- c:\program files\Common Files\DVDVideoSoft
    2010-08-18 21:03 . 2010-08-18 21:03 ——– d—–w- c:\program files\iPod
    2010-08-18 21:02 . 2010-08-18 21:04 ——– d—–w- c:\program files\iTunes
    2010-08-18 20:56 . 2010-08-18 20:56 73000 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-08-18 18:32 . 2010-08-29 19:11 ——– d—–w- c:\program files\Windows Live Safety Center
    2010-08-15 21:57 . 2010-08-15 21:57 970504 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-08-14 09:18 . 2010-06-21 13:37 2037760 —-a-w- c:\windows\system32\win32k.sys
    2010-08-14 09:18 . 2010-06-18 17:31 36864 —-a-w- c:\windows\system32\rtutils.dll
    2010-08-14 09:18 . 2010-06-08 17:35 3600768 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2010-08-14 09:18 . 2010-06-08 17:35 3548040 —-a-w- c:\windows\system32
    toskrnl.exe
    2010-08-14 09:18 . 2010-06-11 16:15 1248768 —-a-w- c:\windows\system32\msxml3.dll
    2010-08-14 09:18 . 2010-06-18 15:04 302080 —-a-w- c:\windows\system32\drivers\srv.sys
    2010-08-14 09:18 . 2010-06-18 15:04 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-14 09:14 . 2010-06-16 16:04 905088 —-a-w- c:\windows\system32\drivers\tcpip.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-30 11:28 . 2006-11-02 16:11 667352 —-a-w- c:\windows\system32\perfh013.dat
    2010-08-30 11:28 . 2006-11-02 16:11 126854 —-a-w- c:\windows\system32\perfc013.dat
    2010-08-29 13:26 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
    2010-08-29 12:55 . 2007-08-23 20:12 ——– d—–w- c:\programdata\Lavasoft
    2010-08-26 20:34 . 2007-07-05 06:16 ——– d—–w- c:\program files\Java
    2010-08-26 20:31 . 2009-10-19 19:34 ——– d—–w- c:\users\Ben\AppData\Roaming\HpUpdate
    2010-08-26 13:51 . 2007-06-06 12:06 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2010-08-26 08:25 . 2007-06-05 15:06 79336 —-a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-08-25 11:11 . 2009-01-26 23:01 ——– d—–w- c:\users\Ben\AppData\Roaming\LimeWire
    2010-08-24 07:34 . 2008-06-05 14:17 ——– d—–w- c:\users\Ben\AppData\Roaming\gtk-2.0
    2010-08-18 21:03 . 2007-08-12 15:58 ——– d—–w- c:\program files\Common Files\Apple
    2010-08-18 21:02 . 2007-07-07 21:20 ——– d—–w- c:\programdata\Apple Computer
    2010-08-16 09:44 . 2007-07-07 21:24 ——– d—–w- c:\users\Ben\AppData\Roaming\Apple Computer
    2010-08-14 08:52 . 2010-06-05 10:24 ——– d—–w- c:\users\Ben\AppData\Roaming\PhotoScape
    2010-08-13 15:47 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
    2010-07-17 03:00 . 2010-04-17 16:27 423656 —-a-w- c:\windows\system32\deployJava1.dll
    2010-07-10 23:14 . 2007-12-11 19:01 ——– d—–w- c:\users\Ben\AppData\Roaming\DivX
    2010-07-10 22:32 . 2010-07-10 22:28 ——– d—–w- c:\programdata\DivX
    2010-07-10 22:32 . 2009-05-18 22:01 ——– d—–w- c:\program files\Common Files\DivX Shared
    2010-07-10 22:32 . 2007-09-04 11:18 ——– d—–w- c:\program files\DivX
    2010-07-09 16:47 . 2007-07-06 06:55 ——– d—–w- c:\users\Ben\AppData\Roaming\Thunderbird
    2010-07-06 08:08 . 2008-06-14 10:24 ——– d—–w- c:\programdata\Google Updater
    2010-06-26 06:05 . 2010-08-14 09:19 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02 . 2010-08-14 09:19 109056 —-a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 06:02 . 2010-08-14 09:19 71680 —-a-w- c:\windows\system32\iesetup.dll
    2010-06-26 04:25 . 2010-08-14 09:19 133632 —-a-w- c:\windows\system32\ieUnatt.exe
    2010-06-11 16:16 . 2010-08-14 09:19 274944 —-a-w- c:\windows\system32\schannel.dll
    2009-03-19 18:56 . 2009-03-19 18:56 1001472 —-a-w- c:\program files\QuickTide.exe
    2009-03-09 08:57 . 2009-03-09 08:57 53134 —-a-w- c:\program files\QuickTide.htm
    2009-03-02 10:51 . 2009-03-02 10:51 1417 —-a-w- c:\program files\QuickTide.txt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-09 614400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4 .lnk]
    path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
    backup=c:\windows\pss\OpenOffice.org 2.4 .lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2008-09-03 18:12 111936 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
    "RtHDVCpl"=RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):2b,9c,dc,a4,88,fa,c9,01

    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
    R2 gupdate1c9c258abb2dba;Google Updateservice (gupdate1c9c258abb2dba);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
    R4 J;J;c:\users\Ben\AppData\Local\Temp\J.exe [x]
    R4 LA;LA;c:\users\Ben\AppData\Local\Temp\LA.exe [x]
    R4 OFXLBSW;OFXLBSW;c:\users\Ben\AppData\Local\Temp\OFXLBSW.exe [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
    S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000Core.job
    - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]

    2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000UA.job
    - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.startpagina.nl/
    uInternet Settings,ProxyOverride = *.local
    .

    **************************************************************************
    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden:

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
    c:\acer\Empowering Technology\eNet\eNet Service.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
    c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
    c:\acer\Empowering Technology\ePower\ePowerSvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\conime.exe
    c:\program files\Launch Manager\LManager.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\igfxext.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-08-30 17:32:53 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-08-30 15:32
    ComboFix2.txt 2010-08-30 13:40
    ComboFix3.txt 2009-03-28 18:34

    Pre-Run: 7.162.703.872 bytes beschikbaar
    Post-Run: 7.141.523.456 bytes beschikbaar

    - - End Of File - - EC032654FFC32D59F75A2E8311B1C07F

  • Schijnbaar was mijn script niet goed!

    Open wederom een nieuw kladblok bestand, Start>Alle programma’s>Bureau-accessoires>Kladblok,
    kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:cfc728dd18]
  • Daar is tie weer!



    ComboFix 10-08-29.04 - Ben 30-08-2010 18:25:07.5.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1013.254 [GMT 2:00]
    Gestart vanuit: c:\users\Ben\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Ben\Desktop\CFScript.txt
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))
    .

    2010-08-30 16:39 . 2010-08-30 16:39 ——– d—–w- c:\users\Ben\AppData\Local\temp
    2010-08-29 12:52 . 2010-08-29 12:52 ——– d—–w- c:\programdata\Kaspersky Lab Setup Files
    2010-08-26 20:34 . 2010-08-26 20:34 ——– d—–w- c:\program files\Common Files\Java
    2010-08-26 10:57 . 2010-08-26 10:57 ——– d—–w- c:\program files\Trend Micro
    2010-08-25 23:23 . 2010-08-25 23:23 ——– d—–w- c:\users\Ben\AppData\Local\Sunbelt Software
    2010-08-22 15:32 . 2010-08-22 15:32 ——– d—–w- c:\program files\Conduit
    2010-08-21 06:19 . 2010-08-21 06:19 ——– d—–w- c:\program files\Common Files\DVDVideoSoft
    2010-08-18 21:03 . 2010-08-18 21:03 ——– d—–w- c:\program files\iPod
    2010-08-18 21:02 . 2010-08-18 21:04 ——– d—–w- c:\program files\iTunes
    2010-08-18 18:32 . 2010-08-29 19:11 ——– d—–w- c:\program files\Windows Live Safety Center
    2010-08-14 09:18 . 2010-06-21 13:37 2037760 —-a-w- c:\windows\system32\win32k.sys
    2010-08-14 09:18 . 2010-06-18 17:31 36864 —-a-w- c:\windows\system32\rtutils.dll
    2010-08-14 09:18 . 2010-06-08 17:35 3600768 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2010-08-14 09:18 . 2010-06-08 17:35 3548040 —-a-w- c:\windows\system32
    toskrnl.exe
    2010-08-14 09:18 . 2010-06-11 16:15 1248768 —-a-w- c:\windows\system32\msxml3.dll
    2010-08-14 09:18 . 2010-06-18 15:04 302080 —-a-w- c:\windows\system32\drivers\srv.sys
    2010-08-14 09:18 . 2010-06-18 15:04 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-14 09:14 . 2010-06-16 16:04 905088 —-a-w- c:\windows\system32\drivers\tcpip.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-30 16:39 . 2010-08-29 13:23 ——– d—–w- c:\programdata\Kaspersky Lab
    2010-08-30 15:18 . 2010-08-30 15:18 113933 —-a-w- c:\windows\system32\drivers\klin.dat
    2010-08-30 11:28 . 2006-11-02 16:11 667352 —-a-w- c:\windows\system32\perfh013.dat
    2010-08-30 11:28 . 2006-11-02 16:11 126854 —-a-w- c:\windows\system32\perfc013.dat
    2010-08-30 11:18 . 2008-10-27 12:22 1 —-a-w- c:\users\Ben\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-08-29 13:38 . 2010-06-28 17:47 283984 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\avengine.dll
    2010-08-29 13:37 . 2010-08-29 13:37 125624 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\shellex.dll
    2010-08-29 13:37 . 2010-08-29 13:37 109240 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\sbstart.exe
    2010-08-29 13:37 . 2010-08-29 13:37 170680 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\klwtblc.dll
    2010-08-29 13:37 . 2010-08-29 13:27 97549 —-a-w- c:\windows\system32\drivers\klick.dat
    2010-08-29 13:37 . 2010-08-29 13:37 129720 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
    2010-08-29 13:37 . 2010-08-29 13:37 113336 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
    2010-08-29 13:37 . 2010-08-29 13:37 170680 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
    2010-08-29 13:35 . 2010-08-29 13:35 283984 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
    2010-08-29 13:26 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
    2010-08-29 12:55 . 2007-08-23 20:12 ——– d—–w- c:\programdata\Lavasoft
    2010-08-26 20:34 . 2007-07-05 06:16 ——– d—–w- c:\program files\Java
    2010-08-26 20:31 . 2009-10-19 19:34 ——– d—–w- c:\users\Ben\AppData\Roaming\HpUpdate
    2010-08-26 13:51 . 2007-06-06 12:06 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2010-08-26 10:57 . 2010-08-26 10:57 388096 —-a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-08-26 08:25 . 2007-06-05 15:06 79336 —-a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-08-25 11:11 . 2009-01-26 23:01 ——– d—–w- c:\users\Ben\AppData\Roaming\LimeWire
    2010-08-24 07:34 . 2008-06-05 14:17 ——– d—–w- c:\users\Ben\AppData\Roaming\gtk-2.0
    2010-08-18 21:03 . 2007-08-12 15:58 ——– d—–w- c:\program files\Common Files\Apple
    2010-08-18 21:02 . 2007-07-07 21:20 ——– d—–w- c:\programdata\Apple Computer
    2010-08-18 20:56 . 2010-08-18 20:56 73000 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-08-16 09:44 . 2007-07-07 21:24 ——– d—–w- c:\users\Ben\AppData\Roaming\Apple Computer
    2010-08-15 21:57 . 2010-08-15 21:57 970504 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-08-14 08:52 . 2010-06-05 10:24 ——– d—–w- c:\users\Ben\AppData\Roaming\PhotoScape
    2010-08-13 15:47 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
    2010-07-17 03:00 . 2010-04-17 16:27 423656 —-a-w- c:\windows\system32\deployJava1.dll
    2010-07-12 07:59 . 2010-07-12 07:59 92816 —-a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.0.232\Dutch\setup.exe
    2010-07-10 23:14 . 2007-12-11 19:01 ——– d—–w- c:\users\Ben\AppData\Roaming\DivX
    2010-07-10 22:50 . 2010-07-10 22:50 57344 —-a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-10 22:32 . 2010-07-10 22:28 ——– d—–w- c:\programdata\DivX
    2010-07-10 22:32 . 2009-05-18 22:01 ——– d—–w- c:\program files\Common Files\DivX Shared
    2010-07-10 22:32 . 2007-09-04 11:18 ——– d—–w- c:\program files\DivX
    2010-07-10 22:32 . 2010-07-10 22:32 56765 —-a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-10 22:32 . 2010-07-10 22:32 56997 —-a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-07-10 22:32 . 2010-07-10 22:32 53600 —-a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-07-10 22:32 . 2010-07-10 22:32 57715 —-a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 84054 —-a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 57054 —-a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 54166 —-a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 57532 —-a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 56458 —-a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 54174 —-a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 54153 —-a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 54128 —-a-w- c:\programdata\DivX\Converter\Uninstaller.exe
    2010-07-10 22:31 . 2010-07-10 22:31 54644 —-a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
    2010-07-10 22:30 . 2010-07-10 22:30 57409 —-a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
    2010-07-10 22:30 . 2010-07-10 22:30 54101 —-a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
    2010-07-10 22:30 . 2010-07-10 22:30 52963 —-a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-07-10 22:30 . 2010-07-10 22:30 54073 —-a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
    2010-07-10 22:30 . 2010-07-10 22:30 56969 —-a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
    2010-07-10 22:29 . 2010-07-10 22:32 1062184 —-a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-07-10 22:28 . 2010-07-10 22:32 895256 —-a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-07-09 16:47 . 2007-07-06 06:55 ——– d—–w- c:\users\Ben\AppData\Roaming\Thunderbird
    2010-07-09 09:50 . 2010-07-09 09:50 1037648 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
    2010-07-06 08:08 . 2008-06-14 10:24 ——– d—–w- c:\programdata\Google Updater
    2010-06-30 05:06 . 2010-06-30 05:06 271696 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
    2010-06-26 06:05 . 2010-08-14 09:19 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:02 . 2010-08-14 09:19 109056 —-a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 06:02 . 2010-08-14 09:19 71680 —-a-w- c:\windows\system32\iesetup.dll
    2010-06-26 04:25 . 2010-08-14 09:19 133632 —-a-w- c:\windows\system32\ieUnatt.exe
    2010-06-11 16:16 . 2010-08-14 09:19 274944 —-a-w- c:\windows\system32\schannel.dll
    2009-03-19 18:56 . 2009-03-19 18:56 1001472 —-a-w- c:\program files\QuickTide.exe
    2009-03-09 08:57 . 2009-03-09 08:57 53134 —-a-w- c:\program files\QuickTide.htm
    2009-03-02 10:51 . 2009-03-02 10:51 1417 —-a-w- c:\program files\QuickTide.txt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-09 614400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4 .lnk]
    path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
    backup=c:\windows\pss\OpenOffice.org 2.4 .lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2008-09-03 18:12 111936 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
    "RtHDVCpl"=RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):2b,9c,dc,a4,88,fa,c9,01

    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
    R2 gupdate1c9c258abb2dba;Google Updateservice (gupdate1c9c258abb2dba);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
    R4 J;J;c:\users\Ben\AppData\Local\Temp\J.exe [x]
    R4 LA;LA;c:\users\Ben\AppData\Local\Temp\LA.exe [x]
    R4 OFXLBSW;OFXLBSW;c:\users\Ben\AppData\Local\Temp\OFXLBSW.exe [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
    S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000Core.job
    - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]

    2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000UA.job
    - c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.startpagina.nl/
    uInternet Settings,ProxyOverride = *.local
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-30 18:39
    Windows 6.0.6002 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Voltooingstijd: 2010-08-30 18:48:05
    ComboFix-quarantined-files.txt 2010-08-30 16:48
    ComboFix2.txt 2010-08-30 15:32
    ComboFix3.txt 2010-08-30 13:40
    ComboFix4.txt 2009-03-28 18:34

    Pre-Run: 7.170.154.496 bytes beschikbaar
    Post-Run: 7.077.965.824 bytes beschikbaar

    - - End Of File - - B9CA864C7B76C9FE08D00F67445902D6

  • Abraham, ik zie nu pas dat ik defender niet goed had uitgeschakeld. Kan dat de boel vertragen?
  • Mij bljkt nu waarom deze twee bestanden niet te verwijderen zijn!
    En dus ook niet gevaarlijk zijn.

    Want telkens is Kaspersky AV aanwezig in de logs!

    Dat betekent dat je nu ook weet dat Windows defender geen brokken heeft gemaakt!

    Combofix mag je verwijderen.

    [list:1d7abf13ff][*:1d7abf13ff] ga daarvoor naar Start - Uitvoeren
    [*:1d7abf13ff] kopieer en plak hierin het volgende: [b:1d7abf13ff]Combofix /Uninstall[/b:1d7abf13ff]
    [*:1d7abf13ff] klik daarna op [b:1d7abf13ff]OK[/b:1d7abf13ff].
    [*:1d7abf13ff] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:1d7abf13ff]

    Voorbeeld:

    [img:1d7abf13ff]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:1d7abf13ff]

    Uitvoeren kan ook gestart worden door de toetsencombinatie [img:1d7abf13ff]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:1d7abf13ff]


    En geef een update hoe jouw Windows nu draait.
  • Hallo Abraham,
    Combifix verwijderd. Wel abusievelijk in de zoekopdracht gezet, maar dat werkte ook.
    Windows draait weer lekker. In Taakbeheer ook nog geen geheugen verslindende activiteit gezien van meer dan 300,000 kB voor een svchost.exe, zoals gisteren het geval was. Nu maximum rond 42,000 kB voor een svchost.exe.

    Wat ik wel gek vind is dat Avast 5 vorige week tot 3 keer toe een melding gaf dat een ongewenste url was geblokkeerd voordat het schade had kunnen aanrichten. Die schade is er dus wel degelijk gekomen. Is daar ets meer over bekend? Ik had k een programma binnengehaald om mp3 van de youtube muziekfilmpjes te maken. Vervolgens startte
    quicktime, maar die wilde niet starten zonder iets binnen te halen. Daarbij gaf Avast die melding. Ik hoop dat je hieraan wat hebt. De juiste benamingen ben ik kwijt.

    In ieder geval bedankt voor alles steun Abraham. Jullie doen hiermee heel goed werk.

    Groet
    Ben
  • Bij mijn weten zijn er bepaalde tools voor YouTube wel degelijk met spyware uitgevoerd!
    En nu wil je natuurlijk graag weten welke dan - helaas, dat weet ik niet!

    Ik weet alleen dat ik een poosje terug een YouTube downloader installeerde en Norton meldde zich meteen!

    Kopieer de urls de volgende naar kladblok en post ze!

    Geef in google WebOfTrust in en installeer die toolbar!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.