Vraag & Antwoord

Beveiliging & privacy

N.a.v Eset Online Scanner

24 antwoorden
  • Goedeavond Graag eventjes controle van mijn laptop n.a.v Eset online scan. Die heeft 5 besmettings gevonden. Alvast bedankt voor de moeite. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:48:03, on 19-11-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugin-container.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weerdirect.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5736z&r=27361110f025l04f4z105v47424458 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia Update Agent - Unknown owner - C:\Program Files (x86)\Secunia\PSI\sua.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11831 bytes Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8194 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 19-11-2011 18:53:22 mbam-log-2011-11-19 (18-53-22).txt Scantype: Snelle scan Objecten gescand: 171177 Verstreken tijd: 3 minuut/minuten, 54 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  • Hoi K.S., weet je nog wat ESET-Online aan "virussen" had gevonden? Het log moet je kunnen terugvinden in de map [b:151cf64d8c]C:\Program Files (x86)\ESET\ESET Online Scanner[/b:151cf64d8c] als log.txt.
  • Goedemorgen Abraham Hierbij de gevraagde log. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a0f30d2ec9e8c54bb91f5f2a750989ac # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-19 05:37:00 # local_time=2011-11-19 06:37:00 (+0100, West-Europa (standaardtijd)) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 29023976 29023976 0 0 # compatibility_mode=768 16777215 100 0 31897673 31897673 0 0 # compatibility_mode=1280 16777215 100 0 18401452 18401452 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 70 19945168 73349651 0 0 # compatibility_mode=8192 67108863 100 0 3657 3657 0 0 # scanned=160578 # found=5 # cleaned=5 # scan_time=4419 C:\Users\Gebruiker\Downloads\installer_paint_shop_pro_x3_13_0_Nederlands_Dutch(2).exe Win32/Toggle application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Gebruiker\Downloads\installer_paint_shop_pro_x3_13_0_Nederlands_Dutch.exe Win32/Toggle application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Gebruiker\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Gebruiker\Downloads\RegistryReviverInstall.exe Win32/RegistryReviver application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Gebruiker\Downloads\speedupmypc.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
  • Hallo Klaas, je mag het volgende gaan doen: [b:3f4b6ff5f3]Welk programma[/b:3f4b6ff5f3]: ComboFix [b:3f4b6ff5f3]Waarvoor/waarom[/b:3f4b6ff5f3]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:3f4b6ff5f3]Moeilijkheidsgraad[/b:3f4b6ff5f3]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:3f4b6ff5f3]Downloadlokatie[/b:3f4b6ff5f3]: Dit programma absoluut naar het bureaublad downloaden! [b:3f4b6ff5f3]Download ComboFix via één van deze locaties[/b:3f4b6ff5f3]: [list:3f4b6ff5f3][*:3f4b6ff5f3][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:3f4b6ff5f3]Bleepingcomputer[/b:3f4b6ff5f3][/url] [*:3f4b6ff5f3][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:3f4b6ff5f3]ForoSpyware[/b:3f4b6ff5f3][/url] [*:3f4b6ff5f3][url=http://subs.geekstogo.com/ComboFix.exe][b:3f4b6ff5f3]Geekstogo[/b:3f4b6ff5f3][/url][/list:u:3f4b6ff5f3] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:3f4b6ff5f3]Hier[/b:3f4b6ff5f3][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:3f4b6ff5f3]Hier[/b:3f4b6ff5f3][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:3f4b6ff5f3]hier[/b:3f4b6ff5f3][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:3f4b6ff5f3]Voor alle duidelijkheid nogmaals[/b:3f4b6ff5f3]: ComboFix dient vanaf het bureaublad gestart te worden. [b:3f4b6ff5f3]Opmerkingen[/b:3f4b6ff5f3]: [list:3f4b6ff5f3][*:3f4b6ff5f3] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:3f4b6ff5f3]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:3f4b6ff5f3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:3f4b6ff5f3] [b:3f4b6ff5f3]ComboFix is opgestart[/b:3f4b6ff5f3]: [list:3f4b6ff5f3][*:3f4b6ff5f3]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:3f4b6ff5f3]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:3f4b6ff5f3]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:3f4b6ff5f3]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:3f4b6ff5f3]Post de inhoud van dit logbestand in je volgende bericht. [*:3f4b6ff5f3]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:3f4b6ff5f3] [b:3f4b6ff5f3]Belangrijke opmerking[/b:3f4b6ff5f3]: [list:3f4b6ff5f3][*:3f4b6ff5f3][b:3f4b6ff5f3][color=Red:3f4b6ff5f3]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:3f4b6ff5f3][/b:3f4b6ff5f3] [*:3f4b6ff5f3][b:3f4b6ff5f3][color=blue:3f4b6ff5f3]Illegal operation attempted on a registery key that has been marked for deletion.[/color:3f4b6ff5f3][/b:3f4b6ff5f3] [*:3f4b6ff5f3][b:3f4b6ff5f3][color=Red:3f4b6ff5f3]Start dan de computer opnieuw op.[/color:3f4b6ff5f3][/b:3f4b6ff5f3][/list:u:3f4b6ff5f3]
  • Goedemiddag Ik had de log gekopieerd, maar ik kon niet meer in ie9 en FF komen. Heb toen de computer weer herstart, maar de gekopieerde log kon ik toen niet meer plakken. Graag even de link om de log te plaatsen. (waar ik hem kan vinden)
  • Dat log vind je terug in C:\Combofix.txt
  • Oke, en bedankt. ComboFix 11-11-20.01 - Gebruiker 20-11-2011 18:03:42.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3002.1770 [GMT 1:00] Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_COMSysApp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))) . . 2011-11-20 17:16 . 2011-11-20 17:16 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-11-20 17:16 . 2011-11-20 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-19 20:13 . 2011-11-20 17:19 -------- d-----w- c:\users\Gebruiker\AppData\Local\Temp 2011-11-19 16:22 . 2011-11-19 16:22 -------- d-----w- c:\program files (x86)\ESET 2011-11-10 16:08 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-10 16:08 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-10 16:08 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-10 16:08 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-11-05 14:04 . 2011-11-05 14:05 -------- d-----w- c:\program files (x86)\QuickTime 2011-11-05 14:04 . 2011-11-05 14:04 -------- d-----w- c:\programdata\Apple Computer 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-10-22 18:36 . 2011-10-22 18:36 -------- d-----w- c:\program files (x86)\Common Files\Java . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-12 17:54 . 2011-05-17 14:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2010-12-04 18:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-01 05:24 . 2011-10-15 11:09 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-15 11:09 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-15 11:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-15 11:09 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-15 11:09 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-15 11:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-31 15:00 . 2010-11-15 13:41 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-27 05:37 . 2011-10-15 08:50 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-15 08:50 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-15 08:50 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26 . 2011-10-15 08:50 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-20_16.08.21 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-16 08:53 . 2011-11-20 16:35 66712 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2010-07-16 08:53 . 2011-11-18 16:07 66712 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-11-20 16:08 47886 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-11-20 17:20 47886 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-11-14 17:42 . 2011-11-20 17:20 16034 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1540792951-4210785799-4223076911-1000_UserData.bin - 2010-08-19 12:05 . 2011-11-20 15:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-19 12:05 . 2011-11-20 17:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-19 12:05 . 2011-11-20 15:04 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-08-19 12:05 . 2011-11-20 17:18 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-11-20 17:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-11-20 15:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-20 16:06 . 2011-11-20 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-20 17:18 . 2011-11-20 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-20 17:18 . 2011-11-20 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-20 16:06 . 2011-11-20 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2011-11-20 17:17 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-11-20 16:06 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-15 15:42 . 2011-11-20 17:17 17793528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1540792951-4210785799-4223076911-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\sbhook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [x] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-11-20 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-01-23 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01] . 2011-01-23 c:\windows\Tasks\PC Health Advisor Defrag.job - c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40] . 2011-06-14 c:\windows\Tasks\PC Health Advisor.job - c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "combofix"="c:\combofix\CF7466.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_Dlls"=0x1 "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\x64\sbhook64.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.weerdirect.nl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5736z&r=27361110f025l04f4z105v47424458 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ma7hckcq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.weerdirect.nl/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-1540792951-4210785799-4223076911-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-1540792951-4210785799-4223076911-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe . ************************************************************************** . Voltooingstijd: 2011-11-20 18:36:18 - machine werd herstart ComboFix-quarantined-files.txt 2011-11-20 17:36 ComboFix2.txt 2011-11-20 16:25 ComboFix3.txt 2011-05-28 13:52 . Pre-Run: 250.149.093.376 bytes beschikbaar Post-Run: 249.850.617.856 bytes beschikbaar . - - End Of File - - 088B656216FCFE1D531397201698DF56
  • Zo Klaas, de volgende stap; vertel ook hou jouw Windows draait! Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:050d51ec88]Kladblok (of Notepad)[/b:050d51ec88]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:050d51ec88][color=Blue:050d51ec88]KILLALL:: File:: c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1540792951-4210785799-4223076911-1000_UserData.bin c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1540792951-4210785799-4223076911-1000-8192.dat [/color:050d51ec88][/b:050d51ec88] Sla dit kladblokbestand op je bureaublad op als [b:050d51ec88]CFScript.txt[/b:050d51ec88]. [b:050d51ec88][color=Red:050d51ec88]Nu eerst de antivirus deaktiveren![/color:050d51ec88][/b:050d51ec88] Sleep CFScript.txt in ComboFix.exe [img:050d51ec88]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:050d51ec88] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:050d51ec88]Belangrijke opmerking[/b:050d51ec88]: [list:050d51ec88][*:050d51ec88][b:050d51ec88][color=Red:050d51ec88]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:050d51ec88][/b:050d51ec88] [*:050d51ec88][b:050d51ec88][color=blue:050d51ec88]Illegal operation attempted on a registery key that has been marked for deletion.[/color:050d51ec88][/b:050d51ec88] [*:050d51ec88][b:050d51ec88][color=Red:050d51ec88]Start dan de computer opnieuw op.[/color:050d51ec88][/b:050d51ec88][/list:u:050d51ec88]
  • Hoi Abraham De laptop draait goed hoor, geen problemen. ComboFix 11-11-20.01 - Gebruiker 20-11-2011 19:16:41.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3002.1844 [GMT 1:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt..txt AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1540792951-4210785799-4223076911-1000-8192.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat" "c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat" "c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat" "c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" "c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat" "c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1540792951-4210785799-4223076911-1000_UserData.bin" "c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin" "c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1540792951-4210785799-4223076911-1000-8192.dat c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1540792951-4210785799-4223076911-1000_UserData.bin c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . . . . konden niet verwijderd worden c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat . . . . konden niet verwijderd worden . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_COMSysApp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))) . . 2011-11-20 18:30 . 2011-11-20 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-11-20 18:30 . 2011-11-20 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-19 20:13 . 2011-11-20 18:34 -------- d-----w- c:\users\Gebruiker\AppData\Local\Temp 2011-11-19 16:22 . 2011-11-19 16:22 -------- d-----w- c:\program files (x86)\ESET 2011-11-10 16:08 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-10 16:08 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-10 16:08 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-10 16:08 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-11-05 14:05 . 2011-11-05 14:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-11-05 14:04 . 2011-11-05 14:05 -------- d-----w- c:\program files (x86)\QuickTime 2011-11-05 14:04 . 2011-11-05 14:04 -------- d-----w- c:\programdata\Apple Computer 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-10-22 18:36 . 2011-10-22 18:36 -------- d-----w- c:\program files (x86)\Common Files\Java . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-12 17:54 . 2011-05-17 14:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2010-12-04 18:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-01 05:24 . 2011-10-15 11:09 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-15 11:09 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-15 11:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-15 11:09 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-15 11:09 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-15 11:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-31 15:00 . 2010-11-15 13:41 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-27 05:37 . 2011-10-15 08:50 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-15 08:50 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-15 08:50 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-27 04:26 . 2011-10-15 08:50 233472 ----a-w- c:\windows\SysWow64\oleacc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-20_16.08.21 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-11-20 16:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-11-20 18:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-11-20 18:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-11-20 16:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-11-20 16:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-11-20 18:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-20 18:32 . 2011-11-20 18:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-20 16:06 . 2011-11-20 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-20 18:32 . 2011-11-20 18:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-20 16:06 . 2011-11-20 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\sbhook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [x] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-11-20 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-01-23 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01] . 2011-01-23 c:\windows\Tasks\PC Health Advisor Defrag.job - c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40] . 2011-06-14 c:\windows\Tasks\PC Health Advisor.job - c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] "combofix"="c:\combofix\CF21655.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_Dlls"=0x1 "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\x64\sbhook64.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.weerdirect.nl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5736z&r=27361110f025l04f4z105v47424458 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\ma7hckcq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.weerdirect.nl/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-1540792951-4210785799-4223076911-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1540792951-4210785799-4223076911-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-1540792951-4210785799-4223076911-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe . ************************************************************************** . Voltooingstijd: 2011-11-20 19:51:23 - machine werd herstart ComboFix-quarantined-files.txt 2011-11-20 18:51 ComboFix2.txt 2011-11-20 17:36 ComboFix3.txt 2011-11-20 16:25 ComboFix4.txt 2011-05-28 13:52 . Pre-Run: 249.672.343.552 bytes beschikbaar Post-Run: 249.617.948.672 bytes beschikbaar . - - End Of File - - 9FCBB19635EDCBDB16EA27A9E7976E03
  • Fijn, dan gaan we opruimen. [color=#FF0000:7424c95c6b][b:7424c95c6b]Stap •1•[/b:7424c95c6b][/color:7424c95c6b] ComboFix mag nu verwijderd worden: [list:7424c95c6b][*:7424c95c6b] ga daarvoor naar Start - Uitvoeren [*:7424c95c6b] kopieer en plak hierin het volgende: [b:7424c95c6b]Combofix /Uninstall[/b:7424c95c6b] [*:7424c95c6b] klik daarna op [b:7424c95c6b]OK[/b:7424c95c6b]. [*:7424c95c6b] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:7424c95c6b] Voorbeeld: [img:7424c95c6b]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:7424c95c6b] Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken. [i:7424c95c6b]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.[/i:7424c95c6b] [color=#FF0000:7424c95c6b][b:7424c95c6b]Stap •2•[/b:7424c95c6b][/color:7424c95c6b] [b:7424c95c6b]Welk programma[/b:7424c95c6b]: TFC. [b:7424c95c6b]Waarvoor/waarom[/b:7424c95c6b]:grondige reiniging van Windows. [b:7424c95c6b]Moeilijkheidsgraad[/b:7424c95c6b]: geen. [b:7424c95c6b]Download: [url=http://oldtimer.geekstogo.com/TFC.exe][color=#0000FF:7424c95c6b]Download TFC naar je bureaublad (klick)[/color:7424c95c6b] [/b:7424c95c6b][/url] [b:7424c95c6b]TFC opstarten[/b:7424c95c6b]: Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:7424c95c6b][*:7424c95c6b] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! [*:7424c95c6b] Vervolgens klik je op de knop [b:7424c95c6b]Start[/b:7424c95c6b] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. [*:7424c95c6b] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. [*:7424c95c6b] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. [*:7424c95c6b] Noot: TFC vertoont geen log![/list:u:7424c95c6b] [color=#FF0000:7424c95c6b][b:7424c95c6b]Stap •3•[/b:7424c95c6b][/color:7424c95c6b] Doe ook nog een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:7424c95c6b][color=#0000FF:7424c95c6b]Security Check[/color:7424c95c6b][/b:7424c95c6b][/url]. [list:7424c95c6b][*:7424c95c6b] Klik/dubbelklik op [b:7424c95c6b]SecurityCheck.exe[/b:7424c95c6b] en let op de instrukties in het zwarte venster. [*:7424c95c6b] Een Kladblok document genaamd [b:7424c95c6b]checkup.txt[/b:7424c95c6b] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:7424c95c6b] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:7424c95c6b] Post de inhoud van [b:7424c95c6b]checkup.txt [/b:7424c95c6b]in je volgende post.
  • Hoi TFC uitgevoerd. Beveilingslog Results of screen317's Security Check version 0.99.28 Windows 7 x64 (UAC is enabled) Internet Explorer 9 [b:f051b71574]`````````````````````````````` [u:f051b71574]Antivirus/Firewall Check:[/u:f051b71574][/b:f051b71574] ESET Online Scanner v3 Kaspersky Internet Security 2011 [size=1:f051b71574]WMI entry may not exist for antivirus; attempting automatic update.[/size:f051b71574] [b:f051b71574]``````````````````````````````` [u:f051b71574]Anti-malware/Other Utilities Check:[/u:f051b71574][/b:f051b71574] Malwarebytes' Anti-Malware Java(TM) 6 Update 29 Adobe Reader X (10.1.1) Mozilla Firefox (8.0.) [b:f051b71574]```````````````````````````````` Process Check: [u:f051b71574]objlist.exe by Laurent[/u:f051b71574][/b:f051b71574] Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky Internet Security 2011 avp.exe [b:f051b71574]``````````End of Log````````````[/b:f051b71574]
  • De Adobe Flashplayer wordt niet vermeld, maar toch maar de gegevens hiervoor ook. Er zijn twee onderdelen in Windows, die altijd de nieuwste versie dienen te zijn en dat zijn Java runtime en Adobe Flash Player. Waarom: in die nieuwste versies zijn altijd de ontdekte veiligheidsrisico's uitverbeterd en ook dat vaak het tool zelf beter funktioneert! Ga nu eerst naar Configuratiescherm [list:3724b27f3b][*:3724b27f3b][b:3724b27f3b]Software[/b:3724b27f3b] - Windows 2000/Windows XP [*:3724b27f3b][b:3724b27f3b]Programma's en onderdelen[/b:3724b27f3b] - Windows Vista en Windows 7[/list:u:3724b27f3b] en verwijder daar volgende onderdelen: Java(TM) 6 Update 29 Adobe Flash Player Herstart je PC opnieuw! Vervolgens ga jij eerst met Internet Explorer naar [url]http://get.adobe.com/nl/flashplayer/[/url] om de nieuwste Flasplayer 11.1.102.55 te laten installeren; (wil je de [b:3724b27f3b]Gratis Google Toolbar of McAfee Security Scan(optioneel) [/b:3724b27f3b] niet erbij hebben, haal dan eerst het vinkje weg bij die melding!). Op deze wijze wordt de Flashplayer niet alleen voor IE maar ook voor Windows geïnstalleerd! [b:3724b27f3b]Belangrijk[/b:3724b27f3b]: gebruik je ook andere browsers dan verwijder je eerst via dezelfde weg ook de [b:3724b27f3b]Adobe Flashplayer Plugins[/b:3724b27f3b] en daarna gebruik je dan die andere browsers telkens via hetzelfde internetadres om de nieuwste Flashplayer Plugins te downloaden en na afsluiten van de betreffende browser de nieuwe plugin te installeren! Download ook[url=http://www.softpedia.com/dyn-postdownload.php?p=71050&t=0&i=1][b:3724b27f3b]Java 7 Update 2 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline[/b:3724b27f3b][/url] eerst naar je bureaublad. Daarna mag jij de nieuwste Java-versie ook installeren.
  • Hoi Abraham Oke doen we. Maar ik zit nu achter mijn Desktop, om wat verkopen af te handelen. Morgenavond zal ik dat allemaal eventjes bijwerken, en dan kom ik ook met een nieuwe beveilingscheck dan. Alvast hartelijk dank voor je inzet. En nog een fijne voortzetting van de avond.
  • Goedeavond Abraham Deze link geeft bij mij aan, dat er een virus inzit. http://get.adobe.com/nl/flashplayer/ En bij java weet ik niet precies wat ik moet dowloaden. Graag hier nader uitleg over.
  • Java: kies voor [b:9301547b9d]SP Secure Mirror (US) - x86 - JRE 8 Dev Preview [EXE][/b:9301547b9d] via http://www.softpedia.com/progDownload/Java-Runtime-Environment-Download-71050.html En bij Adobe vermoed ik dat jouw Kaspersky mogelijk op de meeliftende software van McAfee regageert. Die site is veilig hoor.
  • Hoi Results of screen317's Security Check version 0.99.28 Windows 7 x64 (UAC is enabled) Internet Explorer 9 [b:011e373c8d]`````````````````````````````` [u:011e373c8d]Antivirus/Firewall Check:[/u:011e373c8d][/b:011e373c8d] ESET Online Scanner v3 Kaspersky Internet Security 2011 [size=1:011e373c8d]WMI entry may not exist for antivirus; attempting automatic update.[/size:011e373c8d] [b:011e373c8d]``````````````````````````````` [u:011e373c8d]Anti-malware/Other Utilities Check:[/u:011e373c8d][/b:011e373c8d] Malwarebytes' Anti-Malware Java(TM) 8 Adobe Reader X (10.1.1) Mozilla Firefox (8.0.) [b:011e373c8d]```````````````````````````````` Process Check: [u:011e373c8d]objlist.exe by Laurent[/u:011e373c8d][/b:011e373c8d] Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky Internet Security 2011 avp.exe [b:011e373c8d]``````````End of Log````````````[/b:011e373c8d] Heb nu wel Adobe flash Player 11 ActiveX64bit in de Configuratiescherm staan.
  • Hoi Klaas, ik schaam mij een beetje. Ik heb je de verkeerde Java feitelijk laten installeren. Je beschikt nu niet alleen over de Java runtime, maar ook over ontwikkeltools! Feitelijk had het deze moeten zijn: SP Secure Mirror (US) - x86 - JRE 7 Update 1 [EXE] Voor de rest ziet je log er goed uit.
  • Goedeavond Abraham Dat kan gebeuren, heb inmiddels deze SP Secure Mirror (US) - x86 - JRE 7 Update 1 [EXE] gedownload. Nogmaals mijn hartelijke dank fijne avond.
  • Mooi zo, indien je een en ander weer rechtgezet hebt, dan een laatste tip: ga een paar keer per jaar naar [b:6b9e9ec2f1][url=http://secunia.com/vulnerability_scanning/online/]Secunia PSI (klik)[/url][/b:6b9e9ec2f1] om te controleren of ook alles binnen Windows uptodate is. Want alleen dan is Windows op zijn veiligst! Klik op de Secunia site eerst op de knop [b:6b9e9ec2f1]Start Scanner[/b:6b9e9ec2f1] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:6b9e9ec2f1]Enable thorough system inspection[/b:6b9e9ec2f1] aleer op [b:6b9e9ec2f1]Start[/b:6b9e9ec2f1] te klikken! Gebruik je geen Java, dan zal de site niet werken. Dan kan je de [b:6b9e9ec2f1]Secunia Personal Software Inspector (PSI)[/b:6b9e9ec2f1] downloaden en installeren. N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden! [url]http://secunia.com/vulnerability_scanning/personal/[/url]
  • Goedeavond Bedankt voor de tip, zullen we zeker doen. Heb nu nog ff een vraag over mijn Desktop. Heb ik hier wel de goeie Flashplayer en Java opstaan. Windows 7 Home Premium 34 bits. Results of screen317's Security Check version 0.99.18 Windows 7 Service Pack 1 (UAC is enabled) Internet Explorer 8 [b:60fc45ef32]`````````````````````````````` [u:60fc45ef32]Antivirus/Firewall Check:[/u:60fc45ef32][/b:60fc45ef32] Kaspersky Internet Security 2011 [size=1:60fc45ef32]WMI entry may not exist for antivirus; attempting automatic update.[/size:60fc45ef32] [b:60fc45ef32]``````````````````````````````` [u:60fc45ef32]Anti-malware/Other Utilities Check:[/u:60fc45ef32][/b:60fc45ef32] Malwarebytes' Anti-Malware CCleaner Java(TM) 7 Update 1 [color=red:60fc45ef32][b:60fc45ef32]Out of date Java installed![/b:60fc45ef32][/color:60fc45ef32] [b:60fc45ef32][color=red:60fc45ef32]Flash Player Out of Date![/color:60fc45ef32][/b:60fc45ef32] Adobe Reader X (10.1.1) [b:60fc45ef32]```````````````````````````````` Process Check: [u:60fc45ef32]objlist.exe by Laurent[/u:60fc45ef32][/b:60fc45ef32] Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky Internet Security 2011 avp.exe [b:60fc45ef32]``````````End of Log````````````[/b:60fc45ef32]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.