Vraag & Antwoord

Beveiliging & privacy

trojan.muldrop

29 antwoorden
  • Hoi, Sinds kort kan ik met mijn PC niet meer op internet. Na een scan bleek dat er een virus was gedetecteerd met de naam "Backdoor.gen". Daarna heb ik hijackthis gebuikt en bleek die backdoor.gen verdwenen te zijn maar kon ik nog steeds niet op internet. Een dag later krijg ik, na een nieuwe scan, de melding dat er een "trojan.muldrop" is gedetecteerd. Hoe kan ik deze verwijderen? Wie kan mij verder helpen? Alvast bedankt voor jullie reacties. Roboke
  • Als jij zulks soort meldingen krijgt, dan is het zo dat Hijack This dze misschien aangeeft. En dan Fix je het, maar is het virus nog niet weg! [b:9cc93ffb1a]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:9cc93ffb1a] [color=#0000FF:9cc93ffb1a][list:9cc93ffb1a][*:9cc93ffb1a]Lees alle instrukties goed door. [*:9cc93ffb1a]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:9cc93ffb1a]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:9cc93ffb1a]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:9cc93ffb1a]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:9cc93ffb1a]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:9cc93ffb1a][/color:9cc93ffb1a] [color=#FF0000:9cc93ffb1a][b:9cc93ffb1a]Stap •1•[/b:9cc93ffb1a][/color:9cc93ffb1a] [b:9cc93ffb1a]Welk programma[/b:9cc93ffb1a]: Trend Micro [b:9cc93ffb1a]Hijack This Versie 2.0.4[/b:9cc93ffb1a] [b:9cc93ffb1a]Waarvoor/waarom[/b:9cc93ffb1a]: maakt een duidelijk overzicht van Windows door middel van een scan. [b:9cc93ffb1a]Moeilijkheidsgraad[/b:9cc93ffb1a]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven. [b:9cc93ffb1a]Download[/b:9cc93ffb1a] de [url=http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi][b:9cc93ffb1a]HijackThis Installer[/b:9cc93ffb1a][/url] [b:9cc93ffb1a]Installatie[/b:9cc93ffb1a]: [list:9cc93ffb1a][*:9cc93ffb1a]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:9cc93ffb1a] Gebruikers van [b:9cc93ffb1a]Windows Vista[/b:9cc93ffb1a] en [b:9cc93ffb1a]Windows 7[/b:9cc93ffb1a] gaan daarna naar de installatielokatie van HijackThis. [list:9cc93ffb1a][*:9cc93ffb1a]Vervolgens met rechts "hijackthis.exe" aanklikken en dan "Eigenschappen" kiezen. [*:9cc93ffb1a]Klik nu op de tab "Comptabiliteit" en zet dan een vinkje bij "Als Administrator uitvoeren". [*:9cc93ffb1a]Als laatste wordt dan nog op [b:9cc93ffb1a]Toepassen[/b:9cc93ffb1a] en [b:9cc93ffb1a]OK[/b:9cc93ffb1a] geklikt[/list:u:9cc93ffb1a] [b:9cc93ffb1a]Hijack This gebruiken[/b:9cc93ffb1a]: [list:9cc93ffb1a][*:9cc93ffb1a]Sluit eerst alle openstaande programma's en de webbrowsers. [*:9cc93ffb1a]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile' [list:9cc93ffb1a][*:9cc93ffb1a]Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'[/list:u:9cc93ffb1a] [*:9cc93ffb1a]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'. [*:9cc93ffb1a]Kopieer en plak de inhoud van het Hijack This-logfile in je aansluitende bericht. [*:9cc93ffb1a]Hierna mag je Hijack This weer sluiten[/list:u:9cc93ffb1a] [color=#FF0000:9cc93ffb1a][b:9cc93ffb1a]Stap •2•[/b:9cc93ffb1a][/color:9cc93ffb1a] [b:9cc93ffb1a]Welk programma[/b:9cc93ffb1a]: Microsoft Safety Scanner [b:9cc93ffb1a]Waarvoor/waarom[/b:9cc93ffb1a]: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:9cc93ffb1a]Moeilijkheidsgraad[/b:9cc93ffb1a]: geen. [quote:9cc93ffb1a][b:9cc93ffb1a][color=#0000FF:9cc93ffb1a]Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload. Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software, downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.[/color:9cc93ffb1a][/b:9cc93ffb1a][/quote:9cc93ffb1a] Dowload de [b:9cc93ffb1a]Microsoft Safety Scanner [/b:9cc93ffb1a][url=http://www.microsoft.com/security/scanner/nl-nl/default.aspx]hier[/url]. Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst". [b:9cc93ffb1a]Scannen[/b:9cc93ffb1a]: [list:9cc93ffb1a][*:9cc93ffb1a] Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'. [*:9cc93ffb1a]Het scannen duurt wel even, dus wees geduldig.[/list:u:9cc93ffb1a] [color=#FF0000:9cc93ffb1a][b:9cc93ffb1a]Stap •3•[/b:9cc93ffb1a][/color:9cc93ffb1a] [b:9cc93ffb1a]Welk programma[/b:9cc93ffb1a]: Malwarebytes MBAM [b:9cc93ffb1a]Waarvoor/waarom[/b:9cc93ffb1a]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:9cc93ffb1a]Moeilijkheidsgraad[/b:9cc93ffb1a]: geen. [b:9cc93ffb1a]Download Malwarebytes MBAM via één van deze locaties[/b:9cc93ffb1a]: [list:9cc93ffb1a][*:9cc93ffb1a][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:9cc93ffb1a]Download.com[/b:9cc93ffb1a][/url] [*:9cc93ffb1a][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:9cc93ffb1a]Softpedia.com[/b:9cc93ffb1a][/url][*:9cc93ffb1a][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:9cc93ffb1a]Majorgeeks.com[/b:9cc93ffb1a][/url][/list:u:9cc93ffb1a] [b:9cc93ffb1a]Allereerst[/b:9cc93ffb1a]:[list:9cc93ffb1a][*:9cc93ffb1a] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:9cc93ffb1a] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'! [/list:u:9cc93ffb1a] [b:9cc93ffb1a]Malwarebytes MBAM opstarten[/b:9cc93ffb1a]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:9cc93ffb1a][*:9cc93ffb1a][b:9cc93ffb1a]Let op:[/b:9cc93ffb1a] [list:9cc93ffb1a][*:9cc93ffb1a]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:9cc93ffb1a]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie. [*:9cc93ffb1a]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:9cc93ffb1a]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:9cc93ffb1a][/list:u:9cc93ffb1a] [img:9cc93ffb1a]http://img30.imageshack.us/img30/3928/mbam2.png[/img:9cc93ffb1a] [list:9cc93ffb1a][*:9cc93ffb1a][b:9cc93ffb1a]Doe ook nog het volgende:[/b:9cc93ffb1a] [list:9cc93ffb1a][*:9cc93ffb1a]Zodra het programma gestart is, ga dan naar het tabblad "[b:9cc93ffb1a]Instellingen[/b:9cc93ffb1a]". [*:9cc93ffb1a]Vink hier aan: "[b:9cc93ffb1a]Sluit Internet Explorer tijdens verwijdering van malware[/b:9cc93ffb1a]".[/list:u:9cc93ffb1a][/list:u:9cc93ffb1a] [b:9cc93ffb1a]Scannen[/b:9cc93ffb1a]: [list:9cc93ffb1a][*:9cc93ffb1a] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:9cc93ffb1a]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:9cc93ffb1a]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:9cc93ffb1a] [b:9cc93ffb1a]Infecties gevonden[/b:9cc93ffb1a]: [list:9cc93ffb1a][*:9cc93ffb1a]Klik nu eerst op OK om de melding weg te klikken [*:9cc93ffb1a]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:9cc93ffb1a]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:9cc93ffb1a]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:9cc93ffb1a]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:9cc93ffb1a]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:9cc93ffb1a] [b:9cc93ffb1a]MBAM-Log[/b:9cc93ffb1a]: [list:9cc93ffb1a][*:9cc93ffb1a] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:9cc93ffb1a] [b:9cc93ffb1a]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:9cc93ffb1a] [color=#FF0000:9cc93ffb1a][b:9cc93ffb1a]Stap •4•[/b:9cc93ffb1a][/color:9cc93ffb1a] [b:9cc93ffb1a]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:9cc93ffb1a] [list:9cc93ffb1a][*:9cc93ffb1a] een nieuw Hijackthis-log [*:9cc93ffb1a] MBAM scanlog[/list:u:9cc93ffb1a]
  • Abraham, Bedankt voor je uitleg. Dit is wel een hele boterham :( Ik zal dit één van de avonden eens uitproberen en daarna laat ik je zeker iets weten. Groetjes Roboke
  • Als je een beetje computer hebt, dan is het in ca een half uurtje gepiept.
  • Abraham Ik heb je instructies gevolgd en ik moet zeggen; het zag er in het begin een beetje beangstigend uit, zeker voor een leek als ik, maar je hebt de verschillende stappen zo perfect opgesomd dat het kindrspel wordt. Proficiat hiervoor. Dit zijn de twee logbestanden die er uit voortgekomen zijn. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:54:07, on 1/11/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PCSafeDoctor\pcsafedoctor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\WINDOWS\Temp\Password.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be/hws/sb/dell-row/nl/side.html?channel=be R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be/hws/sb/dell-row/nl/side.html?channel=be R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=0070119 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57758 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [Corel Photo Downloader] Disable_By_C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] Disable_By_"C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] Disable_By_"C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [pcsafedoctor.exe] C:\Program Files\PCSafeDoctor\pcsafedoctor.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [msnmsgr] Disable_By_"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative ZENcast v1.02.10; BRI/2)" -"http://www8.agame.com/games/shockwave/m/My3DRoom/My3DRoom_girlsgogames_nl.htm" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: Password.lnk = C:\WINDOWS\Temp\Password.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\bruno\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 16877 bytes en het mbam-logbestand Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8064 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/11/2011 23:10:57 mbam-log-2011-11-01 (23-10-42).txt Scantype: Snelle scan Objecten gescand: 287421 Verstreken tijd: 34 minuut/minuten, 38 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\syte821.bin (Trojan.SpyEyes) -> No action taken. Bestanden geïnfecteerd: c:\syte821.bin\5219ee52361fa22 (Trojan.SpyEyes) -> No action taken.
  • Je hebt alleen MBAM het gevondene niet laten verwijderen! Volgende keer wel doen! We gaan door: [b:91d4c31914]Welk programma[/b:91d4c31914]: ComboFix [b:91d4c31914]Waarvoor/waarom[/b:91d4c31914]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:91d4c31914]Moeilijkheidsgraad[/b:91d4c31914]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:91d4c31914]Downloadlokatie[/b:91d4c31914]: Dit programma absoluut naar het bureaublad downloaden! [b:91d4c31914]Download ComboFix via één van deze locaties[/b:91d4c31914]: [list:91d4c31914][*:91d4c31914][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:91d4c31914]Bleepingcomputer[/b:91d4c31914][/url] [*:91d4c31914][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:91d4c31914]ForoSpyware[/b:91d4c31914][/url] [*:91d4c31914][url=http://subs.geekstogo.com/ComboFix.exe][b:91d4c31914]Geekstogo[/b:91d4c31914][/url][/list:u:91d4c31914] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:91d4c31914]Hier[/b:91d4c31914][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:91d4c31914]Hier[/b:91d4c31914][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:91d4c31914]hier[/b:91d4c31914][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:91d4c31914]Voor alle duidelijkheid nogmaals[/b:91d4c31914]: ComboFix dient vanaf het bureaublad gestart te worden. [b:91d4c31914]Opmerkingen[/b:91d4c31914]: [list:91d4c31914][*:91d4c31914] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:91d4c31914]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:91d4c31914]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:91d4c31914] [b:91d4c31914]ComboFix is opgestart[/b:91d4c31914]: [list:91d4c31914][*:91d4c31914]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:91d4c31914]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:91d4c31914]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:91d4c31914]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:91d4c31914]Post de inhoud van dit logbestand in je volgende bericht. [*:91d4c31914]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:91d4c31914] [b:91d4c31914]Belangrijke opmerking[/b:91d4c31914]: [list:91d4c31914][*:91d4c31914][b:91d4c31914][color=Red:91d4c31914]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:91d4c31914][/b:91d4c31914] [*:91d4c31914][b:91d4c31914][color=blue:91d4c31914]Illegal operation attempted on a registery key that has been marked for deletion.[/color:91d4c31914][/b:91d4c31914] [*:91d4c31914][b:91d4c31914][color=Red:91d4c31914]Start dan de computer opnieuw op.[/color:91d4c31914][/b:91d4c31914][/list:u:91d4c31914]
  • Hey Abraham Allereerst wens ik je voor 2012 het aalerbeste met veel geluk en vreugde in alles wat je doet. Na een korte afwezigheid heb ik de draad terug opgenomen en heb ik de combofix uitgevoerd; weliswaar zonder de recovery console. ziehier het logbestand dat er uit voortgekomen is ComboFix 12-01-02.01 - bruno 02/01/2012 22:26:17.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1369 [GMT 1:00] Gestart vanuit: c:\documents and settings\bruno\Bureaublad\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\bruno\Application Data\PriceGong c:\documents and settings\bruno\Application Data\PriceGong\Data\1.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\a.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\b.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\c.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\d.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\e.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\f.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\g.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\h.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\i.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\J.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\k.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\l.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\m.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\mru.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\n.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\o.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\p.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\q.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\r.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\s.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\t.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\u.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\v.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\w.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\x.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\y.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\z.xml c:\documents and settings\bruno\WINDOWS c:\documents and settings\lena\Application Data\PriceGong c:\documents and settings\lena\Application Data\PriceGong\Data\1.xml c:\documents and settings\lena\Application Data\PriceGong\Data\a.xml c:\documents and settings\lena\Application Data\PriceGong\Data\b.xml c:\documents and settings\lena\Application Data\PriceGong\Data\c.xml c:\documents and settings\lena\Application Data\PriceGong\Data\d.xml c:\documents and settings\lena\Application Data\PriceGong\Data\e.xml c:\documents and settings\lena\Application Data\PriceGong\Data\f.xml c:\documents and settings\lena\Application Data\PriceGong\Data\g.xml c:\documents and settings\lena\Application Data\PriceGong\Data\h.xml c:\documents and settings\lena\Application Data\PriceGong\Data\i.xml c:\documents and settings\lena\Application Data\PriceGong\Data\J.xml c:\documents and settings\lena\Application Data\PriceGong\Data\k.xml c:\documents and settings\lena\Application Data\PriceGong\Data\l.xml c:\documents and settings\lena\Application Data\PriceGong\Data\m.xml c:\documents and settings\lena\Application Data\PriceGong\Data\mru.xml c:\documents and settings\lena\Application Data\PriceGong\Data\n.xml c:\documents and settings\lena\Application Data\PriceGong\Data\o.xml c:\documents and settings\lena\Application Data\PriceGong\Data\p.xml c:\documents and settings\lena\Application Data\PriceGong\Data\q.xml c:\documents and settings\lena\Application Data\PriceGong\Data\r.xml c:\documents and settings\lena\Application Data\PriceGong\Data\s.xml c:\documents and settings\lena\Application Data\PriceGong\Data\t.xml c:\documents and settings\lena\Application Data\PriceGong\Data\u.xml c:\documents and settings\lena\Application Data\PriceGong\Data\v.xml c:\documents and settings\lena\Application Data\PriceGong\Data\w.xml c:\documents and settings\lena\Application Data\PriceGong\Data\x.xml c:\documents and settings\lena\Application Data\PriceGong\Data\y.xml c:\documents and settings\lena\Application Data\PriceGong\Data\z.xml c:\documents and settings\lena\WINDOWS c:\documents and settings\robbe\Application Data\PriceGong c:\documents and settings\robbe\Application Data\PriceGong\Data\1.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\a.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\b.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\c.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\d.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\e.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\f.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\g.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\h.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\i.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\J.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\k.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\l.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\m.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\mru.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\n.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\o.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\p.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\q.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\r.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\s.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\t.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\u.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\v.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\w.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\x.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\y.xml c:\documents and settings\robbe\Application Data\PriceGong\Data\z.xml c:\documents and settings\robbe\WINDOWS c:\program files\mbam-setup-1.51.2.1300.exe c:\windows\IsUn0413.exe c:\windows\system32\CddbCdda.dll c:\windows\system32\SETD0.tmp c:\windows\system32\SETD2.tmp c:\windows\system32\SETD7.tmp c:\windows\system32\SETDE.tmp c:\windows\system32\SETE0.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT -------\Service_RkHit . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))) . . 2012-01-02 21:43 . 2012-01-02 21:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-01 20:52 . 2011-11-01 20:52 388096 ----a-r- c:\documents and settings\bruno\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-01 20:45 . 2011-09-28 19:26 69356 ----a-w- c:\program files\HijackThis.exe 2011-11-01 20:35 . 2011-11-01 21:17 3561544 ----a-w- c:\program files\rcpsetup_dcnew_300_pd.exe 2011-11-01 20:31 . 2011-11-01 20:58 73443336 ----a-w- c:\program files\msert.exe 2011-11-01 20:24 . 2011-09-28 19:23 1402880 ----a-w- c:\program files\HiJackThis.msi 2011-09-28 20:27 . 2011-09-28 20:27 70292 ----a-w- c:\program files\SDFiks.exe 2011-09-28 19:38 . 2011-09-28 19:38 0 ----a-w- c:\program files\Hijack.exe 2011-09-28 19:38 . 2011-09-28 19:38 1402880 ----a-w- c:\program files\HiJack.msi . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 15:54 175912 ------w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2009-12-31 09:53 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] "RDReminder"="c:\program files\RegClean Pro\RegCleanPro.exe" [2011-09-30 7224704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-17 30192] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-02-28 1385472] "AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344] "PCSuiteTrayApplication"="c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] . c:\documents and settings\lena\Menu Start\Programma's\Opstarten\ ubisoft register.lnk - c:\program files\Ubi Soft\Rayman3\Register\schedule.exe [N/A] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-31 110592] Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-1-19 7168] Password.lnk - c:\windows\Temp\Password.exe [N/A] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC . R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [3/03/2007 13:29 137344] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [3/03/2007 13:29 12032] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 10:07 135664] S3 bDMusicb;bDMusicb;\??\c:\docume~1\bruno\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\bruno\LOCALS~1\Temp\bDMusicb.sys [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/01/2007 20:45 30192] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 10:07 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/09/2004 9:38 14336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:06] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:06] . 2011-09-19 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2009-09-30 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2011-11-01 c:\windows\Tasks\RegClean Pro_DEFAULT.job - c:\program files\RegClean Pro\RegCleanPro.exe [2011-11-01 14:37] . 2011-11-01 c:\windows\Tasks\RegClean Pro_UPDATES.job - c:\program files\RegClean Pro\RegCleanPro.exe [2011-11-01 14:37] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mWindow Title = Telenet Internet uInternet Settings,ProxyServer = http=127.0.0.1:57758 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\documents and settings\bruno\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 195.130.131.132 195.130.130.4 DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://imst.selfip.net:88/LNetCam.cab . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe HKLM-Run-Corel Photo Downloader - Disable_By_c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe HKLM-Run-nwiz - nwiz.exe HKLM-Run-QuickTime Task - Disable_By_c:\program files\QuickTime\qttask.exe HKLM-Run-iTunesHelper - Disable_By_c:\program files\iTunes\iTunesHelper.exe AddRemove-Bedrock Bowling - c:\program files\SouthPeak Interactive\Bedrock Bowling\Uninst.isu AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-02 22:42 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|þ»Ñw*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(244) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\PhoneBrowser.dll c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\PCSCM.dll c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\Lang\PhoneBrowser_dut.nlr c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Windows Live\Family Safety\fsssvc.exe c:\program files\Dell Network Assistant\hnm_svc.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\wscntfy.exe c:\windows\stsystra.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\Dell Network Assistant\ezi_hnm2.exe . ************************************************************************** . Voltooingstijd: 2012-01-02 22:47:25 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-02 21:47 . Pre-Run: 70.081.740.800 bytes beschikbaar Post-Run: 72.151.453.696 bytes beschikbaar . - - End Of File - - E09B9F48E9974A0A6818441F9E1EAAEA
  • Dank voor jouw wensen. Ik wens jouw ook een fijn jaar toe. Ik zie dat jij van DVD-soft het een en ander in Windows hebt. DVD-soft is niet onschuldig en komt altijd minimaal met Conduit in Windows. Waar gebruik jij die software voor? En hoe draait jouw Windows na de scan?
  • DVD soft heb ik gedownload om youtue-bestanden om te zetten naar mp3-bestanden; dit was dan blijkbaar geen goed idee. De PC start nu opmerkelijk sneller op en internet explorer werkt weer. Momenteel staat er geen virusscanner op de PC. Ik heb hier ook al wat gelezen over Avira en Avast; wat raad je me dan aan?
  • Over jouw vraag over antivirus: Avast Free is de onbetwiste nummer 1, en de enigste, die een aantal onderdelen aan boord heeft, die je verder alleen aantreft bij betaalde antivirusprogramma's. [url=http://www.av.eu/nl/avast_antivirus_producten/avast_Free_Antivirus/][b:77a49e1484]Downloadlink Avast 6 Free[/b:77a49e1484][/url] Avira Free daarentegen mist dus o.a. een emailscanner (open je echter een besmette email, spring Avira in actie!) maar heeft een zeer goede ondemandscanner en werkt nog lichter in Windows dan Avast. [url=http://www.avira.com/nl/for-home][b:77a49e1484]Downloadlink Avira 2012 Free[/b:77a49e1484][/url] Tip: bij installatie wordt gevraagd om de ASK-toolbar te installeren - indien je van Avira's webrep gebruik wil maken! Maar dat wil je niet doen, want installeer beter daarna ook nog WOT (Web of Trust - [url]http://www.mywot.com/[/url] )[/quote] Welk van de twee jij ook kiest - laat na updaten de software een volledige systeemscan doen en laat mij dan weten hoe die verlopen is,
  • Abraham ik heb dus gekozen voor Avast en een volledige scan uitgevoerd. Hij geeft een bedreiging: INI:Cycbot-gen [Trj] en bedreiging: Win32:SpyEyes-D [Spy] daarnast heb ik de mogelijkheid om te herstellen, te verplaatsen naar kluis, verwijderen of niets doen. Wat doe ik hier dan mee? Groetjes
  • Verplaatsen naar kluis. Dat zijn namelijk schadelijke bestanden en in de kluis van Avast kunnen ze niks meer aanrichten! Daarna doe je het volgende: [b:b149f7d5f5][url=http://www.eset.com/onlinescan/]doe de ESET online scan (Klik).[/url][/b:b149f7d5f5] [list:b149f7d5f5] [*:b149f7d5f5]Klik op de knop [b:b149f7d5f5]ESET Online Scanner[/b:b149f7d5f5] [*:b149f7d5f5]Zet een vinkje bij [b:b149f7d5f5]YES, I accept the Terms of Use[/b:b149f7d5f5] [*:b149f7d5f5]Klik op [b:b149f7d5f5]Start[/b:b149f7d5f5] [*:b149f7d5f5]Sta het ActiveX control toe om te installeren. [*:b149f7d5f5]Zet een vinkje bij de volgende opties: [list:b149f7d5f5][*:b149f7d5f5][b:b149f7d5f5]Remove found threats[/b:b149f7d5f5] [*:b149f7d5f5][b:b149f7d5f5]Scan archives[/b:b149f7d5f5][/list:u:b149f7d5f5] [*:b149f7d5f5]Klik vervolgens op [b:b149f7d5f5][color=#0000FF:b149f7d5f5]"Advanced Settings"[/color:b149f7d5f5][/b:b149f7d5f5] [list:b149f7d5f5][*:b149f7d5f5][b:b149f7d5f5]Scan for potentially unwanted applications[/b:b149f7d5f5] [*:b149f7d5f5][b:b149f7d5f5]Scan for potentially unsafe applications[/b:b149f7d5f5] [*:b149f7d5f5][b:b149f7d5f5]Enable Anti-Stealth technology [/b:b149f7d5f5][/list:u:b149f7d5f5] [*:b149f7d5f5]Klik op [b:b149f7d5f5]Start[/b:b149f7d5f5] [*:b149f7d5f5]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:b149f7d5f5]is de scan klaar, klik dan op [b:b149f7d5f5][color=#0000FF:b149f7d5f5]> List of found threats[/color:b149f7d5f5][/b:b149f7d5f5] [*:b149f7d5f5]Klik vervolgens op [color=#0000FF:b149f7d5f5][b:b149f7d5f5]> Export to text file....[/b:b149f7d5f5][/color:b149f7d5f5] [*:b149f7d5f5]Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel. [*:b149f7d5f5]Daarna mag jij het venster sluiten omdat de scan klaar is. [*:b149f7d5f5]Open vervolgens het log dat op je bureaublad staat. [*:b149f7d5f5]En kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:b149f7d5f5] N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
  • Ziehier de logfile nadat ik de ESET online scanner heb uitgevoerd. C:\Documents and Settings\gwen\Local Settings\Temporary Internet Files\Content.IE5\8K2KV521\SDFix[2].exe Win32/PrcView application deleted - quarantined C:\Program Files\Backdoor . Gen Removal Tool\Backdoor.GenRemovalTool.exe probably a variant of Win32/SecurityStronghold application cleaned by deleting - quarantined C:\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1218\A0125155.sys Win32/Adware.SpywareCease application cleaned by deleting - quarantined C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1218\A0125160.dll a variant of Win32/Adware.SpywareCease.AA application cleaned by deleting - quarantined C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1218\A0125163.exe Win32/Adware.SpywareCease application cleaned by deleting - quarantined C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1221\A0125646.exe probably a variant of Win32/SecurityStronghold application cleaned by deleting - quarantined C:\System Volume Information\_restore{20FACB27-B213-45DF-B711-A07B77057628}\RP1221\A0125647.exe Win32/PrcView application cleaned by deleting - quarantined
  • Hoi Rob - enig idee hoe dit programma in jouw Windows is gekomen: [b:27a6e77150]C:\Program Files\Backdoor . Gen Removal Tool[/b:27a6e77150]??????
  • Wel, toen ik een vriend vertelde van de problemen die ik had met m'n PC en over de melding dat er een virus was gedetecteerd met de naam "backdoor.gen", raadde hij me aan om dat programma eens te laten draaien. Vermits hij op zijn werk ook op de IT-afdeling werkt ging ik ervan uit dat hij er wel iets meer van kent; maar nadat het prgramma zijn werk had gedaan bleek er nog niets veranderd te zijn. Daarna ben ik zelf een beetje beginnen zoeken en ben ik bij jullie terecht gekomen; wat me al een heeel pak verder heeft geholpen.
  • Op een IT afdeling werken wil nog niet zeggen dat ze ook iets van malware afweten. Want het tool is zelf malware! Het is ook erg jammeer, dat er zo'n lange tijd tusen begin en doorgaan heeft gezeten. Ik wil nu eerst een nieuw Hijack This-log door jou gepost zien. En vergezel dat ook van een nieuw MBAM-log. Dus MBAM opstarten, updaten en dan een snelle scan laten doen.
  • Abraham Ziehier de 2 gevraagde logbestanden Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:28:46, on 6/01/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=0070119 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57758 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Documents and Settings\gwen\Bureaublad\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Password.lnk = C:\WINDOWS\Temp\Password.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\bruno\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 14953 bytes Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Databaseversie: v2012.01.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 bruno :: ROBBELENA [administrator] 6/01/2012 19:37:33 mbam-log-2012-01-06 (19-37-33).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 261870 Verstreken tijd: 12 minuut/minuten, 38 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Groetjes
  • Hallo Rob, je hebt inmiddels Avast 6 Free geInstalleerd - maar er is nog een hoop van McAfee aktief. Verwijder ComboFix van jouw bureaublad en daowload het tool opnieuw! Vervolgens doe jij het volgende: zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:938f37998d]Kladblok (of Notepad)[/b:938f37998d]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:938f37998d][color=#0000FF:938f37998d]ClearJavaCache:: Folder:: C:\Program Files\McAfee [/color:938f37998d][/b:938f37998d] Sla dit kladblokbestand op je bureaublad op als [b:938f37998d]CFScript.txt[/b:938f37998d]. [b:938f37998d][color=#FF0000:938f37998d]Nu eerst de antivirus deaktiveren![/color:938f37998d][/b:938f37998d] Sleep CFScript.txt in ComboFix.exe [img:938f37998d]http://crew.nucia.eu/smeenk/CFScript.gif[/img:938f37998d] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in [b:938f37998d]C:\Combofix.txt[/b:938f37998d] [b:938f37998d]Belangrijke opmerking[/b:938f37998d]: [list:938f37998d][*:938f37998d][b:938f37998d][color=Red:938f37998d]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:938f37998d][/b:938f37998d] [*:938f37998d][b:938f37998d][color=blue:938f37998d]Illegal operation attempted on a registery key that has been marked for deletion.[/color:938f37998d][/b:938f37998d] [*:938f37998d][b:938f37998d][color=Red:938f37998d]Start dan de computer opnieuw op.[/color:938f37998d][/b:938f37998d][/list:u:938f37998d]
  • Abraham Hieronder vind je het nieuwe Combofix log ComboFix 12-01-06.03 - bruno 06/01/2012 23:56:14.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1372 [GMT 1:00] Gestart vanuit: c:\documents and settings\bruno\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\bruno\Bureaublad\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\bruno\Application Data\PriceGong c:\documents and settings\bruno\Application Data\PriceGong\Data\1.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\a.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\b.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\c.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\d.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\e.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\f.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\g.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\h.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\i.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\j.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\k.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\l.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\m.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\mru.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\n.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\o.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\p.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\q.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\r.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\s.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\t.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\u.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\v.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\w.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\x.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\y.xml c:\documents and settings\bruno\Application Data\PriceGong\Data\z.xml c:\program files\McAfee c:\program files\McAfee\Common Framework\0409\AgentRes.dll c:\program files\McAfee\Common Framework\0409\AgentRes64.dll c:\program files\McAfee\Common Framework\0409\CmaUIRes.dll c:\program files\McAfee\Common Framework\0409\ScrptRes.dll c:\program files\McAfee\Common Framework\0409\UpdRes.dll c:\program files\McAfee\Common Framework\Agent.dll c:\program files\McAfee\Common Framework\Agent64.dll c:\program files\McAfee\Common Framework\AgentPlugin.dll c:\program files\McAfee\Common Framework\applib.dll c:\program files\McAfee\Common Framework\applib64.dll c:\program files\McAfee\Common Framework\Cleanup.exe c:\program files\McAfee\Common Framework\ClientUI.dll c:\program files\McAfee\Common Framework\cmalib.dll c:\program files\McAfee\Common Framework\cmalib64.dll c:\program files\McAfee\Common Framework\CmdAgent.exe c:\program files\McAfee\Common Framework\ComponentFrameworkCallback64.dll c:\program files\McAfee\Common Framework\ComponentPolicyEnforcement64.dll c:\program files\McAfee\Common Framework\ComponentSubSystem.dll c:\program files\McAfee\Common Framework\ComponentSubSystem64.dll c:\program files\McAfee\Common Framework\ComponentUserInterface.dll c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\Common Framework\FrmInst.exe c:\program files\McAfee\Common Framework\FrmPlugin.dll c:\program files\McAfee\Common Framework\GenEvtInf.dll c:\program files\McAfee\Common Framework\GenEvtInf64.dll c:\program files\McAfee\Common Framework\InternetManager.dll c:\program files\McAfee\Common Framework\InternetManager64.dll c:\program files\McAfee\Common Framework\JrMac.dll c:\program files\McAfee\Common Framework\ListenServer.dll c:\program files\McAfee\Common Framework\Logging.dll c:\program files\McAfee\Common Framework\Logging64.dll c:\program files\McAfee\Common Framework\Management.dll c:\program files\McAfee\Common Framework\Management64.dll c:\program files\McAfee\Common Framework\McScanCheck.exe c:\program files\McAfee\Common Framework\McScript.exe c:\program files\McAfee\Common Framework\McScript_InUse.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\McAfee\Common Framework\mcurial.dll c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcm80.dll c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcp80.dll c:\program files\McAfee\Common Framework\Microsoft.VC80.CRT\msvcr80.dll c:\program files\McAfee\Common Framework\msvcp71.dll c:\program files\McAfee\Common Framework\msvcr71.dll c:\program files\McAfee\Common Framework\naCmnLib64.dll c:\program files\McAfee\Common Framework\naCmnLib71.dll c:\program files\McAfee\Common Framework\nagshr32.dll c:\program files\McAfee\Common Framework\naicrt32.dll c:\program files\McAfee\Common Framework\nailog.dll c:\program files\McAfee\Common Framework\nailog64.dll c:\program files\McAfee\Common Framework\naInet.dll c:\program files\McAfee\Common Framework\naInet64.dll c:\program files\McAfee\Common Framework\naisign.dll c:\program files\McAfee\Common Framework\naitcpp.dll c:\program files\McAfee\Common Framework\naPolicyManager.dll c:\program files\McAfee\Common Framework\naPolicyManager64.dll c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr64.exe c:\program files\McAfee\Common Framework\naSPIPE.dll c:\program files\McAfee\Common Framework\naSPIPE64.dll c:\program files\McAfee\Common Framework\naXML64.dll c:\program files\McAfee\Common Framework\naXML71.dll c:\program files\McAfee\Common Framework\nmcomn32.dll c:\program files\McAfee\Common Framework\patchw32.dll c:\program files\McAfee\Common Framework\PcrPlug.dll c:\program files\McAfee\Common Framework\PoEvtInf.dll c:\program files\McAfee\Common Framework\Scheduler.dll c:\program files\McAfee\Common Framework\Scheduler64.dll c:\program files\McAfee\Common Framework\ScriptSubSys.dll c:\program files\McAfee\Common Framework\SecureFrameworkFactory.dll c:\program files\McAfee\Common Framework\SecureFrameworkFactory64.dll c:\program files\McAfee\Common Framework\TCHelper.dll c:\program files\McAfee\Common Framework\TCSubSys.dll c:\program files\McAfee\Common Framework\UdaterUI.exe c:\program files\McAfee\Common Framework\unicows.dll c:\program files\McAfee\Common Framework\UpdateSubSys.dll c:\program files\McAfee\Common Framework\UpdPlug.dll c:\program files\McAfee\Common Framework\UserSpace.dll c:\program files\McAfee\Common Framework\XMLWrap.dll c:\program files\McAfee\SpamKiller\borlndmm.dll c:\program files\McAfee\SpamKiller\mcapfbho.dat c:\program files\McAfee\SpamKiller\MSKColors.dat c:\program files\McAfee\SpamKiller\MSKDetct.exe c:\program files\McAfee\SpamKiller\MSKRescs.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))) . . 2012-01-05 19:48 . 2012-01-05 19:48 -------- d-----w- c:\program files\ESET 2012-01-05 17:45 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-01-05 17:45 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-01-05 17:45 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-01-05 17:45 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-01-05 17:45 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-01-05 17:45 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-01-05 17:45 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-01-05 17:45 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-01-05 17:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2012-01-05 17:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe 2012-01-05 17:44 . 2012-01-05 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-01-05 17:44 . 2012-01-05 17:44 -------- d-----w- c:\program files\AVAST Software 2012-01-05 17:39 . 2012-01-05 17:39 64207032 ----a-w- c:\program files\setup_av_free.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2011-11-01 21:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 14:40 . 2004-09-14 08:38 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:13 . 2004-09-14 08:38 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2004-09-14 08:38 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2004-09-14 08:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2004-09-14 08:38 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 20:52 . 2011-11-01 20:52 388096 ----a-r- c:\documents and settings\bruno\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-01 20:45 . 2011-09-28 19:26 69356 ----a-w- c:\program files\HijackThis.exe 2011-11-01 20:35 . 2011-11-01 21:17 3561544 ----a-w- c:\program files\rcpsetup_dcnew_300_pd.exe 2011-11-01 20:31 . 2011-11-01 20:58 73443336 ----a-w- c:\program files\msert.exe 2011-11-01 20:24 . 2011-09-28 19:23 1402880 ----a-w- c:\program files\HiJackThis.msi 2011-11-01 16:07 . 2004-09-14 08:38 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2004-09-14 08:38 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2004-09-14 08:38 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2004-08-04 00:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-09-14 08:38 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2004-09-14 08:49 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 20:27 . 2011-09-28 20:27 70292 ----a-w- c:\program files\SDFiks.exe 2011-09-28 19:38 . 2011-09-28 19:38 0 ----a-w- c:\program files\Hijack.exe 2011-09-28 19:38 . 2011-09-28 19:38 1402880 ----a-w- c:\program files\HiJack.msi . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_21.42.36 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2012-01-06 18:14 . 2012-01-06 18:14 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat - 2008-07-14 11:09 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe + 2008-07-14 11:09 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe - 2004-09-14 08:38 . 2011-08-22 23:41 66560 c:\windows\system32\mshtmled.dll + 2004-09-14 08:38 . 2011-11-04 19:13 66560 c:\windows\system32\mshtmled.dll + 2007-08-13 17:54 . 2011-11-04 19:13 55296 c:\windows\system32\msfeedsbs.dll - 2007-08-13 17:54 . 2011-08-22 23:41 55296 c:\windows\system32\msfeedsbs.dll - 2004-09-14 08:38 . 2011-08-22 23:41 25600 c:\windows\system32\jsproxy.dll + 2004-09-14 08:38 . 2011-11-04 19:13 25600 c:\windows\system32\jsproxy.dll + 2009-08-31 18:50 . 2011-11-04 19:13 12800 c:\windows\system32\dllcache\xpshims.dll - 2009-08-31 18:50 . 2011-08-22 23:41 12800 c:\windows\system32\dllcache\xpshims.dll - 2007-01-19 19:31 . 2011-08-22 23:41 66560 c:\windows\system32\dllcache\mshtmled.dll + 2007-01-19 19:31 . 2011-11-04 19:13 66560 c:\windows\system32\dllcache\mshtmled.dll + 2008-12-11 18:26 . 2011-11-04 19:13 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2008-12-11 18:26 . 2011-08-22 23:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2007-08-13 17:44 . 2011-08-22 23:41 43520 c:\windows\system32\dllcache\licmgr10.dll + 2007-08-13 17:44 . 2011-11-04 19:13 43520 c:\windows\system32\dllcache\licmgr10.dll - 2007-01-19 19:31 . 2011-08-22 23:41 25600 c:\windows\system32\dllcache\jsproxy.dll + 2007-01-19 19:31 . 2011-11-04 19:13 25600 c:\windows\system32\dllcache\jsproxy.dll - 2009-12-14 07:10 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll + 2009-12-14 07:10 . 2011-10-28 05:32 33280 c:\windows\system32\dllcache\csrsrv.dll + 2007-01-31 21:26 . 2012-01-02 22:25 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-01-31 21:26 . 2011-10-13 20:10 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2007-01-31 21:26 . 2012-01-02 22:25 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2007-01-31 21:26 . 2011-10-13 20:10 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2007-01-31 21:26 . 2011-10-13 20:10 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2007-01-31 21:26 . 2012-01-02 22:25 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2007-01-31 21:26 . 2012-01-02 22:25 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2007-01-31 21:26 . 2011-10-13 20:10 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-01-31 21:26 . 2012-01-02 22:25 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2007-01-31 21:26 . 2011-10-13 20:10 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2007-01-31 21:26 . 2012-01-02 22:25 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2007-01-31 21:26 . 2011-10-13 20:10 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2012-01-02 22:29 . 2011-08-22 23:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll + 2012-01-02 22:28 . 2011-08-22 23:41 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll + 2012-01-02 22:28 . 2011-08-22 23:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll + 2012-01-02 22:28 . 2011-08-22 23:41 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll + 2012-01-02 22:28 . 2011-08-22 23:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll - 2007-01-31 21:26 . 2011-10-13 20:10 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2007-01-31 21:26 . 2012-01-02 22:25 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2004-09-14 08:38 . 2011-11-04 19:13 105984 c:\windows\system32\url.dll - 2004-09-14 08:38 . 2011-08-22 23:41 105984 c:\windows\system32\url.dll + 2004-09-14 08:38 . 2011-11-04 19:13 206848 c:\windows\system32\occache.dll - 2004-09-14 08:38 . 2011-08-22 23:41 206848 c:\windows\system32\occache.dll + 2004-09-14 08:38 . 2011-11-04 19:13 611840 c:\windows\system32\mstime.dll - 2004-09-14 08:38 . 2011-08-22 23:41 611840 c:\windows\system32\mstime.dll + 2007-08-13 17:54 . 2011-11-04 19:13 602112 c:\windows\system32\msfeeds.dll - 2007-08-13 17:54 . 2011-08-22 23:41 602112 c:\windows\system32\msfeeds.dll - 2004-09-14 08:38 . 2011-08-22 23:41 184320 c:\windows\system32\iepeers.dll + 2004-09-14 08:38 . 2011-11-04 19:13 184320 c:\windows\system32\iepeers.dll - 2004-09-14 08:38 . 2011-08-22 23:41 387584 c:\windows\system32\iedkcs32.dll + 2004-09-14 08:38 . 2011-11-04 19:13 387584 c:\windows\system32\iedkcs32.dll + 2004-09-14 08:38 . 2011-11-04 11:25 174080 c:\windows\system32\ie4uinit.exe - 2004-09-14 08:38 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe + 2004-09-14 08:44 . 2012-01-04 19:31 197752 c:\windows\system32\FNTCACHE.DAT - 2004-09-14 08:44 . 2011-10-13 20:21 197752 c:\windows\system32\FNTCACHE.DAT + 2007-01-19 19:31 . 2011-11-04 19:13 916992 c:\windows\system32\dllcache\wininet.dll - 2007-08-13 17:44 . 2011-08-22 23:41 105984 c:\windows\system32\dllcache\url.dll + 2007-08-13 17:44 . 2011-11-04 19:13 105984 c:\windows\system32\dllcache\url.dll - 2007-08-13 17:44 . 2011-08-22 23:41 206848 c:\windows\system32\dllcache\occache.dll + 2007-08-13 17:44 . 2011-11-04 19:13 206848 c:\windows\system32\dllcache\occache.dll - 2007-01-19 19:31 . 2011-08-22 23:41 611840 c:\windows\system32\dllcache\mstime.dll + 2007-01-19 19:31 . 2011-11-04 19:13 611840 c:\windows\system32\dllcache\mstime.dll + 2008-12-11 18:26 . 2011-11-04 19:13 602112 c:\windows\system32\dllcache\msfeeds.dll - 2008-12-11 18:26 . 2011-08-22 23:41 602112 c:\windows\system32\dllcache\msfeeds.dll + 2008-12-05 19:25 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll - 2008-12-05 19:25 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll + 2009-08-31 18:50 . 2011-11-04 19:13 247808 c:\windows\system32\dllcache\ieproxy.dll - 2009-08-31 18:50 . 2011-08-22 23:41 247808 c:\windows\system32\dllcache\ieproxy.dll + 2007-01-19 19:31 . 2011-11-04 19:13 184320 c:\windows\system32\dllcache\iepeers.dll - 2007-01-19 19:31 . 2011-08-22 23:41 184320 c:\windows\system32\dllcache\iepeers.dll + 2010-06-09 11:38 . 2011-11-04 19:13 743424 c:\windows\system32\dllcache\iedvtool.dll - 2010-06-09 11:38 . 2011-08-22 23:41 743424 c:\windows\system32\dllcache\iedvtool.dll + 2007-08-13 17:39 . 2011-11-04 19:13 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2007-08-13 17:39 . 2011-08-22 23:41 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2007-08-13 17:39 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe + 2007-08-13 17:39 . 2011-11-04 11:25 174080 c:\windows\system32\dllcache\ie4uinit.exe + 2011-02-09 13:54 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll - 2011-02-09 13:54 . 2011-02-09 13:54 186880 c:\windows\system32\dllcache\encdec.dll - 2011-09-03 10:17 . 2011-09-09 09:12 602624 c:\windows\system32\dllcache\crypt32.dll + 2011-09-03 10:17 . 2011-09-28 07:06 602624 c:\windows\system32\dllcache\crypt32.dll + 2004-09-14 08:38 . 2011-09-28 07:06 602624 c:\windows\system32\crypt32.dll - 2004-09-14 08:38 . 2011-09-09 09:12 602624 c:\windows\system32\crypt32.dll + 2012-01-05 17:45 . 2012-01-05 17:45 219648 c:\windows\Installer\10f2b4.msi - 2007-01-31 21:26 . 2011-10-13 20:10 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-01-31 21:26 . 2012-01-02 22:25 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-01-31 21:26 . 2012-01-02 22:25 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-01-31 21:26 . 2011-10-13 20:10 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2007-01-31 21:26 . 2012-01-02 22:25 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-01-31 21:26 . 2011-10-13 20:10 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-01-31 21:26 . 2011-10-13 20:10 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-01-31 21:26 . 2012-01-02 22:25 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-01-31 21:26 . 2012-01-02 22:25 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-01-31 21:26 . 2011-10-13 20:10 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-01-31 21:26 . 2011-10-13 20:10 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-01-31 21:26 . 2012-01-02 22:25 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2012-01-02 22:28 . 2011-08-22 23:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll + 2012-01-02 22:28 . 2011-08-22 23:41 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll + 2012-01-02 22:29 . 2010-07-05 13:21 401272 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll + 2012-01-02 22:29 . 2010-07-05 13:21 234872 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe + 2012-01-02 22:28 . 2011-08-22 23:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll + 2012-01-02 22:28 . 2011-08-22 23:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll + 2012-01-02 22:28 . 2011-08-22 23:41 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll + 2012-01-02 22:29 . 2011-08-22 23:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll + 2012-01-02 22:28 . 2011-08-22 23:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll + 2012-01-02 22:29 . 2011-08-22 23:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll + 2012-01-02 22:29 . 2011-08-22 23:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll + 2012-01-02 22:29 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe + 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2004-09-14 08:38 . 2011-11-04 19:13 1212416 c:\windows\system32\urlmon.dll - 2004-09-14 08:38 . 2011-08-22 23:41 1212416 c:\windows\system32\urlmon.dll + 2004-09-14 08:38 . 2011-11-04 19:13 5978112 c:\windows\system32\mshtml.dll - 2007-08-13 17:34 . 2011-08-22 23:41 2000384 c:\windows\system32\iertutil.dll + 2007-08-13 17:34 . 2011-11-04 19:13 2000384 c:\windows\system32\iertutil.dll + 2008-12-05 19:27 . 2011-11-23 14:40 1859712 c:\windows\system32\dllcache\win32k.sys - 2007-01-19 19:31 . 2011-08-22 23:41 1212416 c:\windows\system32\dllcache\urlmon.dll + 2007-01-19 19:31 . 2011-11-04 19:13 1212416 c:\windows\system32\dllcache\urlmon.dll + 2010-07-16 12:01 . 2011-11-01 16:07 1288192 c:\windows\system32\dllcache\ole32.dll + 2008-12-05 19:26 . 2011-10-26 10:50 2197120 c:\windows\system32\dllcache\ntoskrnl.exe - 2008-12-05 19:26 . 2010-12-09 15:14 2197120 c:\windows\system32\dllcache\ntoskrnl.exe - 2008-12-05 19:26 . 2010-12-09 15:14 2031616 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-12-05 19:26 . 2011-10-26 10:50 2031616 c:\windows\system32\dllcache\ntkrpamp.exe - 2008-12-05 19:26 . 2010-12-09 15:14 2073728 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-12-05 19:26 . 2011-10-26 10:50 2073728 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-12-05 19:26 . 2011-10-26 10:50 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe - 2008-12-05 19:26 . 2010-12-09 15:14 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe + 2006-07-28 04:29 . 2011-11-04 19:13 5978112 c:\windows\system32\dllcache\mshtml.dll + 2008-12-11 18:26 . 2011-11-04 19:13 2000384 c:\windows\system32\dllcache\iertutil.dll - 2008-12-11 18:26 . 2011-08-22 23:41 2000384 c:\windows\system32\dllcache\iertutil.dll + 2011-10-29 22:10 . 2011-10-29 22:10 6824960 c:\windows\Installer\2724ff.msp + 2011-10-31 11:37 . 2011-10-31 11:37 4146688 c:\windows\Installer\2724e9.msp + 2011-11-17 09:55 . 2011-11-17 09:55 5522944 c:\windows\Installer\2724d4.msp + 2012-01-02 22:28 . 2011-08-22 23:41 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll + 2012-01-02 22:28 . 2011-10-03 08:31 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll + 2012-01-02 22:28 . 2011-08-22 23:41 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll - 2008-12-05 19:26 . 2010-12-09 15:14 2197120 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-12-05 19:26 . 2011-10-26 10:50 2197120 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-12-05 19:26 . 2011-10-26 10:50 2031616 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2008-12-05 19:26 . 2010-12-09 15:14 2031616 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-12-05 19:26 . 2011-10-26 10:50 2073728 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2008-12-05 19:26 . 2010-12-09 15:14 2073728 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-12-05 19:26 . 2011-10-26 10:50 2153472 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2008-12-05 19:26 . 2010-12-09 15:14 2153472 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-12-11 18:20 . 2011-12-07 10:44 52988224 c:\windows\system32\MRT.exe + 2007-08-13 17:54 . 2011-11-05 13:13 11081728 c:\windows\system32\ieframe.dll - 2007-08-13 17:54 . 2011-08-23 15:41 11081728 c:\windows\system32\ieframe.dll + 2008-12-11 18:26 . 2011-11-05 13:13 11081728 c:\windows\system32\dllcache\ieframe.dll - 2008-12-11 18:26 . 2011-08-23 15:41 11081728 c:\windows\system32\dllcache\ieframe.dll + 2012-01-02 22:28 . 2011-08-23 15:41 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 15:54 175912 ------w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2009-12-31 09:53 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-17 30192] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-02-28 1385472] "AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344] "PCSuiteTrayApplication"="c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\documents and settings\gwen\Bureaublad\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] . c:\documents and settings\lena\Menu Start\Programma's\Opstarten\ ubisoft register.lnk - c:\program files\Ubi Soft\Rayman3\Register\schedule.exe [N/A] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-31 110592] Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-1-19 7168] Password.lnk - c:\windows\Temp\Password.exe [N/A] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/01/2012 18:45 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/01/2012 18:45 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/01/2012 18:45 20568] R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [3/03/2007 13:29 137344] R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [3/03/2007 13:29 12032] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 10:07 135664] S3 bDMusicb;bDMusicb;\??\c:\docume~1\bruno\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\bruno\LOCALS~1\Temp\bDMusicb.sys [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/01/2007 20:45 30192] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 10:07 135664] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/09/2004 9:38 14336] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ASWSNX *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2012-01-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-27 19:00] . 2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:06] . 2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 09:06] . 2011-09-19 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2012-01-06 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mWindow Title = Telenet Internet uInternet Settings,ProxyServer = http=127.0.0.1:57758 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\documents and settings\bruno\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 195.130.131.132 195.130.130.4 DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://imst.selfip.net:88/LNetCam.cab . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe HKLM-Run-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\UdaterUI.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-07 00:15 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . C:\## aswSnx private storage . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|þ»Ñw*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-01-07 00:22:14 ComboFix-quarantined-files.txt 2012-01-06 23:22 ComboFix2.txt 2012-01-02 21:47 . Pre-Run: 70.794.428.416 bytes beschikbaar Post-Run: 70.919.221.248 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 35F7E3F0A604C48E0A82B0604DCC2049
  • Hoi Rob, met je laatste ComboFix log is er voor de tweede keer nu de AdAware "PriceGong" verwijderd. En dat vind ik vreemd. Daar gaarna nu eerst het volgende doen: een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:592bc40b06][color=#0000FF:592bc40b06]Security Check[/color:592bc40b06][/b:592bc40b06][/url]. [list:592bc40b06][*:592bc40b06] Klik/dubbelklik op [b:592bc40b06]SecurityCheck.exe[/b:592bc40b06] en let op de instrukties in het zwarte venster. [*:592bc40b06] Een Kladblok document genaamd [b:592bc40b06]checkup.txt[/b:592bc40b06] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:592bc40b06] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:592bc40b06] Post de inhoud van [b:592bc40b06]checkup.txt [/b:592bc40b06]in je volgende post.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.