Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

meerdere trojan op comp

Anoniem
None
15 antwoorden
  • hoi ik heb heel veel rotzooi gekregen en krijg het er niet af iemand een idee het gaar om deze dingen Adware.Win32.WinadW32.Yaha.B@mmMagic DVD RipperTrojan-PSW.Win32.LdPinch.abmTrojan virtumondeTrojan.Fakealert.355Trojan.Qoologic - Key LoggerAdware.Win32.Look2me.abTrojan Horse IRC/Backdoor.SdBot4.FRVWin32/Hoax.Renos.HXnoise.datemptyregdb.datmpr.dllieakui.dllSET3.tmpcountry.sysahui.exepopcinfo.datdsdmo.dllActive Setup Log.txt

    alvast bedankt
  • Hallo Sanneke, met wat jij gepost heb kan ik nog niks aanvangen.

    [b:adfa164420]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:adfa164420]
  • OTL Extras logfile created on: 27-4-2012 16:21:14 - Run 1
    OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\rovo\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19222)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,81% Memory free
    7,21 Gb Paging File | 5,27 Gb Available in Paging File | 73,13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288,03 Gb Total Space | 102,74 Gb Free Space | 35,67% Space Free | Partition Type: NTFS
    Drive D: | 298,09 Gb Total Space | 286,79 Gb Free Space | 96,21% Space Free | Partition Type: NTFS
    Drive E: | 10,00 Gb Total Space | 5,76 Gb Free Space | 57,61% Space Free | Partition Type: NTFS
    Drive M: | 232,83 Gb Total Space | 29,67 Gb Free Space | 12,74% Space Free | Partition Type: FAT32

    Computer Name: PC_VAN_ROVO | User Name: rovo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • OTL logfile created on: 27-4-2012 16:21:14 - Run 1
    OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\rovo\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19222)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,81% Memory free
    7,21 Gb Paging File | 5,27 Gb Available in Paging File | 73,13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288,03 Gb Total Space | 102,74 Gb Free Space | 35,67% Space Free | Partition Type: NTFS
    Drive D: | 298,09 Gb Total Space | 286,79 Gb Free Space | 96,21% Space Free | Partition Type: NTFS
    Drive E: | 10,00 Gb Total Space | 5,76 Gb Free Space | 57,61% Space Free | Partition Type: NTFS
    Drive M: | 232,83 Gb Total Space | 29,67 Gb Free Space | 12,74% Space Free | Partition Type: FAT32

    Computer Name: PC_VAN_ROVO | User Name: rovo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • Doe nu het volgende:

    [b:ffc3113caf]Welk programma[/b:ffc3113caf]: ComboFix
    [b:ffc3113caf]Waarvoor/waarom[/b:ffc3113caf]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:ffc3113caf]Moeilijkheidsgraad[/b:ffc3113caf]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:ffc3113caf]Downloadlokatie[/b:ffc3113caf]: Dit programma absoluut naar het bureaublad downloaden!
    [b:ffc3113caf]Download ComboFix via één van deze locaties[/b:ffc3113caf]:
    [list:ffc3113caf][*:ffc3113caf][b:ffc3113caf]Bleepingcomputer[/b:ffc3113caf]
    [*:ffc3113caf][b:ffc3113caf]ForoSpyware[/b:ffc3113caf]
    [*:ffc3113caf][b:ffc3113caf]Geekstogo[/b:ffc3113caf][/list:u:ffc3113caf]
    [b:ffc3113caf]Hier[/b:ffc3113caf] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:ffc3113caf]Hier[/b:ffc3113caf] en [b:ffc3113caf]hier[/b:ffc3113caf] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:ffc3113caf]Voor alle duidelijkheid nogmaals[/b:ffc3113caf]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:ffc3113caf]Opmerkingen[/b:ffc3113caf]:
    [list:ffc3113caf][*:ffc3113caf] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:ffc3113caf]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:ffc3113caf]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ffc3113caf]
    [b:ffc3113caf]ComboFix is opgestart[/b:ffc3113caf]:
    [list:ffc3113caf][*:ffc3113caf]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:ffc3113caf]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:ffc3113caf]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:ffc3113caf]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:ffc3113caf]Post de inhoud van dit logbestand in je volgende bericht.
    [*:ffc3113caf]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ffc3113caf]
    [b:ffc3113caf]Belangrijke opmerking[/b:ffc3113caf]:
    [list:ffc3113caf][*:ffc3113caf][b:ffc3113caf]
  • na het downloaden van combofix ging mijn computer op zwart hij stond nog wel aan alleen het beeldscherm was zwart na een tijdje zo te laten heb hem weer op gestart en was er een log bestand op mijn desktop geplaatst desktop.ini

    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
    IconResource=%SystemRoot%\system32\imageres.dll,-183
  • Desktop.ini heeft niks met ComboFix te maken.
    Dat is een Windows bestand, dat nu even zichtbaar is vanwege instellingen door ComboFix gedaan.
    Niet verwijderen dus.

    Kijk zoals in de handleiding al staat aangegeven naar C:\Combofix.txt.
    Post de inhoud daarvan!
  • ComboFix 12-04-28.01 - rovo 28-04-2012 10:22:12.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3582.2157 [GMT 2:00]
    Gestart vanuit: c:\users\rovo\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\rovo\Documents\~WRL0016.tmp
    c:\users\rovo\Documents\~WRL0220.tmp
    c:\users\rovo\Documents\~WRL0454.tmp
    c:\users\rovo\Documents\~WRL0619.tmp
    c:\users\rovo\Documents\~WRL1092.tmp
    c:\users\rovo\Documents\~WRL1428.tmp
    c:\users\rovo\Documents\~WRL1755.tmp
    c:\users\rovo\Documents\~WRL1898.tmp
    c:\users\rovo\Documents\~WRL2041.tmp
    c:\users\rovo\Documents\~WRL2415.tmp
    c:\users\rovo\Documents\~WRL2822.tmp
    c:\users\rovo\Documents\~WRL2857.tmp
    c:\users\rovo\Documents\~WRL2911.tmp
    c:\users\rovo\Documents\~WRL3084.tmp
    c:\users\rovo\Documents\~WRL3218.tmp
    c:\users\rovo\Documents\~WRL3509.tmp
    c:\users\rovo\Documents\~WRL3640.tmp
    c:\users\rovo\Documents\~WRL3676.tmp
    c:\users\rovo\Documents\~WRL3929.tmp
    c:\windows\IsUn0413.exe
    c:\windows\system32\aac_parser.ax
    c:\windows\system32\ac3file.ax
    c:\windows\system32\ac3filter.ax
    c:\windows\system32\AVerCP.ax
    c:\windows\system32\avi2ac3filter.ax
    c:\windows\system32\bdaplgin.ax
    c:\windows\system32\cdxareader.ax
    c:\windows\system32\cero.rs
    c:\windows\system32\CoreAAC.ax
    c:\windows\system32\CoreVorbis.ax
    c:\windows\system32\DCBassSource.ax
    c:\windows\system32\DivXDecH264.ax
    c:\windows\system32\dtsac3source.ax
    c:\windows\system32\esrb.rs
    c:\windows\system32\ffdshow.ax
    c:\windows\system32\FLVSplitter.ax
    c:\windows\system32\g711codc.ax
    c:\windows\system32\grb.rs
    c:\windows\system32\iac25_32.ax
    c:\windows\system32\ir41_32.ax
    c:\windows\system32\ivfsrc.ax
    c:\windows\system32\Ivinav.ax
    c:\windows\system32\IVIVIDEO.ax
    c:\windows\system32\ksproxy.ax
    c:\windows\system32\kstvtune.ax
    c:\windows\system32\Kswdmcap.ax
    c:\windows\system32\ksxbar.ax
    c:\windows\system32\Mpeg2Data.ax
    c:\windows\system32\mpg2splt.ax
    c:\windows\system32\MSDvbNP.ax
    c:\windows\system32\MSNP.ax
    c:\windows\system32\oflc.rs
    c:\windows\system32\OggSplitter.ax
    c:\windows\system32\pegi-fi.rs
    c:\windows\system32\pegi-pt.rs
    c:\windows\system32\pegi.rs
    c:\windows\system32\pegibbfc.rs
    c:\windows\system32\psisrndr.ax
    c:\windows\system32\RealMediaSplitter.ax
    c:\windows\system32\RLOFRDec.ax
    c:\windows\system32\SCLAudio.ax
    c:\windows\system32\SCLVideo.ax
    c:\windows\system32\SPCC1011.ocx
    c:\windows\system32\splitter.ax
    c:\windows\system32\tm20dec.ax
    c:\windows\system32\usk.rs
    c:\windows\system32\VBICodec.ax
    c:\windows\system32\vbisurf.ax
    c:\windows\system32\vidcap.ax
    c:\windows\system32\vp6dec.ax
    c:\windows\system32\vp7dec.ax
    c:\windows\system32\WEB.rs
    c:\windows\system32\WSTPager.ax
    c:\windows\unin0413.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-28 to 2012-04-28 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-28 08:28 . 2012-04-28 08:28 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-04-28 08:28 . 2012-04-28 08:28 ——– d—–w- c:\users\dave\AppData\Local\temp
    2012-04-28 08:28 . 2012-04-28 08:28 ——– d—–w- c:\users\dave.PC_van_rovo\AppData\Local\temp
    2012-04-27 12:13 . 2012-04-13 07:36 6734704 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{115B4132-084D-48F3-9F9D-887EB5697BE9}\mpengine.dll
    2012-04-26 18:56 . 2012-04-26 18:56 ——– d—–w- c:\users\rovo\AppData\Roaming\Malwarebytes
    2012-04-26 18:55 . 2012-04-26 18:55 ——– d—–w- c:\programdata\Malwarebytes
    2012-04-26 18:55 . 2012-04-26 18:56 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-26 18:55 . 2012-04-04 13:56 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-21 06:36 . 2012-04-21 06:36 108144 —-a-w- c:\windows\system32\CmdLineExt.dll
    2012-04-21 06:24 . 2012-04-21 06:24 ——– d—–w- c:\program files\Braingame
    2012-04-11 21:08 . 2012-04-11 21:08 418464 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-11 17:18 . 2012-02-29 15:11 5120 —-a-w- c:\windows\system32\wmi.dll
    2012-04-11 17:18 . 2012-02-29 15:11 172032 —-a-w- c:\windows\system32\wintrust.dll
    2012-04-11 17:18 . 2012-02-29 15:09 157696 —-a-w- c:\windows\system32\imagehlp.dll
    2012-04-11 17:18 . 2012-02-29 13:32 12800 —-a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-11 17:18 . 2012-03-06 06:39 3602816 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2012-04-11 17:18 . 2012-03-06 06:39 3550080 —-a-w- c:\windows\system32
    toskrnl.exe
    2012-03-31 06:01 . 2012-03-31 06:01 ——– d—–w- c:\program files\Mindscape
    2012-03-29 15:12 . 1998-10-29 14:45 306688 —-a-w- c:\windows\IsUninst.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-11 21:08 . 2011-06-07 16:34 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-23 08:18 . 2010-07-21 14:38 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-14 15:45 . 2012-03-14 16:40 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
    2012-02-14 15:45 . 2012-03-14 16:40 160768 —-a-w- c:\windows\system32\d3d10_1.dll
    2012-02-13 14:12 . 2012-03-14 16:40 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
    2012-02-13 13:47 . 2012-03-14 16:40 683008 —-a-w- c:\windows\system32\d2d1.dll
    2012-02-13 13:44 . 2012-03-14 16:40 1068544 —-a-w- c:\windows\system32\DWrite.dll
    2012-02-02 15:16 . 2012-03-14 16:40 2044416 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
    "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-06-13 2734688]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]
    .
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}]
    2010-06-13 17:10 2734688 —-a-w- c:\program files\PHPNukeDU\tbPHPN.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    2010-06-13 17:10 2734688 —-a-w- c:\program files\Zynga\tbZyng.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-04-09 15:43 1519272 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-06-13 2734688]
    "{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]
    .
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{46735DEE-F862-49D1-876D-6382794DC625}"= "c:\program files\PHPNukeDU\tbPHPN.dll" [2010-06-13 2734688]
    "{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-13 2734688]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
    .
    [HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]
    .
    [HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]
    "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-12-24 296056]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-29 113664]
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\GoToAssist]
    2008-05-27 01:35 10536 —-a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 253600]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:08]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 14:12]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 14:12]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002451365-2551685908-1787832852-1000Core.job
    - c:\users\rovo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 17:17]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002451365-2551685908-1787832852-1000UA.job
    - c:\users\rovo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 17:17]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    mStart Page = ${URL_STARTPAGE}
    IE: &D&ownload &met BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload alles met BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\wpclsp.dll
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    AddRemove-LEGO Creator - c:\windows\IsUn0413.exe
    AddRemove-LEGO LOCO - c:\windows\IsUn0413.exe
    AddRemove-LEGOLANDDeInstKey - c:\windows\unin0413.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-28 10:52
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(5504)
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\btncopy.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
    c:\program files\Windows Live\Family Safety\fsssvc.exe
    c:\program files\Nero\Update\NASvc.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\TomTom HOME 2\TomTomHOMEService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\ehome\ehsched.exe
    c:\windows\ehome\ehRecvr.exe
    c:\windows\system32\conime.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\windows\ehome\ehmsas.exe
    c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-04-28 10:56:45 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-04-28 08:56
    .
    Pre-Run: 109.971.521.536 bytes beschikbaar
    Post-Run: 119.792.578.560 bytes beschikbaar
    .
    - - End Of File - - F04D1215CA9BD4FF0D21D32CF64BFF7E


  • Hallo Sanneke, ik heb het idee, dat er een of ander vreemd codec pack door jou of de andere gebruiker was geïnstalleerd.

    We gaan Combofix via script gebruiken.

    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:a8e29dc413]Kladblok (of Notepad)[/b:a8e29dc413]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:a8e29dc413]
  • ComboFix 12-04-28.01 - rovo 28-04-2012 14:05:36.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3582.2231 [GMT 2:00]
    Gestart vanuit: c:\users\rovo\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\rovo\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\Windows Live\Family Safety\fsssvc.exe"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Ask.com
    c:\program files\Ask.com\assets\oobe\b.png
    c:\program files\Ask.com\assets\oobe\bl.png
    c:\program files\Ask.com\assets\oobe\br.png
    c:\program files\Ask.com\assets\oobe\l.png
    c:\program files\Ask.com\assets\oobe\pointer.png
    c:\program files\Ask.com\assets\oobe\r.png
    c:\program files\Ask.com\assets\oobe\t.png
    c:\program files\Ask.com\assets\oobe\tl.png
    c:\program files\Ask.com\assets\oobe\tr.png
    c:\program files\Ask.com\cobrand.ico
    c:\program files\Ask.com\config.xml
    c:\program files\Ask.com\favicon.ico
    c:\program files\Ask.com\GenericAskToolbar.dll
    c:\program files\Ask.com\mupcfg.xml
    c:\program files\Ask.com\precache.exe
    c:\program files\Ask.com\SaUpdate.exe
    c:\program files\Ask.com\Updater\config.xml
    c:\program files\Ask.com\Updater\Updater.exe
    c:\program files\Ask.com\UpdateTask.exe
    c:\program files\PHPNukeDU
    c:\program files\PHPNukeDU\INSTALL.LOG
    c:\program files\PHPNukeDU\PHPNukeDUToolbarHelper.exe
    c:\program files\PHPNukeDU\tbPHPN.dll
    c:\program files\PHPNukeDU\toolbar.cfg
    c:\program files\PHPNukeDU\UNWISE.EXE
    c:\program files\Windows Live\Family Safety\fsssvc.exe
    c:\program files\Zynga
    c:\program files\Zynga\INSTALL.LOG
    c:\program files\Zynga\tbZyng.dll
    c:\program files\Zynga\toolbar.cfg
    c:\program files\Zynga\UNWISE.EXE
    c:\program files\Zynga\ZyngaToolbarHelper.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Service_fsssvc
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-28 to 2012-04-28 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-28 12:10 . 2012-04-28 12:10 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-04-28 12:10 . 2012-04-28 12:10 ——– d—–w- c:\users\dave\AppData\Local\temp
    2012-04-28 12:10 . 2012-04-28 12:10 ——– d—–w- c:\users\dave.PC_van_rovo\AppData\Local\temp
    2012-04-27 12:13 . 2012-04-13 07:36 6734704 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{115B4132-084D-48F3-9F9D-887EB5697BE9}\mpengine.dll
    2012-04-26 18:56 . 2012-04-26 18:56 ——– d—–w- c:\users\rovo\AppData\Roaming\Malwarebytes
    2012-04-26 18:55 . 2012-04-26 18:55 ——– d—–w- c:\programdata\Malwarebytes
    2012-04-26 18:55 . 2012-04-26 18:56 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-26 18:55 . 2012-04-04 13:56 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-21 06:36 . 2012-04-21 06:36 108144 —-a-w- c:\windows\system32\CmdLineExt.dll
    2012-04-21 06:24 . 2012-04-21 06:24 ——– d—–w- c:\program files\Braingame
    2012-04-11 21:08 . 2012-04-11 21:08 418464 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-11 17:18 . 2012-02-29 15:09 157696 —-a-w- c:\windows\system32\imagehlp.dll
    2012-04-11 17:18 . 2012-02-29 13:32 12800 —-a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-31 06:01 . 2012-03-31 06:01 ——– d—–w- c:\program files\Mindscape
    2012-03-29 15:12 . 1998-10-29 14:45 306688 —-a-w- c:\windows\IsUninst.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-11 21:08 . 2011-06-07 16:34 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-06 06:39 . 2012-04-11 17:18 3602816 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2012-03-06 06:39 . 2012-04-11 17:18 3550080 —-a-w- c:\windows\system32
    toskrnl.exe
    2012-02-29 15:11 . 2012-04-11 17:18 5120 —-a-w- c:\windows\system32\wmi.dll
    2012-02-29 15:11 . 2012-04-11 17:18 172032 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-28 11:30 . 2012-04-11 17:12 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-02-28 08:08 . 2012-04-11 17:12 1638912 —-a-w- c:\windows\system32\mshtml.tlb
    2012-02-23 08:18 . 2010-07-21 14:38 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-14 15:45 . 2012-03-14 16:40 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
    2012-02-14 15:45 . 2012-03-14 16:40 160768 —-a-w- c:\windows\system32\d3d10_1.dll
    2012-02-13 14:12 . 2012-03-14 16:40 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
    2012-02-13 13:47 . 2012-03-14 16:40 683008 —-a-w- c:\windows\system32\d2d1.dll
    2012-02-13 13:44 . 2012-03-14 16:40 1068544 —-a-w- c:\windows\system32\DWrite.dll
    2012-02-02 15:16 . 2012-03-14 16:40 2044416 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]
    "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-31 30192]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-12-24 296056]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-29 113664]
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\GoToAssist]
    2008-05-27 01:35 10536 —-a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 253600]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:08]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 14:12]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-22 14:12]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002451365-2551685908-1787832852-1000Core.job
    - c:\users\rovo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 17:17]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2002451365-2551685908-1787832852-1000UA.job
    - c:\users\rovo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 17:17]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    mStart Page = ${URL_STARTPAGE}
    IE: &D&ownload &met BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload alles met BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\windows\system32\wpclsp.dll
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
    URLSearchHooks-{46735dee-f862-49d1-876d-6382794dc625} - c:\program files\PHPNukeDU\tbPHPN.dll
    URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
    BHO-{46735dee-f862-49d1-876d-6382794dc625} - c:\program files\PHPNukeDU\tbPHPN.dll
    BHO-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    Toolbar-{46735dee-f862-49d1-876d-6382794dc625} - c:\program files\PHPNukeDU\tbPHPN.dll
    Toolbar-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - c:\program files\PHPNukeDU\tbPHPN.dll
    WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - c:\program files\Zynga\tbZyng.dll
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
    AddRemove-PHPNukeDU Toolbar - c:\progra~1\PHPNUK~1\UNWISE.EXE
    AddRemove-Zynga Toolbar - c:\progra~1\Zynga\UNWISE.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-28 14:15
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(3664)
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\btncopy.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
    c:\program files\Nero\Update\NASvc.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\TomTom HOME 2\TomTomHOMEService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\conime.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\system32\msiexec.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\windows\ehome\ehmsas.exe
    c:\windows\ehome\ehsched.exe
    c:\windows\ehome\ehRecvr.exe
    c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Windows Live\Family Safety\fsssvc.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-04-28 14:23:48 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-04-28 12:23
    ComboFix2.txt 2012-04-28 08:56
    .
    Pre-Run: 119.821.709.312 bytes beschikbaar
    Post-Run: 119.619.514.368 bytes beschikbaar
    .
    - - End Of File - - 827A8D91514BA1796AFAC7539156548D


  • Hoi Sanneke, vertel hoe het nu gaat.
  • hoi abraham
    aan mijn computer is niets te zien
    hij doet wat hij moet doen en wat ik wil
    maar wat ik niet snap waarom mijn computer een melding gaf dat er trojans en adware op stonden
    maar uit de dingen die ik van jou moest doen was daar niets van te zien volgens mij of zie ik het verkeerd en waren die dingen meteen verwijderd
    want ik hoorde jou er ook niets over
  • sorry ik was vergeten te zeggen dat dit alles was na het openen van een mail
  • Lol.
    Waarom denk je nu dat ik je al een paar dingen vroeg en als antwoord nu een vraag krijg.

    Eerstens, ik heb eerder een vermoeden uitgesproken over een gebruikt codex-pack.
    Klopt dat?
    Zoja, weet je nog welk pakket dat was?

    En ben je ondertussen nu de meldingen over malware kwijt.
    Want ComboFix heeft ondertussen wel het een en ander uit jouw Windows verwijderd.
  • ik heb wel een codex-pack gedownload maar weet niet meer welke
    en ik heb geen meldingen meer

    bedankt voor je inzet ben er blij mee

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.