Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Wie kan mij helpen, krijg deze virussen niet weg

None
15 antwoorden
  • Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.09.10.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    Thea :: PC_VAN_THEA [administrator]

    Realtime bescherming: Ingeschakeld

    10-9-2012 20:25:45
    mbam-log-2012-09-10 (20-25-45).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 188877
    Verstreken tijd: 6 minuut/minuten, 37 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 2
    C:\Windows\Installer\{2eedc29e-b925-5d31-fc4d-2ba87fdc24ab}\U\80000000.@ (Trojan.Small) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\Installer\{2eedc29e-b925-5d31-fc4d-2ba87fdc24ab}\U\800000cb.@ (Rootkit.0Access) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
  • Hallo Henk, dat ziet er niet goed uit!

    [b:9fa74b595c]Welk programma[/b:9fa74b595c]:
  • 12:01:41.0381 2044 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    12:01:41.0381 2044 ============================================================
    12:01:41.0381 2044 Current date / time: 2012/09/11 12:01:41.0381
    12:01:41.0381 2044 SystemInfo:
    12:01:41.0381 2044
    12:01:41.0381 2044 OS Version: 6.0.6002 ServicePack: 2.0
    12:01:41.0381 2044 Product type: Workstation
    12:01:41.0381 2044 ComputerName: PC_VAN_THEA
    12:01:41.0381 2044 UserName: Thea
    12:01:41.0381 2044 Windows directory: C:\Windows
    12:01:41.0381 2044 System windows directory: C:\Windows
    12:01:41.0381 2044 Processor architecture: Intel x86
    12:01:41.0381 2044 Number of processors: 1
    12:01:41.0381 2044 Page size: 0x1000
    12:01:41.0381 2044 Boot type: Normal boot
    12:01:41.0381 2044 ============================================================
    12:01:43.0518 2044 BG loaded
    12:01:44.0002 2044 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:01:44.0080 2044 Drive \Device\Harddisk5\DR5 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:01:44.0080 2044 ============================================================
    12:01:44.0080 2044 \Device\Harddisk0\DR0:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xBB47FC, BlocksNum 0x93E4375
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F98B71, BlocksNum 0x932BE06
    12:01:44.0080 2044 \Device\Harddisk5\DR5:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
    12:01:44.0080 2044 ============================================================
    12:01:44.0142 2044 C: <-> \Device\Harddisk0\DR0\Partition1
    12:01:44.0220 2044 D: <-> \Device\Harddisk0\DR0\Partition2
    12:01:44.0220 2044 ============================================================
    12:01:44.0220 2044 Initialize success
    12:01:44.0220 2044 ============================================================
    12:01:44.0298 1272 ============================================================
    12:01:44.0298 1272 Scan started
    12:01:44.0298 1272 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    12:01:44.0298 1272 ============================================================
    12:01:47.0325 1272 ================ Scan system memory ========================
    12:01:47.0325 1272 ================ Scan services =============================
    12:01:47.0808 1272 [ 23A1768E026A0FE499363E60151939B7 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    12:01:50.0429 1272 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]
  • Helaas - het log is niet compleet.
    De eindconclusie mist.
    Post het nogmaals.
  • 12:01:41.0381 2044 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    12:01:41.0381 2044 ============================================================
    12:01:41.0381 2044 Current date / time: 2012/09/11 12:01:41.0381
    12:01:41.0381 2044 SystemInfo:
    12:01:41.0381 2044
    12:01:41.0381 2044 OS Version: 6.0.6002 ServicePack: 2.0
    12:01:41.0381 2044 Product type: Workstation
    12:01:41.0381 2044 ComputerName: PC_VAN_THEA
    12:01:41.0381 2044 UserName: Thea
    12:01:41.0381 2044 Windows directory: C:\Windows
    12:01:41.0381 2044 System windows directory: C:\Windows
    12:01:41.0381 2044 Processor architecture: Intel x86
    12:01:41.0381 2044 Number of processors: 1
    12:01:41.0381 2044 Page size: 0x1000
    12:01:41.0381 2044 Boot type: Normal boot
    12:01:41.0381 2044 ============================================================
    12:01:43.0518 2044 BG loaded
    12:01:44.0002 2044 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:01:44.0080 2044 Drive \Device\Harddisk5\DR5 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:01:44.0080 2044 ============================================================
    12:01:44.0080 2044 \Device\Harddisk0\DR0:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xBB47FC, BlocksNum 0x93E4375
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F98B71, BlocksNum 0x932BE06
    12:01:44.0080 2044 \Device\Harddisk5\DR5:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
    12:01:44.0080 2044 ============================================================
    12:01:44.0142 2044 C: <-> \Device\Harddisk0\DR0\Partition1
    12:01:44.0220 2044 D: <-> \Device\Harddisk0\DR0\Partition2
    12:01:44.0220 2044 ============================================================
    12:01:44.0220 2044 Initialize success
    12:01:44.0220 2044 ============================================================
    12:01:44.0298 1272 ============================================================
    12:01:44.0298 1272 Scan started
    12:01:44.0298 1272 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    12:01:44.0298 1272 ============================================================
    12:01:47.0325 1272 ================ Scan system memory ========================
    12:01:47.0325 1272 ================ Scan services =============================
    12:01:47.0808 1272 [ 23A1768E026A0FE499363E60151939B7 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    12:01:50.0429 1272 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]
  • Sorry, maar ik selecteer echt alles…
  • 12:02:24.0499 1272 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\71329616.sys
    12:02:24.0499 1272 ============================================================
    12:02:24.0499 1272 Scan finished
    12:02:24.0499 1272 ============================================================
    12:02:25.0217 3552 Deinitialize success
    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    .
    ==============================================
    C:\TDSSStarter\Report_11-09-2012_1156_.log
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    ==============================================
    EOF
  • Dat is mooi, geen rootkit in de MBR.
    We kijken verder:

  • [hjt]
    combofix 12-09-11.02 - thea 11-09-2012 20:34:14.1.1 - x86
    microsoft® windows vista™ home basic 6.0.6002.2.1252.31.1043.18.767.273 [b:38b21de92e][gmt 2:00][/b:38b21de92e]
    gestart vanuit:
  • Bedankt!!!!!!!!!!!!!!!! Door alle tips van abraham54 is het mij gelukt de computer weer helemaal schoon te krijgen!
  • We zijn nog niet klaar hoor!

    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:b46eb805ac]Kladblok (of Notepad)[/b:b46eb805ac]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:b46eb805ac]
  • Hier het gevraagde combofix log. Heel erg bedankt voor je hulp:
    ComboFix 12-09-12.03 - Thea 13-09-2012 8:52.2.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.767.256 [GMT 2:00]
    Gestart vanuit: c:\users\Thea\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-08-13 to 2012-09-13 ))))))))))))))))))))))))))))))
    .
    .
    2012-09-13 07:07 . 2012-09-13 07:07 ——– d—–w- c:\users\Thea\AppData\Local\temp
    2012-09-13 07:07 . 2012-09-13 07:07 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-09-12 22:09 . 2012-09-13 06:22 56200 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D6E20A-2C30-4A76-811B-A1FB8E10DFAD}\offreg.dll
    2012-09-12 10:15 . 2012-02-09 12:17 713784 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A54E6B8-28E3-45F1-816A-CAB774D67C4F}\gapaengine.dll
    2012-09-12 10:01 . 2012-08-27 23:50 7022536 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D6E20A-2C30-4A76-811B-A1FB8E10DFAD}\mpengine.dll
    2012-09-12 09:51 . 2010-04-05 20:00 221568 —-a-w- c:\windows\system32\drivers
    etio.sys
    2012-09-11 12:44 . 2012-09-13 06:34 ——– d—–w- c:\users\Thea\AppData\Roaming\BrowserCompanion
    2012-09-11 09:56 . 2012-09-11 09:56 ——– d—–w- C:\TDSSKiller_Quarantine
    2012-09-11 09:55 . 2012-09-11 10:02 ——– d—–w- C:\TDSSStarter
    2012-09-11 08:15 . 2012-09-11 08:15 3584 —-a-r- c:\users\Thea\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2012-09-11 08:15 . 2012-09-11 08:15 ——– d—–w- c:\program files\Windows Installer Clean Up
    2012-09-11 08:09 . 2012-09-11 08:15 ——– d—–w- c:\program files\MSECACHE
    2012-09-10 13:42 . 2012-07-03 11:46 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-10 12:46 . 2012-09-10 13:57 ——– d—–w- c:\programdata\6F63A5BB0009B45A0C17EA48E56C34E5
    2012-09-09 18:32 . 2012-09-09 19:03 ——– d—–w- c:\programdata\clp
    2012-09-09 15:11 . 2012-09-09 15:11 ——– d—–w- c:\users\Thea\AppData\Local\ElevatedDiagnostics
    2012-09-08 18:31 . 2012-09-08 18:31 ——– d—–w- c:\users\Thea\AppData\Local\FixItCenter
    2012-09-08 18:29 . 2012-09-08 18:29 ——– d—–w- c:\program files\Microsoft Fix it Center
    2012-09-08 07:59 . 2012-09-12 09:52 ——– d—–w- c:\program files\Microsoft Security Client
    2012-09-08 07:47 . 2012-09-08 07:47 ——– d—–w- c:\users\Thea\AppData\Roaming\Malwarebytes
    2012-09-08 07:47 . 2012-09-08 07:47 ——– d—–w- c:\programdata\Malwarebytes
    2012-09-08 07:47 . 2012-09-10 13:42 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-16 08:59 . 2012-09-10 13:57 ——– d—–w- c:\programdata\6F63A5BB0009B45A0C17EA482F3B707C
    2012-08-16 08:58 . 2012-09-10 13:57 ——– d—–w- c:\users\Thea\AppData\Roaming\Tuosgy
    2012-08-16 08:58 . 2012-09-08 06:17 ——– d—–w- c:\users\Thea\AppData\Roaming\Biird
    2012-08-16 08:58 . 2012-08-16 08:58 ——– d—–w- c:\users\Thea\AppData\Roaming\Idve
    2012-08-16 08:28 . 2012-07-04 14:02 2047488 —-a-w- c:\windows\system32\win32k.sys
    2012-08-14 09:21 . 2012-06-29 08:44 6891424 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BC9C01C-8ABA-45BF-B18E-A245902C94D6}\mpengine.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-11 09:58 . 2009-09-24 08:51 279552 —-a-w- c:\windows\system32\services.exe
    2012-08-15 16:24 . 2012-05-06 09:13 426184 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 16:24 . 2011-11-03 09:45 70344 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\users\Thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    tcbhn.lnk - c:\users\Thea\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-6-28 695448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync
    estart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Thea^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3 .lnk]
    path=c:\users\Thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3 .lnk
    backup=c:\windows\pss\OpenOffice.org 2.3 .lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
    ??????????????e [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    2006-11-23 14:24 319488 —-a-w- c:\windows\System32\SysMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-14 23:04 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2006-11-17 07:26 453120 —-a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2007-06-28 17:54 120320 —-a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 14:30 249856 —-a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-06-19 23:04 13535776 —-a-w- c:\windows\System32
    vcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-06-19 23:04 92704 —-a-w- c:\windows\System32
    vmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2006-11-25 00:57 151552 ——w- c:\acer\Empowering Technology\eMode\PCM\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 20:16 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2006-11-09 02:57 3784704 —-a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2006-11-05 20:48 57344 —-a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 16:24]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 20:09]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 20:09]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://nl.intl.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-13 09:07
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-09-13 09:12:12
    ComboFix-quarantined-files.txt 2012-09-13 07:12
    ComboFix2.txt 2012-09-11 19:23
    .
    Pre-Run: 37.031.575.552 bytes beschikbaar
    Post-Run: 36.607.512.576 bytes beschikbaar
    .
    - - End Of File - - 6D797C3AF4A286C378239A86D481D882



  • Hoe gaat het nu?
  • Volgens mij gaat het goed! Bedankt!
  • Doe nu dan maar het volgende: een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:6017761037].
    [list:6017761037][*:6017761037] Klik/dubbelklik op [b:6017761037]SecurityCheck.exe[/b:6017761037] en let op de instrukties in het zwarte venster.
    [*:6017761037] Een Kladblok document genaamd [b:6017761037]checkup.txt[/b:6017761037] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:6017761037] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:6017761037]
    Post de inhoud van [b:6017761037]checkup.txt [/b:6017761037]in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.