Vraag & Antwoord

Beveiliging & privacy

Vreemd bestand/trage laptop/rare meldingen

14 antwoorden
  • Sinds enige tijd is mijn laptop erg traag en verschijnen er ongewenste internetberichten (in een apart scherm). Na zoeken kwam ik op deze site uit bij het onderwerp http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=219161. De problemen kwamen overeen en ik heb de instructies gevolgd die staan stonden t/m malwarebytes. Hier de logjes: Junkware Removal Tool (JRT) by Thisisu Version: 4.6.9 (03.06.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by ronaldk on zo 10-03-2013 at 17:03:25,19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] browser manager Successfully deleted: [Service] browser manager Successfully stopped: [Service] application updater Successfully deleted: [Service] application updater ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\searchsettings Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-206474922-3929276341-13090053-1000\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\application updater Successfully deleted: [Registry Key] hkey_local_machine\software\babylon Successfully deleted: [Registry Key] hkey_current_user\software\blabbers Successfully deleted: [Registry Key] hkey_current_user\software\browsercompanion Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion Failed to delete: [Registry Key] hkey_current_user\software\datamngr Failed to delete: [Registry Key] hkey_local_machine\software\datamngr Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\search settings Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\base64 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\chrome Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\prox Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tdataprotocol.ctdata Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tdataprotocol.ctdata.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\updatebho.timerbho Successfully deleted: [Registry Key] hkey_local_machine\software\classes\updatebho.timerbho.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wit4ie.witbho Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wit4ie.witbho.2 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00cbb66b-1d3b-46d3-9577-323a336acb50} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{00cbb66b-1d3b-46d3-9577-323a336acb50} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{963b125b-8b21-49a2-a3a8-e37092276531} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{963b125b-8b21-49a2-a3a8-e37092276531} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\browser manager" Successfully deleted: [Folder] "C:\ProgramData\fighters" Failed to delete: [Folder] "C:\ProgramData\ginyasbrowsercompanion" Failed to delete: [Folder] "C:\ProgramData\application data\ginyasbrowsercompanion" Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\ad on multimedia" Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\browsercompanion" Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\desktopicon" Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\fighters" Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\bbrs_002.tb" Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\pdfforge" Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\search settings" Successfully deleted: [Folder] "C:\Program Files\application updater" Successfully deleted: [Folder] "C:\Program Files\browsercompanion" Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar" Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot" ~~~ FireFox Successfully deleted: [File] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\bprotector_extensions.sqlite Successfully deleted: [File] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\bprotector_prefs.js Successfully deleted: [Folder] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\extensions\bbrs_002@blabbers.com Failed to delete: [Folder] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\extensions\wtxpcom@mybrowserbar.com Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df} Emptied folder: C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\minidumps [9 files] ~~~ Chrome Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgafcinpmmpklohkojmllohdhomoefph ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on zo 10-03-2013 at 17:11:23,09 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100 www.malwarebytes.org Databaseversie: v2013.03.22.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19019 ronaldk :: RONALDK-LAPTOP [administrator] Bescherming: Ingeschakeld 22-3-2013 16:03:27 mbam-log-2013-03-22 (16-03-27).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 227198 Verstreken tijd: 16 minuut/minuten, 22 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 5 HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Graag advies hoe nu verder te gaan, want het probleem lijkt nog niet te zijn opgeloste. groetjes, Ingeborg.
  • Graag de twee logs in één keer posten. [color=#FF0000:6aaeb5600f][b:6aaeb5600f]Stap •1•[/b:6aaeb5600f][/color:6aaeb5600f] [b:6aaeb5600f]Welk programma[/b:6aaeb5600f]: [color=#008000:6aaeb5600f][b:6aaeb5600f]AdwCleaner[/b:6aaeb5600f][/color:6aaeb5600f] [b:6aaeb5600f]Waarvoor/waarom[/b:6aaeb5600f]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:6aaeb5600f]Moeilijkheidsgraad[/b:6aaeb5600f]: Geen. [b:6aaeb5600f]Downloadlokatie[/b:6aaeb5600f]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:6aaeb5600f]Download[/b:6aaeb5600f]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][color=#FF0000:6aaeb5600f][b:6aaeb5600f]AdwCleaner by Xplode[/b:6aaeb5600f][/color:6aaeb5600f][/url]. [b:6aaeb5600f]Opmerkingen[/b:6aaeb5600f]: [list:6aaeb5600f]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:6aaeb5600f]Dat na opstarten van [b:6aaeb5600f]AdwCleaner[/b:6aaeb5600f] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:6aaeb5600f] [b:6aaeb5600f]AdwCleaner opstarten[/b:6aaeb5600f]: [list:6aaeb5600f][*:6aaeb5600f][b:6aaeb5600f][color=#0000FF:6aaeb5600f]Windows 2000[/color:6aaeb5600f][/b:6aaeb5600f] en [color=#0000FF:6aaeb5600f][b:6aaeb5600f]Windows XP[/b:6aaeb5600f][/color:6aaeb5600f]: dubbelklik op adwcleaner.exe. [*:6aaeb5600f][color=#0000FF:6aaeb5600f][b:6aaeb5600f]Windows Vista[/b:6aaeb5600f][/color:6aaeb5600f], [color=#0000FF:6aaeb5600f][b:6aaeb5600f]Windows 7[/b:6aaeb5600f][/color:6aaeb5600f] en [color=#0000FF:6aaeb5600f][b:6aaeb5600f]Windows 8[/b:6aaeb5600f][/color:6aaeb5600f]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:6aaeb5600f] [b:6aaeb5600f]AdwCleaner is opgestart[/b:6aaeb5600f]: [list:6aaeb5600f][*:6aaeb5600f]Klik op de knop [b:6aaeb5600f]Verwijderen[/b:6aaeb5600f] [*:6aaeb5600f]Klik bij [b:6aaeb5600f]AdwCleaner – Afsluiting van de programma's[/b:6aaeb5600f] op [b:6aaeb5600f]OK[/b:6aaeb5600f] [*:6aaeb5600f]Klik bij [b:6aaeb5600f]AdwCleaner – Herstarten noodzakelijk[/b:6aaeb5600f] op [b:6aaeb5600f]OK[/b:6aaeb5600f][/list:u:6aaeb5600f] [b:6aaeb5600f]AdwCleaner logbestand[/b:6aaeb5600f]: [list:6aaeb5600f][*:6aaeb5600f]Nadat de PC opnieuw is opgestart, opent een logfile. [*:6aaeb5600f]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:6aaeb5600f] [color=#FF0000:6aaeb5600f][b:6aaeb5600f]Stap •2•[/b:6aaeb5600f][/color:6aaeb5600f] Download [url=http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe][b:6aaeb5600f]RogueKiller[/b:6aaeb5600f][/url] naar je bureaublad. Sluit alle overige programma's. Start het programma. [b:6aaeb5600f][color=blue:6aaeb5600f]Windows Vista, Windows 7 en Windows 8 gebruikers -> rechtsklik uitvoeren als administrator[/b:6aaeb5600f][/color:6aaeb5600f] Wacht tot de 'Prescan' klaar is. Klik op [b:6aaeb5600f]scan[/b:6aaeb5600f] [img:6aaeb5600f]http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png[/img:6aaeb5600f] Wacht tot het einde van de scan. Een log wordt aangemaakt en geplaatst op het bureaublad. [b:6aaeb5600f][color=#008000:6aaeb5600f]Doe verder nog niks maar plaats eerst de inhoud van dat log in jouw volgende bericht.[/color:6aaeb5600f][/b:6aaeb5600f]
  • Hi Abraham, Dank voor je reactie. Acties zijn uitgevoerd en ik heb de volgende logjes. # AdwCleaner v2.115 - Verslag gemaakt op 23/03/2013 om 14:40:12 # Geactualiseerd op 17/03/2013 door Xplode # Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Gebruiker : ronaldk - RONALDK-LAPTOP # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\ronaldk\Downloads\adwcleaner (1).exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Verwijdert : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Verwijdert : C:\Users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk File Verwijdert : C:\Users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job Map Verwijdert : C:\Program Files\AVG Secure Search Map Verwijdert : C:\Program Files\OCS Map Verwijdert : C:\ProgramData\AVG Secure Search Map Verwijdert : C:\Users\ronaldk\AppData\Local\AVG Secure Search Map Verwijdert : C:\Users\ronaldk\AppData\Local\AVG Security Toolbar Map Verwijdert : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf Map Verwijdert : C:\Users\ronaldk\AppData\Local\PackageAware Map Verwijdert : C:\Users\ronaldk\AppData\LocalLow\AVG Secure Search Map Verwijdert : C:\Users\ronaldk\AppData\LocalLow\AVG Security Toolbar Map Verwijdert : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} Map Verwijdert : C:\Windows\system32\bProtectorForWindows Map Verwijdert : C:\Windows\system32\Browser Manager Verwijdert bij het opstarten : C:\Program Files\Common Files\AVG Secure Search Verwijdert bij het opstarten : C:\ProgramData\GinyasBrowserCompanion ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\59578fd1b56eba42 Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\pdfforge Sleutel Verwijdert : HKCU\Software\AVG Secure Search Sleutel Verwijdert : HKCU\Software\AVG Security Toolbar Sleutel Verwijdert : HKCU\Software\DataMngr Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKCU\Software\pdfforge Sleutel Verwijdert : HKCU\Software\Search Settings Sleutel Verwijdert : HKLM\SOFTWARE\59578fd1b56eba42 Sleutel Verwijdert : HKLM\Software\AVG Secure Search Sleutel Verwijdert : HKLM\Software\AVG Security Toolbar Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Sleutel Verwijdert : HKLM\Software\DataMngr Sleutel Verwijdert : HKLM\Software\GinyasBrowserCompanion Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Sleutel Verwijdert : HKLM\Software\pdfforge Sleutel Verwijdert : HKLM\Software\Search Settings Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Browsers] ***** -\\ Internet Explorer v8.0.6001.19019 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v16.0.1 (nl) File : C:\Users\ronaldk\AppData\Roaming\Mozilla\Firefox\Profiles\33cnnxka.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v25.0.1364.172 File : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[S1].txt - [381 octets] - [23/03/2013 14:37:48] AdwCleaner[S2].txt - [10786 octets] - [23/03/2013 14:40:12] ########## EOF - C:\AdwCleaner[S2].txt - [10847 octets] ########## RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ besturingssysteem : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Gestart vanuit : Normale modus Gebruiker : ronaldk [Administrator rechten] Modus : Scan -- Datum : 03/23/2013 15:06:37 | ARK || FAK || MBR | ¤¤¤ Kwaadaardige processen : 0 ¤¤¤ ¤¤¤ Register verwijzingen : 6 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> gevonden [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> gevonden [HJ] HKLM\[...]\System : EnableLUA (0) -> gevonden [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> gevonden [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden ¤¤¤ Speciale Files / Folders: ¤¤¤ ¤¤¤ Driver : [Geladen] ¤¤¤ ¤¤¤ HOSTS Bestand: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Controle: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++ --- User --- [MBR] 7f8c920ef524d73e4e0f13b69f6da472 [BSP] 542233c9b9232c8522bf58bc7eb5b0ca : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482875 | Size: 52234 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127459710 | Size: 52234 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Samsung G2 Portable +++++ --- User --- [MBR] 3dac689a20ee02be2b940a79556353c1 [BSP] 87d7a2399f0f8396abab0e0ad9840603 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2 | Size: 305245 Mo User = LL1 ... OK! Error reading LL2 MBR! Gereed : << RKreport[1]_S_03232013_02d1506.txt >> RKreport[1]_S_03232013_02d1506.txt groetjes, Ingeborg.
  • Je hoeft RogueKiller niet nogmaals te gebruiken. Wel wil ik graag weten waarom jij Gebruikersaccountbeheer hebt gedeactiveerd. We gaan verder kijken: [b:e610f3fe2f]Welk programma[/b:e610f3fe2f]: [color=#008000:e610f3fe2f][b:e610f3fe2f]ComboFix[/b:e610f3fe2f][/color:e610f3fe2f] [b:e610f3fe2f]Waarvoor/waarom[/b:e610f3fe2f]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:e610f3fe2f]Moeilijkheidsgraad[/b:e610f3fe2f]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:e610f3fe2f]Downloadlokatie[/b:e610f3fe2f]: Dit programma absoluut naar het bureaublad downloaden! [b:e610f3fe2f]Download ComboFix via één van deze locaties[/b:e610f3fe2f]: [list:e610f3fe2f][*:e610f3fe2f][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:e610f3fe2f]Bleepingcomputer[/b:e610f3fe2f][/url] [*:e610f3fe2f][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:e610f3fe2f]ForoSpyware[/b:e610f3fe2f][/url] [*:e610f3fe2f][url=http://subs.geekstogo.com/ComboFix.exe][b:e610f3fe2f]Geekstogo[/b:e610f3fe2f][/url][/list:u:e610f3fe2f] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:e610f3fe2f][color=#0000FF:e610f3fe2f]Hier[/color:e610f3fe2f][/b:e610f3fe2f][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:e610f3fe2f][color=#0000FF:e610f3fe2f]Hier[/color:e610f3fe2f][/b:e610f3fe2f][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:e610f3fe2f][color=#0000FF:e610f3fe2f]hier[/color:e610f3fe2f][/b:e610f3fe2f][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:e610f3fe2f]Opmerkingen[/b:e610f3fe2f]: [list:e610f3fe2f][*:e610f3fe2f] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:e610f3fe2f]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:e610f3fe2f] [b:e610f3fe2f]ComboFix opstarten[/b:e610f3fe2f]: [list:e610f3fe2f][*:e610f3fe2f][b:e610f3fe2f][color=#0000FF:e610f3fe2f]Windows 2000[/color:e610f3fe2f][/b:e610f3fe2f] en [color=#0000FF:e610f3fe2f][b:e610f3fe2f]Windows XP[/b:e610f3fe2f][/color:e610f3fe2f]: dubbelklik op ComboFix.exe. [*:e610f3fe2f][color=#0000FF:e610f3fe2f][b:e610f3fe2f]Windows Vista[/b:e610f3fe2f][/color:e610f3fe2f] en [color=#0000FF:e610f3fe2f][b:e610f3fe2f]Windows 7[/b:e610f3fe2f][/color:e610f3fe2f]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:e610f3fe2f] [b:e610f3fe2f]ComboFix is opgestart[/b:e610f3fe2f]: [list:e610f3fe2f][*:e610f3fe2f]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:e610f3fe2f]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:e610f3fe2f]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:e610f3fe2f]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:e610f3fe2f]Post de inhoud van dit logbestand in je volgende bericht. [*:e610f3fe2f]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:e610f3fe2f] [b:e610f3fe2f]Belangrijke opmerking[/b:e610f3fe2f]: [list:e610f3fe2f][*:e610f3fe2f][b:e610f3fe2f][color=#0000FF:e610f3fe2f]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:e610f3fe2f][/b:e610f3fe2f] [*:e610f3fe2f][b:e610f3fe2f][color=#FF0000:e610f3fe2f]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:e610f3fe2f][/b:e610f3fe2f] [*:e610f3fe2f][b:e610f3fe2f][color=#008000:e610f3fe2f]Start dan de computer opnieuw op.[/color:e610f3fe2f][/b:e610f3fe2f][/list:u:e610f3fe2f]
  • Ik heb Combofix geïnstalleerd en gestart volgens de procedure. Kreeg tussentijds nog wel een melding van AVG ondanks dat ik deze heb uitgeschakeld. Programma toegestaan en melding gsloten. Combofix draait nu al 1.5 uur en er staat alleen nog de eerste melding in het blauwe scherm. Klopt dit wel? groetjes Ingeborg.
  • Waarom het gebrukersaccountbeheer stond uitgeschakeld heb ik geen idee van. Ik heb deze laptop langdurig in bruikleen van mijn broer en vermoed dat hij dit gedaan heeft. Ik heb hem inmiddels weer ingeschakeld.
  • Hallo Ingeborg, verwijder ComboFix maar van het bureaublad en leeg vervolgens de prullenbak. Start je notebook dan opnieuw op naar Veilige modus met netwerkmogelijkheid. http://users.telenet.be/marcvn/spyware/veilige-modus.html Download vervolgens ComboFix opnieuw en start dan de scan. [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][color=#FF0000:c08a3c82a0][b:c08a3c82a0]Bleepingcomputer[/b:c08a3c82a0][/color:c08a3c82a0][/url] Post aansluitend de inhoud van het log.
  • Als een zonnetje via de veilige modus. Hier de logggegevens: ComboFix 13-03-24.03 - ronaldk 25-03-2013 9:37.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.1556 [GMT 1:00] Gestart vanuit: c:\users\ronaldk\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\ronaldk\AppData\Local\assembly\tmp c:\windows\security\Database\tmp.edb c:\windows\system32\html c:\windows\system32\html\calendar.html c:\windows\system32\html\calendarbottom.html c:\windows\system32\html\calendartop.html c:\windows\system32\html\crystalexportdialog.htm c:\windows\system32\html\crystalprinthost.html c:\windows\system32\images c:\windows\system32\images\toolbar\calendar.gif c:\windows\system32\images\toolbar\crlogo.gif c:\windows\system32\images\toolbar\export.gif c:\windows\system32\images\toolbar\export_over.gif c:\windows\system32\images\toolbar\exportd.gif c:\windows\system32\images\toolbar\First.gif c:\windows\system32\images\toolbar\first_over.gif c:\windows\system32\images\toolbar\Firstd.gif c:\windows\system32\images\toolbar\gotopage.gif c:\windows\system32\images\toolbar\gotopage_over.gif c:\windows\system32\images\toolbar\gotopaged.gif c:\windows\system32\images\toolbar\grouptree.gif c:\windows\system32\images\toolbar\grouptree_over.gif c:\windows\system32\images\toolbar\grouptreed.gif c:\windows\system32\images\toolbar\grouptreepressed.gif c:\windows\system32\images\toolbar\Last.gif c:\windows\system32\images\toolbar\last_over.gif c:\windows\system32\images\toolbar\Lastd.gif c:\windows\system32\images\toolbar\Next.gif c:\windows\system32\images\toolbar\next_over.gif c:\windows\system32\images\toolbar\Nextd.gif c:\windows\system32\images\toolbar\Prev.gif c:\windows\system32\images\toolbar\prev_over.gif c:\windows\system32\images\toolbar\Prevd.gif c:\windows\system32\images\toolbar\print.gif c:\windows\system32\images\toolbar\print_over.gif c:\windows\system32\images\toolbar\printd.gif c:\windows\system32\images\toolbar\Refresh.gif c:\windows\system32\images\toolbar\refresh_over.gif c:\windows\system32\images\toolbar\refreshd.gif c:\windows\system32\images\toolbar\Search.gif c:\windows\system32\images\toolbar\search_over.gif c:\windows\system32\images\toolbar\searchd.gif c:\windows\system32\images\toolbar\up.gif c:\windows\system32\images\toolbar\up_over.gif c:\windows\system32\images\toolbar\upd.gif c:\windows\system32\images\tree\begindots.gif c:\windows\system32\images\tree\beginminus.gif c:\windows\system32\images\tree\beginplus.gif c:\windows\system32\images\tree\blank.gif c:\windows\system32\images\tree\blankdots.gif c:\windows\system32\images\tree\dots.gif c:\windows\system32\images\tree\lastdots.gif c:\windows\system32\images\tree\lastminus.gif c:\windows\system32\images\tree\lastplus.gif c:\windows\system32\images\tree\Magnify.gif c:\windows\system32\images\tree\minus.gif c:\windows\system32\images\tree\minusbox.gif c:\windows\system32\images\tree\plus.gif c:\windows\system32\images\tree\plusbox.gif c:\windows\system32\images\tree\singleminus.gif c:\windows\system32\images\tree\singleplus.gif . . (((((((((((((((((((( Bestanden Gemaakt van 2013-02-25 to 2013-03-25 )))))))))))))))))))))))))))))) . . 2013-03-25 08:50 . 2013-03-25 08:52 -------- d-----w- c:\users\ronaldk\AppData\Local\temp 2013-03-25 08:50 . 2013-03-25 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-23 13:28 . 2013-03-23 13:35 -------- d-----w- c:\program files\PrintKey2000 2013-03-22 13:46 . 2013-03-22 13:46 -------- d-----w- c:\users\ronaldk\AppData\Roaming\Malwarebytes 2013-03-22 13:44 . 2013-03-22 13:44 -------- d-----w- c:\programdata\Malwarebytes 2013-03-22 13:44 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-22 13:44 . 2013-03-22 13:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-10 15:09 . 2013-03-10 15:09 -------- d-----w- c:\windows\ERUNT 2013-03-10 15:09 . 2013-03-10 15:09 -------- d-----w- C:\JRT . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-17 09:31 . 2012-05-03 16:20 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-17 09:31 . 2011-06-07 08:50 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-19 06:42 . 2012-09-04 16:19 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-12 00:39 . 2012-10-12 00:38 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752] "PrestigoSync"="d:\program files\Philips\PrestigoSync\1.0.15.0\PSDetectorLauncher.exe" [2009-02-06 455544] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "STO Backup Service"="c:\program files\SmarThru Office\BackUpSvr.exe" [2009-07-01 184320] "STO Launcher Service"="c:\program files\SmarThru Office\LegacyLauncher.exe" [2009-07-01 331776] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-23 614400] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390712] "SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-20 2536752] "TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5459136] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\ronaldk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-30 719664] Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2013-3-23 869376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x] R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ECACHE *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-17 08:35 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 09:31] . 2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-11 17:34] . 2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-11 17:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://nl.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: Afbeelding van selectie - c:\program files\SmarThru Office\WebCapture.dll2.htm IE: Capture Selection - c:\program files\SmarThru Office\WebCapture.dll2.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Geselecteerde tekst opslaan - c:\program files\SmarThru Office\WebCapture.dll.htm IE: Opslaan als HTML - c:\program files\SmarThru Office\WebCapture.dll1.htm IE: Save as HTML - c:\program files\SmarThru Office\WebCapture.dll1.htm IE: Save Selected Text - c:\program files\SmarThru Office\WebCapture.dll.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Web Capture - c:\program files\SmarThru Office\WebCapture.dll TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\ronaldk\AppData\Roaming\Mozilla\Firefox\Profiles\33cnnxka.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p= FF - ExtSQL: !HIDDEN! 2009-07-09 10:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe AddRemove-Aangifte inkomstenbelasting 2011 - c:\users\ronaldk\Dropbox\Zaak\Administratie\2011\ib2011u.exe AddRemove-LSI Soft Modem - c:\windows\agrsmdel AddRemove-UPC Fiber Power Optimizer - c:\programdata\{27B0A538-DF16-44D6-820D-D0B042C42C20}\upc optimizer.exe AddRemove-{631141AD-79AA-447F-B403-21C704D39B8C} - c:\programdata\{27B0A538-DF16-44D6-820D-D0B042C42C20}\upc optimizer.exe AddRemove-{A2B58B18-5D04-4006-9713-B6945880746E} - c:\users\ronaldk\AppData\Local\{65B1AA84-C1DF-4A2E-A28C-E242BD7DE4B3}\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-25 09:52 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(628) c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll c:\program files\Pure Networks\Network Magic\nmrsrc.dll c:\program files\Common Files\Intel\WirelessCommon\PsRegApi.dll c:\program files\Common Files\Intel\WirelessCommon\CustomUIResource.dll c:\program files\Intel\WiFi\bin\LangResources\NLD\iPCPlNLD.dll . Voltooingstijd: 2013-03-25 09:56:26 ComboFix-quarantined-files.txt 2013-03-25 08:56 . Pre-Run: 2.588.438.528 bytes beschikbaar Post-Run: 2.703.847.424 bytes beschikbaar . - - End Of File - - 5824C620937507A1BD3C03FAB18AB7CD
  • Laat nu eerst weten hoe het inmiddels met jouw Windows gaat.
  • Mwah, niet echt om over naar huis te schrijven. Google Chrome werkte niet meer, heb ik inmiddels verwijderd en zit nu via internet explorer. Vanuit Adobe probeer ik nu te printen (snelknop) en deze loopt vast. Deze problemen had ik voorheen niet. Ik ga opnieuw opstarten en kijken wat er dan gebeurt.
  • Heeft het heropstarten inmiddels geholpen? Chrome kan je overigens herinstalleren. [b:dcdd288008][url=http://www.eset.com/home/products/online-scanner/][color=#FF0000:dcdd288008]Doe de ESET online scan (Klik).[/color:dcdd288008][/url][/b:dcdd288008] [list:dcdd288008] [*:dcdd288008]Klik op de knop [b:dcdd288008][color=#0000FF:dcdd288008]ESET Online Scanner[/color:dcdd288008][/b:dcdd288008] [*:dcdd288008]Zet een vinkje bij [b:dcdd288008][color=#008000:dcdd288008]YES, I accept the Terms of Use[/color:dcdd288008][/b:dcdd288008] [*:dcdd288008]Klik op [b:dcdd288008][color=#0000FF:dcdd288008]Start[/color:dcdd288008][/b:dcdd288008] [*:dcdd288008][b:dcdd288008][color=#008000:dcdd288008]Sta het ActiveX control toe om te installeren.[/color:dcdd288008][/b:dcdd288008] [*:dcdd288008]Zet een vinkje bij de volgende opties: [list:dcdd288008][*:dcdd288008][b:dcdd288008][color=#0000FF:dcdd288008]Remove found threats[/color:dcdd288008][/b:dcdd288008] [*:dcdd288008][b:dcdd288008][color=#0000FF:dcdd288008]Scan archives[/color:dcdd288008][/b:dcdd288008][/list:u:dcdd288008] [*:dcdd288008]Klik vervolgens op [b:dcdd288008][color=#008000:dcdd288008]Advanced Settings[/color:dcdd288008][/b:dcdd288008] [list:dcdd288008][*:dcdd288008][b:dcdd288008][color=#0000FF:dcdd288008]Scan for potentially unwanted applications[/color:dcdd288008][/b:dcdd288008] [*:dcdd288008][b:dcdd288008][color=#0000FF:dcdd288008]Scan for potentially unsafe applications[/color:dcdd288008][/b:dcdd288008] [*:dcdd288008][b:dcdd288008][color=#0000FF:dcdd288008]Enable Anti-Stealth technology[/color:dcdd288008] [/b:dcdd288008][/list:u:dcdd288008] [*:dcdd288008]Klik op [b:dcdd288008][color=#008000:dcdd288008]Start[/color:dcdd288008][/b:dcdd288008][/list:u:dcdd288008] [list:dcdd288008][*:dcdd288008]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld. [*:dcdd288008]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is. [*:dcdd288008]Ga vervolgens naar [color=#0000FF:dcdd288008][b:dcdd288008]C:\Program Files\ESET\ESET Online Scanner[/b:dcdd288008][/color:dcdd288008] en klik daar op [b:dcdd288008][color=#008000:dcdd288008]log.txt[/color:dcdd288008][/b:dcdd288008] [*:dcdd288008]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht. [*:dcdd288008][b:dcdd288008][color=#008000:dcdd288008]Notabene:[/color:dcdd288008][color=#0000FF:dcdd288008] deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/color:dcdd288008][/b:dcdd288008][/list:u:dcdd288008]
  • Wederom bedankt voor je hulp en antwoord. Hierbij de log van Eset. ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ade6f7bf19dc334aad07a00b9e1efc64 # engine=13497 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-03-27 11:13:56 # local_time=2013-03-28 12:13:56 (+0100, West-Europa (standaardtijd)) # country="Netherlands" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1039 16777213 100 99 29272 51556420 0 0 # compatibility_mode=5892 16776574 100 100 93335843 201958764 0 0 # scanned=260417 # found=6 # cleaned=6 # scan_time=17005 sh=2FA20142767ADFA3D34FD2B8408069CD5DC6D107 ft=1 fh=aaac964b3323feac vn="Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\ronaldk\Downloads\installer_ccleaner_Dutch.exe" sh=C9BB19324790C4367F9D9D0CB0EB4C926943D1E8 ft=1 fh=87fc7a750880b3cd vn="a variant of Win32/MessengerPlus.A application (deleted - quarantined)" ac=C fn="C:\Users\ronaldk\Downloads\Setup.exe" sh=9FF44FBC3631DEE8E084C1F7B3C798A9826EBD28 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Toolbar.Widgi application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\50cb752.msi" sh=EC3AC8118C371C72085D2594714DD0C2E0F8EA2C ft=1 fh=3f56712372ca3f9c vn="Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5FB3.tmp" sh=A17BF4722A7BE0C41D706C21FA97F1DB0A18CE33 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="D:\Downloads\W\AInDesign CS5.rar" sh=EE12993C42E6A6D7E1B4D76C51306E0BB91AC4AE ft=0 fh=0000000000000000 vn="Win32/TrojanDropper.Agent.PUJ trojan (deleted - quarantined)" ac=C fn="D:\Downloads\W\Microsoft Office 2010 Professional+ 32bit (AKTIVATED)\MS-Office-2010.iso"
  • Vertel nu hoe jouw Windows inmiddels draait.
  • Ik heb het even aangekeken en heb het idee dat alles weer werkt zoals het zou moeten werken. Geen rare pop-up sites meer en geen rare meldingen. Dank voor al je hulp, chapeau voor je kennis en dat je hiermee anderen belangeloos wilt helpen. Je zult me vast snel terugzien, want heb nog een PC die niet lekker werkt en vast en zeker een opschoning kan gebruiken. Heb de laatste week iedere keer dat internet (LAN) het niet doet (bij andere PC's wel) en pas weer gaat werken na het restarten van de router. Wil je dat ik hier een nieuw topic voor open?

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.