Vraag & Antwoord

Beveiliging & privacy

Wie kan mij helpen, krijg deze virussen niet weg

Anoniem
None
15 antwoorden
  • Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.09.10.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    Thea :: PC_VAN_THEA [administrator]

    Realtime bescherming: Ingeschakeld

    10-9-2012 20:25:45
    mbam-log-2012-09-10 (20-25-45).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 188877
    Verstreken tijd: 6 minuut/minuten, 37 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 2
    C:\Windows\Installer\{2eedc29e-b925-5d31-fc4d-2ba87fdc24ab}\U\80000000.@ (Trojan.Small) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Windows\Installer\{2eedc29e-b925-5d31-fc4d-2ba87fdc24ab}\U\800000cb.@ (Rootkit.0Access) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
  • Hallo Henk, dat ziet er niet goed uit!

    [b:9fa74b595c]Welk programma[/b:9fa74b595c]:
  • 12:01:41.0381 2044 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    12:01:41.0381 2044 ============================================================
    12:01:41.0381 2044 Current date / time: 2012/09/11 12:01:41.0381
    12:01:41.0381 2044 SystemInfo:
    12:01:41.0381 2044
    12:01:41.0381 2044 OS Version: 6.0.6002 ServicePack: 2.0
    12:01:41.0381 2044 Product type: Workstation
    12:01:41.0381 2044 ComputerName: PC_VAN_THEA
    12:01:41.0381 2044 UserName: Thea
    12:01:41.0381 2044 Windows directory: C:\Windows
    12:01:41.0381 2044 System windows directory: C:\Windows
    12:01:41.0381 2044 Processor architecture: Intel x86
    12:01:41.0381 2044 Number of processors: 1
    12:01:41.0381 2044 Page size: 0x1000
    12:01:41.0381 2044 Boot type: Normal boot
    12:01:41.0381 2044 ============================================================
    12:01:43.0518 2044 BG loaded
    12:01:44.0002 2044 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:01:44.0080 2044 Drive \Device\Harddisk5\DR5 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:01:44.0080 2044 ============================================================
    12:01:44.0080 2044 \Device\Harddisk0\DR0:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xBB47FC, BlocksNum 0x93E4375
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F98B71, BlocksNum 0x932BE06
    12:01:44.0080 2044 \Device\Harddisk5\DR5:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
    12:01:44.0080 2044 ============================================================
    12:01:44.0142 2044 C: <-> \Device\Harddisk0\DR0\Partition1
    12:01:44.0220 2044 D: <-> \Device\Harddisk0\DR0\Partition2
    12:01:44.0220 2044 ============================================================
    12:01:44.0220 2044 Initialize success
    12:01:44.0220 2044 ============================================================
    12:01:44.0298 1272 ============================================================
    12:01:44.0298 1272 Scan started
    12:01:44.0298 1272 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    12:01:44.0298 1272 ============================================================
    12:01:47.0325 1272 ================ Scan system memory ========================
    12:01:47.0325 1272 ================ Scan services =============================
    12:01:47.0808 1272 [ 23A1768E026A0FE499363E60151939B7 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    12:01:50.0429 1272 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - [b:e6ed417ac7]
  • Helaas - het log is niet compleet.
    De eindconclusie mist.
    Post het nogmaals.
  • 12:01:41.0381 2044 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    12:01:41.0381 2044 ============================================================
    12:01:41.0381 2044 Current date / time: 2012/09/11 12:01:41.0381
    12:01:41.0381 2044 SystemInfo:
    12:01:41.0381 2044
    12:01:41.0381 2044 OS Version: 6.0.6002 ServicePack: 2.0
    12:01:41.0381 2044 Product type: Workstation
    12:01:41.0381 2044 ComputerName: PC_VAN_THEA
    12:01:41.0381 2044 UserName: Thea
    12:01:41.0381 2044 Windows directory: C:\Windows
    12:01:41.0381 2044 System windows directory: C:\Windows
    12:01:41.0381 2044 Processor architecture: Intel x86
    12:01:41.0381 2044 Number of processors: 1
    12:01:41.0381 2044 Page size: 0x1000
    12:01:41.0381 2044 Boot type: Normal boot
    12:01:41.0381 2044 ============================================================
    12:01:43.0518 2044 BG loaded
    12:01:44.0002 2044 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    12:01:44.0080 2044 Drive \Device\Harddisk5\DR5 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:01:44.0080 2044 ============================================================
    12:01:44.0080 2044 \Device\Harddisk0\DR0:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xBB47FC, BlocksNum 0x93E4375
    12:01:44.0080 2044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F98B71, BlocksNum 0x932BE06
    12:01:44.0080 2044 \Device\Harddisk5\DR5:
    12:01:44.0080 2044 MBR partitions:
    12:01:44.0080 2044 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
    12:01:44.0080 2044 ============================================================
    12:01:44.0142 2044 C: <-> \Device\Harddisk0\DR0\Partition1
    12:01:44.0220 2044 D: <-> \Device\Harddisk0\DR0\Partition2
    12:01:44.0220 2044 ============================================================
    12:01:44.0220 2044 Initialize success
    12:01:44.0220 2044 ============================================================
    12:01:44.0298 1272 ============================================================
    12:01:44.0298 1272 Scan started
    12:01:44.0298 1272 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    12:01:44.0298 1272 ============================================================
    12:01:47.0325 1272 ================ Scan system memory ========================
    12:01:47.0325 1272 ================ Scan services =============================
    12:01:47.0808 1272 [ 23A1768E026A0FE499363E60151939B7 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    12:01:50.0429 1272 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - [b:03932c4bcf]
  • Sorry, maar ik selecteer echt alles…
  • 12:02:24.0499 1272 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\71329616.sys
    12:02:24.0499 1272 ============================================================
    12:02:24.0499 1272 Scan finished
    12:02:24.0499 1272 ============================================================
    12:02:25.0217 3552 Deinitialize success
    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    .
    ==============================================
    C:\TDSSStarter\Report_11-09-2012_1156_.log
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    ==============================================
    EOF
  • Dat is mooi, geen rootkit in de MBR.
    We kijken verder:

  • [hjt]
    combofix 12-09-11.02 - thea 11-09-2012 20:34:14.1.1 - x86
    microsoft® windows vista™ home basic 6.0.6002.2.1252.31.1043.18.767.273 [b:38b21de92e][gmt 2:00][/b:38b21de92e]
    gestart vanuit:
  • Bedankt!!!!!!!!!!!!!!!! Door alle tips van abraham54 is het mij gelukt de computer weer helemaal schoon te krijgen!
  • We zijn nog niet klaar hoor!

    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:b46eb805ac]Kladblok (of Notepad)[/b:b46eb805ac]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:b46eb805ac]
  • Hier het gevraagde combofix log. Heel erg bedankt voor je hulp:
    ComboFix 12-09-12.03 - Thea 13-09-2012 8:52.2.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.767.256 [GMT 2:00]
    Gestart vanuit: c:\users\Thea\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-08-13 to 2012-09-13 ))))))))))))))))))))))))))))))
    .
    .
    2012-09-13 07:07 . 2012-09-13 07:07 ——– d—–w- c:\users\Thea\AppData\Local\temp
    2012-09-13 07:07 . 2012-09-13 07:07 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-09-12 22:09 . 2012-09-13 06:22 56200 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D6E20A-2C30-4A76-811B-A1FB8E10DFAD}\offreg.dll
    2012-09-12 10:15 . 2012-02-09 12:17 713784 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A54E6B8-28E3-45F1-816A-CAB774D67C4F}\gapaengine.dll
    2012-09-12 10:01 . 2012-08-27 23:50 7022536 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2D6E20A-2C30-4A76-811B-A1FB8E10DFAD}\mpengine.dll
    2012-09-12 09:51 . 2010-04-05 20:00 221568 —-a-w- c:\windows\system32\drivers\netio.sys
    2012-09-11 12:44 . 2012-09-13 06:34 ——– d—–w- c:\users\Thea\AppData\Roaming\BrowserCompanion
    2012-09-11 09:56 . 2012-09-11 09:56 ——– d—–w- C:\TDSSKiller_Quarantine
    2012-09-11 09:55 . 2012-09-11 10:02 ——– d—–w- C:\TDSSStarter
    2012-09-11 08:15 . 2012-09-11 08:15 3584 —-a-r- c:\users\Thea\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2012-09-11 08:15 . 2012-09-11 08:15 ——– d—–w- c:\program files\Windows Installer Clean Up
    2012-09-11 08:09 . 2012-09-11 08:15 ——– d—–w- c:\program files\MSECACHE
    2012-09-10 13:42 . 2012-07-03 11:46 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-10 12:46 . 2012-09-10 13:57 ——– d—–w- c:\programdata\6F63A5BB0009B45A0C17EA48E56C34E5
    2012-09-09 18:32 . 2012-09-09 19:03 ——– d—–w- c:\programdata\clp
    2012-09-09 15:11 . 2012-09-09 15:11 ——– d—–w- c:\users\Thea\AppData\Local\ElevatedDiagnostics
    2012-09-08 18:31 . 2012-09-08 18:31 ——– d—–w- c:\users\Thea\AppData\Local\FixItCenter
    2012-09-08 18:29 . 2012-09-08 18:29 ——– d—–w- c:\program files\Microsoft Fix it Center
    2012-09-08 07:59 . 2012-09-12 09:52 ——– d—–w- c:\program files\Microsoft Security Client
    2012-09-08 07:47 . 2012-09-08 07:47 ——– d—–w- c:\users\Thea\AppData\Roaming\Malwarebytes
    2012-09-08 07:47 . 2012-09-08 07:47 ——– d—–w- c:\programdata\Malwarebytes
    2012-09-08 07:47 . 2012-09-10 13:42 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-16 08:59 . 2012-09-10 13:57 ——– d—–w- c:\programdata\6F63A5BB0009B45A0C17EA482F3B707C
    2012-08-16 08:58 . 2012-09-10 13:57 ——– d—–w- c:\users\Thea\AppData\Roaming\Tuosgy
    2012-08-16 08:58 . 2012-09-08 06:17 ——– d—–w- c:\users\Thea\AppData\Roaming\Biird
    2012-08-16 08:58 . 2012-08-16 08:58 ——– d—–w- c:\users\Thea\AppData\Roaming\Idve
    2012-08-16 08:28 . 2012-07-04 14:02 2047488 —-a-w- c:\windows\system32\win32k.sys
    2012-08-14 09:21 . 2012-06-29 08:44 6891424 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BC9C01C-8ABA-45BF-B18E-A245902C94D6}\mpengine.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-11 09:58 . 2009-09-24 08:51 279552 —-a-w- c:\windows\system32\services.exe
    2012-08-15 16:24 . 2012-05-06 09:13 426184 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 16:24 . 2011-11-03 09:45 70344 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" [?]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\users\Thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    tcbhn.lnk - c:\users\Thea\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-6-28 695448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Thea^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3 .lnk]
    path=c:\users\Thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3 .lnk
    backup=c:\windows\pss\OpenOffice.org 2.3 .lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
    ??????????????e [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    2006-11-23 14:24 319488 —-a-w- c:\windows\System32\SysMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-14 23:04 39792 —-a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2006-11-17 07:26 453120 —-a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2007-06-28 17:54 120320 —-a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-08-11 14:30 249856 —-a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-06-19 23:04 13535776 —-a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-06-19 23:04 92704 —-a-w- c:\windows\System32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2006-11-25 00:57 151552 ——w- c:\acer\Empowering Technology\eMode\PCM\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 20:16 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2006-11-09 02:57 3784704 —-a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 10:59 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2006-11-05 20:48 57344 —-a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 16:24]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 20:09]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 20:09]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://nl.intl.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-13 09:07
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-09-13 09:12:12
    ComboFix-quarantined-files.txt 2012-09-13 07:12
    ComboFix2.txt 2012-09-11 19:23
    .
    Pre-Run: 37.031.575.552 bytes beschikbaar
    Post-Run: 36.607.512.576 bytes beschikbaar
    .
    - - End Of File - - 6D797C3AF4A286C378239A86D481D882
  • Hoe gaat het nu?
  • Volgens mij gaat het goed! Bedankt!
  • Doe nu dan maar het volgende: een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:6017761037].
    [list:6017761037][*:6017761037] Klik/dubbelklik op [b:6017761037]SecurityCheck.exe[/b:6017761037] en let op de instrukties in het zwarte venster.
    [*:6017761037] Een Kladblok document genaamd [b:6017761037]checkup.txt[/b:6017761037] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:6017761037] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:6017761037]
    Post de inhoud van [b:6017761037]checkup.txt [/b:6017761037]in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.