Ik heb zelf Microsoft Security Essentials, maar heb daarover me twijfels. Aangezien er 10 malware-bestanden in me systeem is gedetecteerd door een ander programma.

Nou zit ik te denken; Welke (gratis) antivirus programma de beste is, graag jullie advies hierbij.

Hoi, MSE is redelijk.

Avast 7 Free is de beste en heeft de meeste onderdelen aan boord.
Ook de webcontrole behoort tot de besten.

Snel en veilige download: http://www.chip.de/downloads/avast-Free-Antivirus_13010163.html

Je dien Avast vauit het menu te registrren.
Daar zijn geen nadelen aan verbonden en dien je elk jaar even te doen.
Laat je trikken en op de koopversie van Avast over te gaan.

En doe daarna ook dit:

[b:212befe163]Welk programma[/b:212befe163]: sUbs [b:212befe163]dds[/b:212befe163]
[b:212befe163]Waarvoor/waarom[/b:212befe163]: DDS is een diagnosetool en maakt gebruik van scripts.
[b:212befe163]Moeilijkheidsgraad[/b:212befe163]: Lees eerst goed wat te doen.
[b:212befe163]Downloadlokatie[/b:212befe163]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
[b:212befe163]Download DDS[/b:212befe163] van [b:212befe163]sUBS[/b:212befe163] van één van deze locaties en plaats het op je [b:212befe163]bureaublad[/b:212befe163]:
[b:212befe163]DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.[/b:212befe163]

[img:212befe163]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:212befe163]

[b:212befe163]sUBs dds. gebruiken[/b:212befe163]:
[list:212befe163][*:212befe163][b:212befe163]

Ik heb de scans uitgevoerd: en het resultaat staat hieronder:

[b:35f4778a93]Malwarebytes;[/b:35f4778a93]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.05.17.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Fatih Sizer :: FATIH [administrator]

17-5-2012 13:41:29
mbam-log-2012-05-17 (13-41-29).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 196489
Verstreken tijd: 8 minuut/minuten, 13 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 9
HKCR\AppID\{418D86BE-7386-4F1A-83E0-53604ADBDA74} (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{4E3A97D3-9F15-4067-D0F9-241CC9CC9541} (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{B505D7AA-1BBC-4AE3-8636-54FACFD297E3} (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{9F6F6975-C180-E439-DD93-385FC7008EE5} (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\BestShoppingTipsProgram.BestShoppingTipsProgram.1 (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E3A97D3-9F15-4067-D0F9-241CC9CC9541} (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E3A97D3-9F15-4067-D0F9-241CC9CC9541} (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E3A97D3-9F15-4067-D0F9-241CC9CC9541} (Adware.PlayMP3z) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\MediaHoldings (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 3
C:\ProgramData\wxDfast (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 14
C:\$RECYCLE.BIN\S-1-5-21-4269158105-2404827290-322175033-1000\$R3V4HS2.exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\$RECYCLE.BIN\S-1-5-21-4269158105-2404827290-322175033-1000\$RI4B3FT.exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\wxDfast\bhoclass.dll (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\wxDfast\ojigneeomnaicamebihibglngmajaodf.crx (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

[b:35f4778a93]Anti-rootkit:[/b:35f4778a93]

Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 17-5-2012 14:08:59

Scaninstellingen:

Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan

Scan gestart: 17-5-2012 14:09:53

c:\program files\WinZix Ontdekt: Trace.Directory.WinZix!A2
C:\$RECYCLE.BIN\S-1-5-21-4269158105-2404827290-322175033-1000\$RREPK1H.exe Ontdekt: Riskware.Win32.InstallCore.AMN!A2
C:\Users\Fatih Sizer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3ebffa55-2117ed78/yhrdecskwugrrf\gulfrwpenhwtmuekftw.class Ontdekt: JAVA.Agent!IK
C:\Users\Fatih Sizer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3ebffa55-2117ed78/yhrdecskwugrrf\wehfnltlfkdmnlwtgppphufbb.class Ontdekt: Java.CVE!IK
C:\Users\Fatih Sizer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\35f19e57-5cd63b1c/qvqweqb\hqdjyhsck.class Ontdekt: Exploit.Java.CVE!IK
C:\Users\Fatih Sizer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\35f19e57-5cd63b1c/qvqweqb\yrkpjtdd.class Ontdekt: Trojan.Downloader-AR!IK

Gescand

Bestanden: 270701
Sporen: 408843
Cookies: 458
Processen: 59

Gevonden

Bestanden: 5
Sporen: 1
Cookies: 0
Processen: 0
Registersleutels: 0

Scan Geëindigd: 17-5-2012 19:56:13
Scantijd: 5:46:20

C:\Users\Fatih Sizer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\35f19e57-5cd63b1c/qvqweqb\yrkpjtdd.class Verwijderd Trojan.Downloader-AR!IK
C:\Users\Fatih Sizer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\35f19e57-5cd63b1c/qvqweqb\hqdjyhsck.class Verwijderd Exploit.Java.CVE!IK
C:\Users\Fatih Sizer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3ebffa55-2117ed78/yhrdecskwugrrf\wehfnltlfkdmnlwtgppphufbb.class Verwijderd Java.CVE!IK
C:\Users\Fatih Sizer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3ebffa55-2117ed78/yhrdecskwugrrf\gulfrwpenhwtmuekftw.class Verwijderd JAVA.Agent!IK
C:\$RECYCLE.BIN\S-1-5-21-4269158105-2404827290-322175033-1000\$RREPK1H.exe Verwijderd Riskware.Win32.InstallCore.AMN!A2
c:\program files\WinZix Verwijderd Trace.Directory.WinZix!A2

Verwijderd

Bestanden: 5
Sporen: 1
Cookies: 0


Zal ik die programma's nou weer verwijderen?

Het behouden dan wel verwijderen doe we aan het het einde van de fix.
Want het is niet niks, hetgeen beide programma's in jouw Windows hebben verwijderd.

We kijken dus verder.

[b:3177b1fa63]Welk programma[/b:3177b1fa63]:

Sory voor de late reactie; ik heb het programma gedownload en uitgevoerd.

Hieronder de resultaten:

0:07:13.0646 1600 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:07:13.0646 1600 ============================================================
20:07:13.0646 1600 Current date / time: 2012/05/31 20:07:13.0646
20:07:13.0646 1600 SystemInfo:
20:07:13.0646 1600
20:07:13.0646 1600 OS Version: 6.0.6002 ServicePack: 2.0
20:07:13.0646 1600 Product type: Workstation
20:07:13.0646 1600 ComputerName: FATIH
20:07:13.0646 1600 UserName: Fatih Sizer
20:07:13.0646 1600 Windows directory: C:\Windows
20:07:13.0646 1600 System windows directory: C:\Windows
20:07:13.0646 1600 Processor architecture: Intel x86
20:07:13.0646 1600 Number of processors: 2
20:07:13.0646 1600 Page size: 0x1000
20:07:13.0646 1600 Boot type: Normal boot
20:07:13.0646 1600 ============================================================
20:07:20.0240 1600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:07:20.0271 1600 Drive \Device\Harddisk3\DR3 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:07:20.0271 1600 Drive \Device\Harddisk5\DR7 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:07:20.0271 1600 ============================================================
20:07:20.0271 1600 \Device\Harddisk0\DR0:
20:07:20.0286 1600 MBR partitions:
20:07:20.0286 1600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1384C7A, BlocksNum 0x1C844A15
20:07:20.0286 1600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DBC968F, BlocksNum 0x1C7BB5B2
20:07:20.0286 1600 \Device\Harddisk3\DR3:
20:07:20.0286 1600 MBR partitions:
20:07:20.0286 1600 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407
20:07:20.0286 1600 \Device\Harddisk5\DR7:
20:07:20.0286 1600 MBR partitions:
20:07:20.0286 1600 \Device\Harddisk5\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FCBB02
20:07:20.0286 1600 ============================================================
20:07:20.0302 1600 C: <-> \Device\Harddisk0\DR0\Partition0
20:07:20.0474 1600 D: <-> \Device\Harddisk0\DR0\Partition1
20:07:20.0474 1600 ============================================================
20:07:20.0474 1600 Initialize success
20:07:20.0474 1600 ============================================================
20:07:20.0599 5824 ============================================================
20:07:20.0599 5824 Scan started
20:07:20.0599 5824 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
20:07:20.0599 5824 ============================================================
20:07:23.0599 5824 Acer HomeMedia Connect Service (a5f948a07b69401683bd809eea3dc34b) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
20:07:23.0865 5824 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - [b:8b5745bbaa]

Het TDSSKStarterlog is van 10 dagen geleden.
Dat is te lang geleden al.

Herhaal de scan nogmaals.

Heb de scan opnieuw uitgevoerd:

17:22:20.0756 1900 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:22:20.0759 1900 ============================================================
17:22:20.0759 1900 Current date / time: 2012/06/06 17:22:20.0759
17:22:20.0759 1900 SystemInfo:
17:22:20.0759 1900
17:22:20.0759 1900 OS Version: 6.0.6002 ServicePack: 2.0
17:22:20.0759 1900 Product type: Workstation
17:22:20.0760 1900 ComputerName: FATIH
17:22:20.0760 1900 UserName: Fatih Sizer
17:22:20.0760 1900 Windows directory: C:\Windows
17:22:20.0760 1900 System windows directory: C:\Windows
17:22:20.0760 1900 Processor architecture: Intel x86
17:22:20.0761 1900 Number of processors: 2
17:22:20.0761 1900 Page size: 0x1000
17:22:20.0761 1900 Boot type: Normal boot
17:22:20.0761 1900 ============================================================
17:22:22.0816 1900 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:22:23.0039 1900 Drive \Device\Harddisk3\DR3 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:22:23.0193 1900 Drive \Device\Harddisk5\DR5 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:22:23.0195 1900 ============================================================
17:22:23.0195 1900 \Device\Harddisk0\DR0:
17:22:23.0216 1900 MBR partitions:
17:22:23.0216 1900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1384C7A, BlocksNum 0x1C844A15
17:22:23.0216 1900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DBC968F, BlocksNum 0x1C7BB5B2
17:22:23.0216 1900 \Device\Harddisk3\DR3:
17:22:23.0218 1900 MBR partitions:
17:22:23.0218 1900 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407
17:22:23.0218 1900 \Device\Harddisk5\DR5:
17:22:23.0219 1900 MBR partitions:
17:22:23.0219 1900 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FCBB02
17:22:23.0219 1900 ============================================================
17:22:23.0251 1900 C: <-> \Device\Harddisk0\DR0\Partition0
17:22:23.0301 1900 D: <-> \Device\Harddisk0\DR0\Partition1
17:22:23.0302 1900 ============================================================
17:22:23.0303 1900 Initialize success
17:22:23.0303 1900 ============================================================
17:22:26.0931 5312 ============================================================
17:22:26.0931 5312 Scan started
17:22:26.0931 5312 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
17:22:26.0931 5312 ============================================================
17:22:27.0518 5312 Acer HomeMedia Connect Service (a5f948a07b69401683bd809eea3dc34b) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
17:22:27.0903 5312 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - [b:17a44896c2]

Hoi, heb je zo weinig tijd om sneller te kunnen reageren?
Want doe je fix, dan zijn kortere responstijden het beste.

[b:5683ae0ff7]Welk programma[/b:5683ae0ff7]:

Ik doe me best om zo snel mogelijk te reageren.

Hierbij ook het logboekbestand:

ComboFix 12-06-09.01 - Fatih * 09-06-2012 15:42:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2046.1160 [GMT 2:00]
Gestart vanuit: C:\Users\Fatih Sizer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80CVYU96\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\100
C:\ProgramData\Amazon.ico
C:\ProgramData\MercadoLivre.ico
C:\ProgramData\TheBflix
C:\ProgramData\TheBflix\bhoclass.dll
C:\ProgramData\TheBflix\content.js
C:\ProgramData\TheBflix\data\content.js
C:\ProgramData\TheBflix\data\jsondb.js
C:\ProgramData\TheBflix\settings.ini
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM10F9.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM1224.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM12A.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM133F.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM145A.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM1595.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM16CF.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM17DB.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM18E6.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM19F2.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM1B0D.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM1C38.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM1D34.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM1EBD.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM1FE8.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM2113.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM225D.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM226.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM2378.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM2493.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM25EE.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM26DA.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM27D6.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM28B3.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM313.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM3D0.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM4AD.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM5D.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM5E9.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM714.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM801.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEM8DD.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMA18.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMB23.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMCFA.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEME44.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMF7F2.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMF95C.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMFA87.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMFBA2.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMFBD.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMFCDC.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMFDD8.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\XTMP1MC3VE\DEMFEF4.tmp
C:\Users\Fatih Sizer\AppData\Local\Temp\YTMP7MC8AA\TAA4BD.tmp
C:\Users\Fatih Sizer\AppData\Roaming\Axhuxo
C:\Users\Fatih Sizer\AppData\Roaming\Axhuxo\axyq.ogi
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM10F9.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM1224.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM12A.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM133F.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM145A.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM1595.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM16CF.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM17DB.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM18E6.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM19F2.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM1B0D.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM1C38.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM1D34.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM1EBD.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM1FE8.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM2113.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM225D.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM226.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM2378.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM2493.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM25EE.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM26DA.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM27D6.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM28B3.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM313.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM3D0.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM4AD.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM5D.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM5E9.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM714.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM801.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEM8DD.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMA18.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB23.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMCFA.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEME44.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF7F2.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF95C.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMFA87.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMFBA2.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMFBD.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMFCDC.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMFDD8.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\XTMP1MC3VE\DEMFEF4.tmp
C:\Users\FATIHS~1\AppData\Local\Temp\YTMP7MC8AA\TAA4BD.tmp
D:\install.exe


(((((((((((((((((((( Bestanden Gemaakt van 2012-05-09 to 2012-06-09 ))))))))))))))))))))))))))))))


2012-06-08 19:34:38 . 2012-05-08 16:40:12 6737808 —-a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADDD2C75-26CC-4EB9-B3D5-E2A4E07A267C}\mpengine.dll
2012-06-07 15:45:23 . 2012-05-08 16:40:12 6737808 —-a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 15:22:11 . 2012-06-06 15:23:31 ——– d—–w- C:\TDSSStarter
2012-05-31 17:45:50 . 2012-06-03 11:58:56 ——– d—–w- C:\Users\Fatih Sizer\AppData\Roaming\Arra
2012-05-31 17:45:50 . 2012-06-01 20:26:11 ——– d—–w- C:\Users\Fatih Sizer\AppData\Roaming\Ximu
2012-05-30 14:31:48 . 2012-05-31 18:03:46 ——– d—–w- C:\ProgramData\ESTsoft
2012-05-30 14:31:33 . 2012-05-31 18:03:46 ——– d—–w- C:\Users\Fatih Sizer\AppData\Roaming\ESTsoft
2012-05-30 14:31:33 . 2012-05-31 18:03:39 ——– d—–w- C:\Program Files\ESTsoft
2012-05-18 15:42:36 . 2012-05-31 14:44:45 ——– d—–w- C:\Users\Fatih Sizer\AppData\Local\ManyCam
2012-05-17 11:39:33 . 2012-05-17 11:39:33 ——– d—–w- C:\Users\Fatih Sizer\AppData\Roaming\Malwarebytes
2012-05-17 11:39:17 . 2012-05-17 11:39:17 ——– d—–w- C:\ProgramData\Malwarebytes
2012-05-14 17:29:37 . 2012-05-14 17:29:37 ——– d—–w- C:\ProgramData\Premium
2012-05-14 17:29:18 . 2012-05-18 15:39:56 ——– d—–w- C:\Program Files\Web Assistant
2012-05-13 13:00:30 . 2012-05-13 13:00:30 ——– d—–w- C:\ProgramData\ManyCam
2012-05-13 13:00:03 . 2012-05-13 13:00:03 ——– d—–w- C:\Users\Fatih Sizer\AppData\Local\APN
2012-05-13 12:59:54 . 2012-05-18 15:37:12 ——– d—–w- C:\Program Files\ManyCam
2012-05-13 12:59:49 . 2012-05-13 12:59:49 ——– d—–w- C:\ProgramData\Ask
2012-05-11 16:46:21 . 2012-05-11 17:21:56 ——– d—–w- C:\Users\Fatih Sizer\AppData\Roaming\Audacity
2012-05-11 16:08:18 . 2004-03-08 22:00:00 152848 —-a-w- C:\Windows\system32\COMDLG32.OCX
2012-05-11 13:53:01 . 2012-03-20 23:28:50 53120 —-a-w- C:\Windows\system32\drivers\partmgr.sys
.


((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-21 20:15:42 . 2009-05-11 13:52:03 83360 —-a-w- C:\Windows\system32\LMIRfsClientNP.dll
2012-05-21 20:15:41 . 2009-05-11 13:52:03 52096 —-a-w- C:\Windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-21 20:15:41 . 2009-05-11 13:52:03 30592 —-a-w- C:\Windows\system32\LMIport.dll
2012-05-21 20:15:40 . 2009-05-11 13:52:01 87424 —-a-w- C:\Windows\system32\LMIinit.dll
2012-05-06 18:30:09 . 2012-05-06 18:30:09 231760 —-a-w- C:\Windows\system32\drivers\truecrypt.sys
2012-05-02 14:03:12 . 2012-05-02 14:03:12 23456 —-a-w- C:\Windows\system32\drivers\DrvAgent32.sys
2012-04-23 19:15:33 . 2012-04-23 19:15:33 53248 —-a-r- C:\Users\Fatih Sizer\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 —-a-w- C:\Windows\system32\GPhotos.scr
2012-03-20 18:44:12 . 2011-04-27 13:25:24 74112 —-a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12 . 2011-04-18 11:18:50 171064 —-a-w- C:\Windows\system32\drivers\MpFilter.sys
2012-03-20 01:53:24 . 2012-04-04 13:39:07 6582328 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{745680B5-A393-4698-9691-27444186F6AD}\mpengine.dll
2010-01-26 10:11:08 . 2011-12-17 16:42:47 444283 —-a-w- C:\Program Files\Common Files\WinPcapNmap.exe


((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51:30 3911776 —-a-w- C:\Program Files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\ConduitEngine.dll" [2010-12-09 11:51:30 3911776]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\ConduitEngine.dll" [2010-12-09 11:51:30 3911776]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="C:\Program Files\ManyCam\Bin\ManyCam.exe" [2012-04-20 11:46:16 2099064]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="D:\Logmein\x86\LogMeInSystray.exe" [2008-07-24 16:46:10 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 16:39:08 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\Windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 08:27:50 319488 —-a-w- C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-02-15 16:39:08 151552 —-a-w- C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-02-06 22:04:16 464168 —-a-w- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33:09 125952 —-a-w- C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36:46 30040 —-a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-11-15 14:58:26 151552 —-a-w- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46:10 63048 —ha-w- D:\Logmein\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 15:08:12 931200 —-a-w- C:\Program Files\Microsoft Security Client\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-06 18:00:00 8530464 —-a-w- C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-06 18:00:00 81920 —-a-w- C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-11-06 18:00:00 86016 —-a-w- C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 15:47:26 90448 —-a-w- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-02-15 09:07:16 4390912 —-a-w- C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-05-03 06:36:00 17355912 —-a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader]
2012-04-26 15:19:30 879616 —-a-w- D:\VDownloader\VDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48:22 57344 —-a-w- C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38:38 1008184 —-a-w- C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45:59 215552 —-a-w- C:\Windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33:39 202240 —-a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="D:\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 16:54:08 266343]


— Andere Services/Drivers In Geheugen —

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc


——- Bijkomende Scan ——-

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyServer = 123.131.44.66:8088
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file)
WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)

Ik mis het laatste loggedeelte.
Kijk in C:\Combofix.txt voor het log.
Selekteer nu alle tekst, kopieer het en plak de inhoud daarna in jouw volgende bericht.

Het hierboven logboek, is het hele logboek. Er staat verder niks van combifox.txt. Behalve het bovenste wat ik gisteren heb gepost.