Vraag & Antwoord

Beveiliging & privacy

Met MBAM al 172 bedreigingen verwijderd

15 antwoorden
  • Na een paar maanden heeft miijn zoon MBAM eens opgestart. Hij vond dat de computer langzamer werd. MBAM heeft 172 itens verwijderd. Hier is de logfile: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 WinOS :: WINOS-PC [administrator] 8/12/2013 12:26:02 PM mbam-log-2013-08-12 (12-26-02).txt Scan type: Full scan (C:\|D:\|E:\|H:\|I:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 527292 Time elapsed: 40 minute(s), 47 second(s) Memory Processes Detected: 4 C:\Program Files (x86)\WDesktop.Updater.exe (PUP.Optional.WebCake.A) -> 2128 -> Delete on reboot. C:\Users\WinOS\AppData\Roaming\Web Cake\WebCakeDesktop.exe (PUP.WebCake.A) -> 2852 -> Delete on reboot. C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (PUP.Optional.BrowserDefender.A) -> 1808 -> Delete on reboot. C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (PUP.Optional.BrowserDefender.A) -> 5548 -> Delete on reboot. Memory Modules Detected: 1 C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BrowserDefender.A) -> Delete on reboot. Registry Keys Detected: 48 HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. HKCR\WebCakeIEClient.Layers.1 (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. HKCR\WebCakeIEClient.Layers (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. HKCR\CLSID\{BD53CB8C-E452-B632-313E-B49FC195CC5F} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD53CB8C-E452-B632-313E-B49FC195CC5F} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BD53CB8C-E452-B632-313E-B49FC195CC5F} (PUP.Optional.MultiPlug.A) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD53CB8C-E452-B632-313E-B49FC195CC5F} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully. HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\delta.deltaappCore.1 (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\delta.deltaappCore (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKCR\d (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB03EF39-C655-D560-FA95-79182B837D64} (PUP.Optional.SilentInstall.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully. HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully. HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Quarantined and deleted successfully. HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Quarantined and deleted successfully. HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Quarantined and deleted successfully. HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. Registry Values Detected: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake.A) -> Data: C:\Users\WinOS\AppData\Roaming\Movdap\WebCakeDesktop.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Trojan.Agent) -> Data: C:\Users\WinOS\AppData\Roaming\svchost.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bad: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) Good: () -> Delete on reboot. Folders Detected: 18 C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> Quarantined and deleted successfully. C:\ProgramData\MagniPic\data (PUP.Adware.Magnipic) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake\dat (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake\dat\update (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\Delta (PUP.Optional.Delta) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5\bh (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. Files Detected: 97 C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BrowserDefender.A) -> Delete on reboot. C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (Adware.BProtector) -> Delete on reboot. C:\Program Files (x86)\WDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Delete on reboot. C:\Users\WinOS\AppData\Roaming\Web Cake\WebCakeDesktop.exe (PUP.WebCake.A) -> Delete on reboot. C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (PUP.Optional.BrowserDefender.A) -> Delete on reboot. C:\Users\WinOS\AppData\Roaming\Movdap\WebCakeDesktop.exe (PUP.WebCake.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Web Cake\WebCakeIEClient.dll (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully. C:\ProgramData\MagniPic\51a89c9c30108.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltasrv.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\ieutil.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully. C:\Program Files (x86)\Activision\CoD 2.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaApp.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaEng.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully. C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (PUP.Browser.Defender.A) -> Delete on reboot. C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Browser.Defender.A) -> Delete on reboot. C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Delete on reboot. C:\ProgramData\MagniPic\uninstall.exe (PUP.Optional.SilentInstall.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\Temporary\ieutil.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\3388.tmp (Trojan.PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\3CD3.tmp (PUP.Babylon.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\8132.tmp (PUP.Browser.Defender.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\EA6.tmp (PUP.Browser.Defender.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\3D0F253B-BAB0-7891-B36A-3CE759BE56A2\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\Temp1_Malwarebytes Anti-Malware 1.75.0.1300 Pro Final + Keygen - Cyclonoid.zip\Malwarebytes Anti-Malware 1.75.0.1300 Pro Final + Keygen - Cyclonoid\Keygen\w00t.exe (Dont.Steal.Our.Software) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\updCE75\BabMaint.x (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\updEA3D\BabMaint.x (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Local\Temp\{083105EB-A8E8-4165-A38E-E0CAD3D2271D}\Addons\magnipic_setup.exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\File Scout\filescout.exe (Trojan.PUP.Optional.FileScout.A) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\2 Need for Speed Shift 2 - Unleashed v1.0 +5 TRAINER.rar (HackTool.GamesCheat) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\CoD 2 Public.zip (Backdoor.IRCBot) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\CoD2 ClientHook..rar (PasswordStealer.Agent) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\COD2Bot by Pisti (1).rar (Trojan.Agent.H) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\COD2Bot by Pisti.rar (Trojan.Agent.H) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\CoD2PublicLudixBot.rar (Trojan.Agent.H) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\CoD2_hwbp.rar (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\Dead_Space_3_1.0_+_28_Trainer.rar (HackTool.GamesCheat) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\FCry3+21Tr-LNG.rar (VirTool.Obfuscator) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\GuitarFX-setup (1).zip (Adware.RKN) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\Malwarebytes Anti-Malware 1.75.0.1300 Pro Final + Keygen - Cyclonoid.zip (Dont.Steal.Our.Software) -> Delete on reboot. C:\Users\WinOS\Downloads\SleepD+15TR-LNG_V1.4_Alternate.rar (VirTool.Obfuscator) -> Quarantined and deleted successfully. C:\Users\WinOS\Downloads\SoftonicDownloader_for_tuxguitar.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully. D:\Dead Space 3 1.0 + 28 Trainer.exe (HackTool.GamesCheat) -> Quarantined and deleted successfully. D:\Games\Dirt 3\paul.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully. D:\Games\Dirt 3\SKIDROW.dll (Trojan.Downloader.H) -> Quarantined and deleted successfully. D:\Games\Dirt 3\new\paul.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully. D:\Games\Dirt 3\new\SKIDROW.dll (Trojan.Downloader.H) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\ProgramData\MagniPic\51a89c9c30108.tlb (PUP.Adware.Magnipic) -> Quarantined and deleted successfully. C:\ProgramData\MagniPic\settings.ini (PUP.Adware.Magnipic) -> Quarantined and deleted successfully. C:\ProgramData\MagniPic\data\MagniPic.dat (PUP.Adware.Magnipic) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake\PlugIns.cache (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake\dat\Desktop.OS.dll (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake\dat\Maintain.dat (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake\dat\Paladin.dat (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\WebCake\dat\Phoenix.dat (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\WinOS\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5\GUninstaller.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Delta\delta\1.8.21.5\uninstall.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. (end) Zou iemand mij hier eens verder mee willen helpen? MVG perloc
  • Het is allemaal vervelende adaware. Bovendien kan al die troep Windows vetragen - maar dito ook de internetverbinding! [color=#008000:4d17724f76][b:4d17724f76]Stap •1•[/b:4d17724f76][/color:4d17724f76] [b:4d17724f76]Welk programma[/b:4d17724f76]: [img:4d17724f76]http://www.imgdumper.nl/uploads7/51e27edfbcfc0/51e27edfbcbdc-AdwCleaner_icon_Canned_1349013334.jpg[/img:4d17724f76][color=#008000:4d17724f76][b:4d17724f76] AdwCleaner[/b:4d17724f76][/color:4d17724f76] [b:4d17724f76]Waarvoor/waarom[/b:4d17724f76]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:4d17724f76]Moeilijkheidsgraad[/b:4d17724f76]: Geen. [b:4d17724f76]Downloadlokatie[/b:4d17724f76]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:4d17724f76]Download[/b:4d17724f76]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][b:4d17724f76]AdwCleaner by Xplode[/b:4d17724f76][/url]. [b:4d17724f76]Opmerkingen[/b:4d17724f76]: [list:4d17724f76]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:4d17724f76]Dat na opstarten van [b:4d17724f76]AdwCleaner[/b:4d17724f76] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:4d17724f76] [b:4d17724f76]AdwCleaner opstarten[/b:4d17724f76]: [list:4d17724f76][*:4d17724f76][b:4d17724f76][color=#0000FF:4d17724f76]Windows 2000[/color:4d17724f76][/b:4d17724f76] en [color=#0000FF:4d17724f76][b:4d17724f76]Windows XP[/b:4d17724f76][/color:4d17724f76]: dubbelklik op adwcleaner.exe. [*:4d17724f76][color=#0000FF:4d17724f76][b:4d17724f76]Windows Vista[/b:4d17724f76][/color:4d17724f76], [color=#0000FF:4d17724f76][b:4d17724f76]Windows 7[/b:4d17724f76][/color:4d17724f76] en [color=#0000FF:4d17724f76][b:4d17724f76]Windows 8[/b:4d17724f76][/color:4d17724f76]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:4d17724f76] [b:4d17724f76]AdwCleaner is opgestart[/b:4d17724f76]: [list:4d17724f76][*:4d17724f76]Klik op de knop [b:4d17724f76]Verwijderen[/b:4d17724f76] [*:4d17724f76]Klik bij [b:4d17724f76]AdwCleaner – Afsluiting van de programma's[/b:4d17724f76] op [b:4d17724f76]OK[/b:4d17724f76] [*:4d17724f76]Klik bij [b:4d17724f76]AdwCleaner – Herstarten noodzakelijk[/b:4d17724f76] op [b:4d17724f76]OK[/b:4d17724f76][/list:u:4d17724f76] [b:4d17724f76]AdwCleaner logbestand[/b:4d17724f76]: [list:4d17724f76][*:4d17724f76]Nadat de PC opnieuw is opgestart, opent een logfile. [*:4d17724f76]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:4d17724f76] [color=#008000:4d17724f76][b:4d17724f76]Stap •2•[/b:4d17724f76][/color:4d17724f76] [b:4d17724f76]Welk programma[/b:4d17724f76]: [img:4d17724f76]http://www.imgdumper.nl/uploads7/51e281a62c587/51e281a62c183-Junkware_Removal_Tool_icon_Canned_1351185104.png.jpg[/img:4d17724f76][color=#008000:4d17724f76][b:4d17724f76] Junkware Removal Tool by Thisisu[/b:4d17724f76][/color:4d17724f76] [b:4d17724f76]Waarvoor/waarom[/b:4d17724f76]: Scanner om Windows o.a. te ontdoen van malafide toolbars. [b:4d17724f76]Moeilijkheidsgraad[/b:4d17724f76]: Geen. [b:4d17724f76]Downloadlokatie[/b:4d17724f76]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:4d17724f76]Download[/b:4d17724f76]: [url=http://thisisudax.org/downloads/JRT.exe][b:4d17724f76]JRT.exe[/b:4d17724f76][/url]. [b:4d17724f76]Opmerkingen[/b:4d17724f76]: [list:4d17724f76][*:4d17724f76]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:4d17724f76]Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.: [*:4d17724f76][url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:4d17724f76][color=#0000FF:4d17724f76]Hier[/color:4d17724f76][/b:4d17724f76][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:4d17724f76][color=#0000FF:4d17724f76]hier[/color:4d17724f76][/b:4d17724f76][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [*:4d17724f76]Dat tijdens de scan van [b:4d17724f76]JRT.exe[/b:4d17724f76] tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.[/list:u:4d17724f76] [b:4d17724f76]Junkware Removal Tool by Thisisu opstarten[/b:4d17724f76]: [list:4d17724f76][*:4d17724f76][b:4d17724f76][color=#0000FF:4d17724f76]Windows 2000[/color:4d17724f76][/b:4d17724f76] en [color=#0000FF:4d17724f76][b:4d17724f76]Windows XP[/b:4d17724f76][/color:4d17724f76]: dubbelklik op [b:4d17724f76]JRT.exe[/b:4d17724f76]. [*:4d17724f76][color=#0000FF:4d17724f76][b:4d17724f76]Windows Vista[/b:4d17724f76][/color:4d17724f76], [color=#0000FF:4d17724f76][b:4d17724f76]Windows 7[/b:4d17724f76][/color:4d17724f76] en [color=#0000FF:4d17724f76][b:4d17724f76]Windows 8[/b:4d17724f76][/color:4d17724f76]: via rechtsklik op [b:4d17724f76]JRT.exe[/b:4d17724f76] en kies voor "Als Administrator uitvoeren". [*:4d17724f76][b:4d17724f76]JRT.exe[/b:4d17724f76] zal daarna Windows gaan scannen. [*:4d17724f76]Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig. [*:4d17724f76]Indien de scan voltooid is, zal een logje ([b:4d17724f76]JRT.txt[/b:4d17724f76]) op het bureaublad opgeslagen worden en automatisch openen. [*:4d17724f76]Post de inhoud van dit log in je volgende bericht.[/list:u:4d17724f76] [color=#008000:4d17724f76][b:4d17724f76]Stap •3•[/b:4d17724f76][/color:4d17724f76] [b:4d17724f76]Welk programma[/b:4d17724f76]: [img:4d17724f76]http://www.imgdumper.nl/uploads7/51f8d0367469c/51f8d03670fd5-RogueKiller_icon_Canned_def.jpg[/img:4d17724f76][color=#008000:4d17724f76][b:4d17724f76] RogueKiller[/b:4d17724f76][/color:4d17724f76] [b:4d17724f76]Waarvoor/waarom[/b:4d17724f76]: gratis specialistische scanner om lopende processen te scannen en om malware processen te kunnen uitschakelen. [b:4d17724f76]Moeilijkheidsgraad[/b:4d17724f76]: geen. [b:4d17724f76]Download: [url=http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe]RogueKiller 32 bit (x86)[/url] of [url=http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe]RogueKiller 64 bit (x64)[/url][/b:4d17724f76] [b:4d17724f76]RogueKiller opstarten[/b:4d17724f76]: [list:4d17724f76][*:4d17724f76]Sluit nu eerst alle nog openstaande programmavensters! [*:4d17724f76][b:4d17724f76][color=#0000FF:4d17724f76]Windows 2000[/color:4d17724f76][/b:4d17724f76] en [color=#0000FF:4d17724f76][b:4d17724f76]Windows XP[/b:4d17724f76][/color:4d17724f76]: dubbelklik op RogueKiller.exe. [*:4d17724f76][color=#0000FF:4d17724f76][b:4d17724f76]Windows Vista[/b:4d17724f76][/color:4d17724f76], [color=#0000FF:4d17724f76][b:4d17724f76]Windows 7[/b:4d17724f76][/color:4d17724f76] en [color=#0000FF:4d17724f76][b:4d17724f76]Windows 8[/b:4d17724f76][/color:4d17724f76]: rechtsklik op RogueKiller.exe en dan kiezen voor Als Administrator uitvoeren.[/list:u:4d17724f76] [b:4d17724f76]Scannen[/b:4d17724f76]: [list][*][b:4d17724f76]Sluit voordat RogueKiller gaat scannen, eerst alle andere openstaande vensters![/b:4d17724f76] [*]Na opstarten begint RogueKiller meteen een pre-scan, dus wacht tot de scan klaar is. [*]Let op - activeer de volgende opties in RogueKiller: [list:4d17724f76] [*:4d17724f76] MBR Scan [*:4d17724f76] Check Faked [*:4d17724f76] Anti-Rootkit[/list:u:4d17724f76]
  • Dank voor antwoord. Hier zijn de logs: # AdwCleaner v2.306 - Logfile created 08/12/2013 at 14:06:54 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : WinOS - WINOS-PC # Boot Mode : Normal # Running from : C:\Users\WinOS\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** Stopped & Deleted : BrowserProtect ***** [Files / Folders] ***** File Deleted : C:\Users\WinOS\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data File Deleted : C:\Users\WinOS\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 3.1\XNA Game Studio Documentation.lnk Folder Deleted : C:\Program Files (x86)\delta Folder Deleted : C:\Program Files (x86)\MagniPic Folder Deleted : C:\Program Files (x86)\WebCake Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\BrowserProtect Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagniPic Folder Deleted : C:\Users\WinOS\AppData\LocalLow\Conduit Folder Deleted : C:\Users\WinOS\AppData\LocalLow\delta Folder Deleted : C:\Users\WinOS\AppData\LocalLow\MagniPic Folder Deleted : C:\Users\WinOS\AppData\Roaming\file scout Folder Deleted : C:\Users\WinOS\Documents\optimizer pro ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\filescout Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\PrivitizeVPNInstallDates Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\5e578dd9b33abf48 Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\SOFTWARE\Wow6432Node\5e578dd9b33abf48 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=120695&tt=gc_&babsrc=HP_ss_din2g&mntrId=5AC0BC5FF40F4C71 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=120695&tt=gc_&babsrc=NT_ss&mntrId=5AC0BC5FF40F4C71 --> hxxp://www.google.com -\\ Google Chrome v [Unable to get version] File : C:\Users\WinOS\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.25] : keyword = "babylon.com", Deleted [l.29] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=120695&tt=gc_&babsrc=SP_ss&m[...] ************************* AdwCleaner[S1].txt - [8006 octets] - [12/08/2013 14:06:54] ########## EOF - C:\AdwCleaner[S1].txt - [8066 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.4 (08.12.2013:1) OS: Windows 7 Ultimate x64 Ran by WinOS on Mon 08/12/2013 at 14:12:31.73 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\WinOS\AppData\Roaming\web cake" Successfully deleted: [Folder] "C:\Users\WinOS\appdata\local\cre" Successfully deleted: [Folder] "C:\Program Files (x86)\web cake" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 08/12/2013 at 14:16:06.53 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : WinOS [Admin rights] Mode : Scan -- Date : 08/12/2013 14:22:31 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][SUSP PATH] EPUpdater : C:\Users\WinOS\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++ --- User --- [MBR] 6021908a6e7b0308b8b2319296b3c199 [BSP] 42238629aa0d8fd745762ba29ed5e511 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 66457 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 136311586 | Size: 410381 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08122013_142231.txt >> RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : WinOS [Admin rights] Mode : Remove -- Date : 08/12/2013 14:22:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][SUSP PATH] EPUpdater : C:\Users\WinOS\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++ --- User --- [MBR] 6021908a6e7b0308b8b2319296b3c199 [BSP] 42238629aa0d8fd745762ba29ed5e511 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 66457 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 136311586 | Size: 410381 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_08122013_142247.txt >> RKreport[0]_S_08122013_142231.txt perloc
  • Goed gedaan. We kijken nogmaals diep. [b:e622570e59]Welk programma[/b:e622570e59]: [img:e622570e59]http://www.imgdumper.nl/uploads6/51c590ce3cf4a/51c590ce361e7-ComboFix_resized_2.png[/img:e622570e59][color=#008000:e622570e59][b:e622570e59] ComboFix[/b:e622570e59][/color:e622570e59] [b:e622570e59]Waarvoor/waarom[/b:e622570e59]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:e622570e59]Moeilijkheidsgraad[/b:e622570e59]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:e622570e59]Downloadlokatie[/b:e622570e59]: Dit programma absoluut naar het bureaublad downloaden! [b:e622570e59]Download ComboFix via één van deze locaties[/b:e622570e59]: [list:e622570e59][*:e622570e59][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:e622570e59]Bleepingcomputer[/b:e622570e59][/url] [*:e622570e59][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:e622570e59]ForoSpyware[/b:e622570e59][/url] [*:e622570e59][url=http://subs.geekstogo.com/ComboFix.exe][b:e622570e59]Geekstogo[/b:e622570e59][/url][/list:u:e622570e59] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:e622570e59][color=#0000FF:e622570e59]Hier[/color:e622570e59][/b:e622570e59][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:e622570e59][color=#0000FF:e622570e59]Hier[/color:e622570e59][/b:e622570e59][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:e622570e59][color=#0000FF:e622570e59]hier[/color:e622570e59][/b:e622570e59][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:e622570e59]Opmerkingen[/b:e622570e59]: [list:e622570e59][*:e622570e59] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:e622570e59]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:e622570e59] [b:e622570e59]ComboFix opstarten[/b:e622570e59]: [list:e622570e59][*:e622570e59][b:e622570e59][color=#0000FF:e622570e59]Windows 2000[/color:e622570e59][/b:e622570e59] en [color=#0000FF:e622570e59][b:e622570e59]Windows XP[/b:e622570e59][/color:e622570e59]: dubbelklik op ComboFix.exe.[/list:u:e622570e59] [b:e622570e59]ComboFix is opgestart[/b:e622570e59]: [list:e622570e59][*:e622570e59]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:e622570e59]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:e622570e59]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:e622570e59]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:e622570e59]Post de inhoud van dit logbestand in je volgende bericht. [*:e622570e59]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:e622570e59] [b:e622570e59]Belangrijke opmerking[/b:e622570e59]: [list:e622570e59][*:e622570e59][b:e622570e59][color=#0000FF:e622570e59]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:e622570e59][/b:e622570e59] [*:e622570e59][b:e622570e59][color=#FF0000:e622570e59]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:e622570e59][/b:e622570e59] [*:e622570e59][b:e622570e59][color=#008000:e622570e59]Start dan de computer opnieuw op.[/color:e622570e59][/b:e622570e59][/list:u:e622570e59]
  • Alles zonder problemen verlopen. Hier is de log: ComboFix 13-08-12.01 - WinOS 08/12/2013 15:50:06.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8150.6845 [GMT 2:00] Running from: c:\users\WinOS\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\WinOS\AppData\Local\assembly\tmp c:\users\WinOS\AppData\Roaming\Fueg c:\users\WinOS\AppData\Roaming\Fueg\poep.ity c:\users\WinOS\AppData\Roaming\Ivcau c:\users\WinOS\AppData\Roaming\Ivcau\bexa.exe . . ((((((((((((((((((((((((( Files Created from 2013-07-12 to 2013-08-12 ))))))))))))))))))))))))))))))) . . 2013-08-12 13:53 . 2013-08-12 13:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-08-12 13:53 . 2013-08-12 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-12 12:12 . 2013-08-12 12:12 -------- d-----w- c:\windows\ERUNT 2013-08-12 10:16 . 2013-08-12 10:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-12 10:16 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-12 09:44 . 2013-08-12 09:44 -------- d-----w- c:\users\WinOS\AppData\Roaming\Malwarebytes 2013-08-12 09:44 . 2013-08-12 09:44 -------- d-----w- c:\programdata\Malwarebytes 2013-08-11 11:09 . 2013-08-12 11:11 -------- d-----w- c:\users\WinOS\AppData\Roaming\Movdap 2013-08-08 18:43 . 2013-08-08 19:30 -------- d-----w- c:\users\WinOS\AppData\Roaming\Audacity 2013-08-07 15:18 . 2013-08-12 13:40 -------- d-----w- c:\users\WinOS\AppData\Roaming\Skype 2013-08-07 15:18 . 2013-08-07 15:18 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-08-07 15:18 . 2013-08-07 15:18 -------- d-----r- c:\program files (x86)\Skype 2013-08-07 12:14 . 2013-08-07 12:14 -------- d-----w- c:\program files (x86)\Microsoft XNA 2013-08-07 09:38 . 2013-08-07 09:38 -------- d-----w- c:\program files\Paint.NET 2013-08-07 09:32 . 2013-08-12 11:54 -------- d-----w- c:\users\WinOS\AppData\Local\Paint.NET 2013-08-05 12:32 . 2013-08-05 12:40 -------- d-----w- c:\program files (x86)\NovaLogic 2013-08-05 04:23 . 2013-08-05 04:23 1192832 ----a-w- c:\windows\Mall Tycoon 2 Uninstaller.exe 2013-08-05 04:22 . 2013-08-05 04:22 -------- d-----w- c:\program files (x86)\Global Star Software 2013-08-05 04:21 . 2013-08-05 04:21 -------- d-----w- c:\program files\Plastic Reality Technologies 2013-08-04 15:24 . 2013-08-04 15:25 -------- d-----w- c:\program files (x86)\Railroad Tycoon 3 2013-08-04 15:24 . 2013-08-04 15:24 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2013-08-04 15:24 . 2013-08-04 15:24 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2013-08-04 15:24 . 2003-02-27 14:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2013-08-04 15:24 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2013-08-04 15:24 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2013-08-04 15:24 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2013-08-04 15:24 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2013-08-02 09:17 . 2013-08-12 13:53 -------- d-----w- c:\users\WinOS\AppData\Local\assembly 2013-08-01 15:27 . 2013-08-07 14:36 -------- d-----w- C:\BegVCsharp 2013-08-01 12:54 . 2008-07-10 14:33 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2013-08-01 12:53 . 2008-07-10 14:33 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll 2013-08-01 12:52 . 2013-08-01 12:52 -------- d-----w- c:\program files\Microsoft SQL Server 2013-08-01 12:52 . 2013-08-01 12:52 -------- d-----w- c:\windows\SysWow64\1033 2013-08-01 12:52 . 2013-08-01 12:52 -------- d-----w- c:\windows\system32\1033 2013-08-01 12:50 . 2013-08-01 12:53 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2013-08-01 12:49 . 2013-08-01 12:49 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-08-01 12:49 . 2013-08-01 12:49 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2013-08-01 12:47 . 2013-08-01 12:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2013-08-01 12:47 . 2013-08-01 12:47 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2013-08-01 12:47 . 2013-08-01 12:47 -------- d-----w- c:\program files\Microsoft SDKs 2013-08-01 12:47 . 2013-08-01 12:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2013-07-30 15:21 . 2013-07-30 15:21 -------- d-----w- c:\users\WinOS\AppData\Local\Microsoft Games 2013-07-30 15:11 . 2013-08-07 05:04 -------- d-----w- c:\users\WinOS\AppData\Roaming\.minecraft 2013-07-30 15:02 . 2013-07-30 15:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-07-30 15:02 . 2013-07-30 15:02 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-07-30 15:02 . 2013-07-30 15:02 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-07-30 15:02 . 2013-07-30 15:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-30 12:33 . 2013-08-10 15:58 -------- d-----w- c:\programdata\Tunngle 2013-07-30 12:33 . 2013-07-30 15:55 -------- d-----w- c:\users\WinOS\AppData\Roaming\Tunngle 2013-07-30 12:33 . 2009-09-16 05:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys 2013-07-30 12:33 . 2013-07-30 12:33 -------- d-----w- c:\program files (x86)\Tunngle 2013-07-28 05:34 . 2013-07-28 05:34 -------- d-----w- c:\users\WinOS\AppData\Roaming\Spore 2013-07-27 09:15 . 2013-07-27 09:15 -------- d-----w- c:\programdata\3DMGAME 2013-07-27 07:59 . 2013-07-27 07:59 -------- d-----w- c:\users\WinOS\AppData\Local\FalloutNV 2013-07-22 13:52 . 2013-07-22 13:52 -------- d-----w- c:\windows\Profiles 2013-07-22 13:52 . 2013-07-22 13:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-07-22 13:52 . 1997-01-22 18:26 565760 ----a-w- c:\windows\SysWow64\MSVCP50.DLL 2013-07-21 16:50 . 2001-04-11 16:25 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2013-07-21 16:50 . 2001-04-11 16:25 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2013-07-21 16:50 . 2001-04-11 16:21 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2013-07-21 16:50 . 2001-04-11 16:20 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2013-07-21 11:39 . 2013-07-21 11:39 -------- d-----w- c:\windows\wb 2013-07-21 11:39 . 1996-08-16 12:44 87552 ----a-r- c:\windows\system\url.dll 2013-07-21 11:37 . 2013-07-21 11:37 -------- d-----w- c:\program files (x86)\Hothouse Creations 2013-07-21 11:36 . 1998-10-29 13:45 306688 ----a-w- c:\windows\IsUninst.exe 2013-07-19 15:11 . 2013-07-19 15:11 -------- d--h--r- c:\users\WinOS\AppData\Roaming\SecuROM 2013-07-18 11:50 . 2013-07-18 11:50 -------- d-----w- c:\program files\Common Files\EasyInfo 2013-07-14 05:07 . 2013-07-14 05:07 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-29 11:54 . 2013-06-29 11:54 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2013-06-29 11:54 . 2013-06-29 11:54 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-06-29 11:54 . 2013-06-29 11:54 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2013-06-29 11:54 . 2013-06-29 11:54 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2013-06-02 08:20 . 2004-11-02 15:21 472336 ----a-w- c:\windows\SysWow64\ssleay32.dll 2013-06-02 08:15 . 2012-08-30 13:48 1106432 ----a-w- c:\windows\SysWow64\libeay32.dll 2013-06-02 07:31 . 2012-10-26 07:34 1253888 ----a-w- c:\windows\SysWow64\fmodex.dll 2013-05-28 13:05 . 2013-07-08 14:40 163328 ----a-w- c:\windows\SysWow64\FlashPlayerUpdateService.exe 2013-05-26 18:09 . 2011-11-16 16:45 668672 ----a-w- c:\windows\system32\ISDone.dll 2013-05-26 18:03 . 2011-11-16 16:45 668672 ----a-w- c:\windows\SysWow64\ISDone.dll 2013-05-20 21:29 . 2013-05-20 21:07 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-05-20 21:07 . 2013-05-20 21:06 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-05-20 01:47 . 2013-05-14 15:09 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640] "iehighutil"="c:\temporary\iehighutil.exe" [2013-02-25 526247] "Facebook Update"="c:\users\WinOS\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-08-06 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;mbamscheduler.exe;mbamscheduler.exe [x] R2 MBAMService;MBAMService;mbamservice.exe;mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x] R3 cxasbt;cxasbt;d:\games\Avatar Star\avital\cxasbt64.sys;d:\games\Avatar Star\avital\cxasbt64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys;c:\windows\SYSNATIVE\drivers\psmounter.sys [x] R3 PSVolAcc;PSVolAcc; [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-08-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1201375777-1936072235-1431956680-1000Core.job - c:\users\WinOS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-06 17:45] . 2013-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1201375777-1936072235-1431956680-1000UA.job - c:\users\WinOS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-06 17:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1201375777-1936072235-1431956680-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:aa,bc,24,e9,2e,c5,d7,a1,97,9a,cc,52,ed,ff,c8,a1,df,50,5c,01,bb,d7,a1, dc,74,88,f6,6b,51,a0,91,ff,75,a3,2f,9f,55,1a,33,66,90,71,5f,2f,27,ca,05,d3,\ "??"=hex:c8,28,21,db,eb,6f,77,94,ce,e2,0f,3a,d5,1f,9d,fd . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "Licence0"="04F0D21-79D8-7A25-D702-433F" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-12 15:55:09 ComboFix-quarantined-files.txt 2013-08-12 13:55 . Pre-Run: 11,906,535,424 bytes free Post-Run: 13,083,213,824 bytes free . - - End Of File - - 8E48316D04E6F8B0A34A18C28DE876F7 A3095E5B8060D0D6B97E87EC1BB50C3C perloc
  • Hoe is de stand van zaken op dit moment met jouw zoon's PC?
  • Ik hoor geen klachten. Hij zegt dat ie een stuk sneller is. Het verwijderen van de malware heeft niet het probleem van het flikkeren (af en toe een paar maal per dag) van het scherm opgelost. Ik had gehoopt dat dat een malware probleem was, maar we houden het nu toch maar op een hardware probleem. Er zal een nieuwe videokaart moeten komen maar het is nog zo weinig dat dat nog wel even kan worden uitgesteld. Dank voor de hulp!! perloc
  • Doe het volgende dan en post enkel de link: [b:e86f5fc201]Welk programma[/b:e86f5fc201]: [img:e86f5fc201]http://www.imgdumper.nl/uploads7/51ec442687761/51ec442687372-sp_64_Canned.png[/img:e86f5fc201][color=#008000:e86f5fc201][b:e86f5fc201] Speccy van Piriform[/b:e86f5fc201][/color:e86f5fc201] [b:e86f5fc201]Waarvoor/waarom[/b:e86f5fc201]: specialistisch tool om een grondige analyse van jouw Windows PC of notebook te geven. [b:e86f5fc201]Moeilijkheidsgraad[/b:e86f5fc201]: geen. [b:e86f5fc201]Download: [url=https://www.piriform.com/speccy/download/slim]Speccy[/url][/b:e86f5fc201] Bij de installatie van "Speccy" wordt gevraagd om de Google Chrome webbrowser mee te installeren. Indien je dit niet wenst, verwijder dan de vinkjes. [b:e86f5fc201]Speccy van Piriform opstarten[/b:e86f5fc201]: [list:e86f5fc201][*:e86f5fc201][color=#0000FF:e86f5fc201]Windows 2000[/color:e86f5fc201] en [color=#0000FF:e86f5fc201]Windows XP[/color:e86f5fc201]: start "Speccy" middels dubbelklikken. [*:e86f5fc201][color=#0000FF:e86f5fc201]Windows Vista[/color:e86f5fc201] en [color=#0000FF:e86f5fc201]Windows 7[/color:e86f5fc201]: start "Speccy" middels rechtsklik en dan kiezen voor[b:e86f5fc201] Als Administrator uitvoeren[/b:e86f5fc201].[/list:u:e86f5fc201] [b:e86f5fc201]Speccy van Piriform gebruiken[/b:e86f5fc201]: [list:e86f5fc201][*:e86f5fc201]nadat de analyse van Windows klaar is, plaatst "Speccy" de uitkomst daarvan in een nieuw venster. [*:e86f5fc201]Klik nu in de menubalk op Bestand(File) en kies voor Publiceren(Publish Snapshot) [*:e86f5fc201]Bevestig het publiceren door JA(Yes) te klikken. [*:e86f5fc201][b:e86f5fc201][color=#0000FF:e86f5fc201]Nu zal een pop-upvenster openen met daarin de vraag voor wel of niet publiceren. [*:e86f5fc201]Becvestig dat eerste dus. [*:e86f5fc201]Kopieer nu de link in het nieuw geopende webvenster en plak die link in jouw volgende bericht.[/color:e86f5fc201][/b:e86f5fc201][/list:u:e86f5fc201]
  • Ik heb dit programma van de week gedraaid. En je wilt niet weten wat het allemaal in mijn systeem sloopte. Dus kijk ermee uit. Regclean pro deed het niet meer, AVG werkte niet meer naar behoren. Het heeft me uren gekost, om doel weer op orde te brengen. Zelfs vertrouwde sites, waren uit mijn favos verwijdert. Lekker dan.
  • Wat er dan met jouw Windows loos was, mag joost weten. Sspeccy is enkel een analyze tool.
  • [quote:2a81bd129d="Rick Gimpel"]Ik heb dit programma van de week gedraaid. En je wilt niet weten wat het allemaal in mijn systeem sloopte. Dus kijk ermee uit. Regclean pro deed het niet meer, AVG werkte niet meer naar behoren. Het heeft me uren gekost, om doel weer op orde te brengen. Zelfs vertrouwde sites, waren uit mijn favos verwijdert. Lekker dan.[/quote:2a81bd129d] Even los van het feit of wat je schrijft al dan niet zo is, natuurlijk had je voor die tijd een image gemaakt van je c:\partitie en die binnen twintig minuten terug kunnen zetten. :o
  • Waarom zou ik erover liegen. Voor die tijd werkte alles prima. Mijn bedoeling was, dat je met dergelijke software moet oppassen. Het verwijderen van schadelijke rotzooi, blijf ik dan maar met het handje doen.
  • Speccy wordt ook door mij al jaren ingezet en nog nooit is er ook maar enige melding binnen gekomen dat er iets fout gelopen is. Jij bent de eerste. Vermoedelijk het gegeven dat wat jij schrijft: "Het verwijderen van schadelijke rotzooi, blijf ik dan maar met het handje doen". Hoe verwijder jij dan met het handje bijv. een superintelligente rootkit uit jouw Windows. Want vergis je niet in het intellect van malwareschrijvers.
  • De echte intelligente malware is helaas lastig. Maar het blijft de vraag, hoever ga je met je beveiliging. Want als er weer iets nieuws opduikt, is de remedie als mosterd na de maaltijd. En hoever wil je, of vind je het nodig om die beveiligingen toe te passen. Want met al die toepassingen, word meer en meer jouw vrijheid op het net beperkt. Daar duiken veel softwaremakers, graag op in.(Het gaat ze om de knikkers) Ik denk dat je het je niveau van je beveiliging, moet bepalen op wat je werkelijk acht. Echte belangrijke data, dus extern opslaan. Aangezien de malware makers internationaal opereren, ze moeilijk aan te pakken zijn. Dat is weer een nadeel, van het vrije medium wat internet heet. Ik denk dat we het medicijn, niet erger meten maken dan de kwaal. En ben bang, dat de discussie daarover, eindeloos gaat duren.
  • Speccy gebruik ik zelf ook al jaren en heb er zelf nog nooit enig probleem mee ondervonden.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.